April 17th. The second and final day of SUGCON Europe 2026.
If Day 1 set the strategic direction, and there was a lot to absorb, Day 2 was where things got personal. This was the day Ramkumar and I took the stage to present our work at Altudo. More on that below. But first, the sessions.
MCP: What the P Is That, and How Does It Relate to Sitecore?
[Morten Ljungberg, Sales Engineer, Sitecore]
The title alone got the room warmed up. But behind the humour was one of the more practically useful sessions of the day. Morten walked through what MCP (Model Context Protocol) actually is, cut through the noise, and mapped it to where it matters in the Sitecore ecosystem today.
The core value proposition is architectural: MCP gives AI agents a standardised way to discover and interact with platform capabilities, without bespoke integration work for every tool and every model. For Sitecore specifically, that means content operations, personalisation rules, assets, and page management become addressable by any compliant AI agent, including the ones you build yourself.
What made the session land was the roadmap angle. Morten gave a clear signal on where Sitecore is taking MCP support across its platforms, and for those of us already building on the Marketer MCP Server, that context is directly useful. I've been working with MCP as part of our own tooling at Altudo, so this session was very much on my radar. Congrats to Morten for making a genuinely complex protocol feel approachable without dumbing it down.
Microsoft Agent Framework and Sitecore
[Peter Clisby, VP Platforms & AI, Remarkable]
Day 2 opened strong. Peter Clisby packed a serious amount of substance into 15 minutes on the Microsoft Agent Framework, built on Semantic Kernel and AutoGen, sitting above the LLM layer. The framing that stuck with me: it's the car, not the engine. The underlying model (Claude, GPT, Gemini, self-hosted) is swappable. That's the right architectural posture for anyone building production AI systems right now, where model selection is still volatile.
The Sitecore integration angle gave it practical grounding. One distinction worth remembering from this session: MCP (Model Context Protocol) standardises how an agent connects to tools and data sources; A2A (Agent to Agent) standardises how agents talk to other agents across platforms and organisations. Complementary, not competing. Congrats to Peter for one of the tightest lightning talks of the conference.
Securing SitecoreAI with Fine-Grained Authorisation
[Sergey Baranov, Sitecore Solution Architect, Brimit - Technology MVP]
This one addressed something the community hasn't talked about enough: what happens to your access control model when you add AI agents into the picture.
The short version: RBAC works cleanly in Sitecore XP. Add AI agents, SaaS integration points, and scale, and it breaks. The answer Sergey proposed is ReBAC (Relationship-Based Access Control), the model Google uses with Zanzibar — managing permissions as graph relationships rather than role assignments. He demoed SpiceDB (an open-source Zanzibar implementation) applied as a guardrail layer for SitecoreAI.
The OWASP Top 10 for LLM Applications framing at the start was a useful anchor. Security for AI systems isn't a new category, it's the same discipline applied to a new threat surface. Worth watching the recording.
Our Session: Transforming Content Operations with SitecoreAI at Altudo
[Miguel Minoldo & Ramkumar - Altudo]
This was the session I'd been preparing for. Ramkumar and I presented how we're helping clients at Altudo move from manual content bottlenecks to autonomous, agent-driven content operations, without writing a single line of custom code.
The live demo was the centrepiece: n8n orchestrating workflows, the Agent API handling content intelligence, Sitecore MCP connecting everything to the platform, and the Marketplace as the extensibility layer tying it together. Content audits automated by AI Agents. Visual approval workflows replacing email chains. Content gap analysis running in the background. All of it wired up and running live in front of the room.
I'll be honest, live demos at conferences are where things go wrong. This one held together. The room was engaged and the questions afterwards were the right kind: specific, technical, implementation-focused. That's the signal that the content landed.
For a deeper look at what we built and the architectural decisions behind it, read the full write-up here.
Your Content Model Is Blocking AI
[Vasiliy Fomichev, Sitecore MVP, Head of Digital AI Solutions, Zont Digital]
This was a lightning talk that deserved more time. Vasiliy made an argument I've been making in client conversations for a while, but rarely hear stated this clearly at a conference: most AI initiatives don't stall because of tooling or prompts, they stall because the content was never structured for machine understanding in the first place.
Page-centric, presentation-driven content models are the silent killer. They made sense when humans were the only consumers of content. They fall apart the moment an AI agent needs to discover, reuse, or reason across that content at scale. The patterns Vasiliy flagged, deeply nested component structures, content locked into layout context, no semantic separation between presentation and meaning, are things I recognise from almost every enterprise content audit I've been involved in.
The practical takeaway: before you invest in AI tooling, audit your content model. If it was designed for a page editor, it probably wasn't designed for an AI agent. Congrats to Vasiliy for a talk that will make people go back to their desks and ask uncomfortable questions about their own implementations.
Vibesitecoring: From Figma to Sitecore with Zero Lines of Code
[Volodymyr Nikitin, CEO, EXDST - representing Anton Tishchenko, Sitecore MVP & co-founder, EXDST]
Anton couldn't make it to London in person, which was a shame, but Volodymyr stepped up and the session delivered.
The premise is one that will resonate with anyone who's sat through the back-and-forth between design and development on a Sitecore project: take a Figma design, write a single prompt, and let an AI agent handle the rest, datasource template, rendering parameters template, the rendering itself, test page, test datasource, and component code. All of it. The stack they've built runs on Cursor, Anthropic LLMs, and a combination of the community-built Sitecore MCP server, the Figma MCP, and Chrome.
What's interesting architecturally is the distinction they draw between the community Sitecore MCP server and Sitecore's own official Marketer MCP server. They're not competing, they cover different surface areas. For content management and translation tasks, the official server works well. For development tasks like component generation from Figma, the community server still fills the gap. That gap is closing, but it isn't closed yet.
This session had history behind it, first presented at SUG Jaipur back in October 2025, and evolved meaningfully since. The "vibesitecoring" framing is tongue-in-cheek but the substance is real: they've already saved significant development hours on live projects and are building out best practices across different implementations. Early stage, but the direction is clear.
Given that our own session at Altudo is built on MCP as a core orchestration layer, this one was directly relevant to work we're doing. The community-driven approach to extending Sitecore's AI surface area is exactly the kind of ecosystem building that makes the Marketplace credible.
Building SitecoreAI-Based Portals with Extranet Security Through a Marketplace App
[Jesper Balle, Sitecore MVP, Partner, asmblii]
This session tackled one of the more genuinely awkward architectural problems in the headless Sitecore world: how do you enforce granular content permissions when your content is pre-rendered and distributed via Experience Edge?
It's a problem that comes up on almost any portal or extranet project. Traditional access control assumptions break down when there's no server-side request to intercept. Content is cached and delivered at the edge, by design. Adding a permission layer on top of that without killing performance or flexibility is not a trivial engineering problem.
Jesper walked through how asmblii's Marketplace App addresses this directly: dynamic permission enforcement across portals and gated content scenarios, built on SitecoreAI and published through the Marketplace. The session included a real-world implementation for JRE, Jeunes Restaurateurs, which gave it the grounding that architectural talks often lack. Seeing the design principles applied to an actual client case is where this kind of content earns its credibility.
The Content SDK deep dive as context was well-placed. The permission complexity Jesper described isn't a Sitecore-specific quirk, it's inherent to headless, edge-first architectures. What's interesting here is the Marketplace as the distribution model: rather than each partner solving this independently, a shared, installable app becomes the pattern. That's the right direction.
For architects and developers dealing with portal or extranet requirements on SitecoreAI, this session is worth tracking down when the recording surfaces. Congrats to Jesper for a technically solid talk that addressed a real gap.
Closing Thoughts
Day 2 confirmed what Day 1 started to establish: this was a SUGCON with genuine substance. The AI narrative wasn't just keynote positioning, it ran through the technical sessions, the customer stories, and the community conversations in the corridors.
The content model talk, the migration middle-state session, the post-quantum security warning, these are the kinds of sessions that push the community forward. Not just "here's what Sitecore shipped," but "here's what you need to be thinking about before your next project starts."
And personally, getting to present alongside Ramkumar, showing real work, running a live demo, fielding good questions, is exactly why showing up in person at these events still matters.
See you at the next one.
Missed Day 1? Read the recap here.
Want to see the demo from our session? Get in touch.
