​

BADCamp has always been a community-first event where ideas, experimentation, and practical knowledge-sharing thrive. This year, it’s also where Drupal’s AI conversation gets very real.

From a focused, three-hour AI Summit to a range of practical sessions across the camp, AI is showing up in force at BADCamp 2025. Whether you're a site builder, developer, themer, or content strategist, there's something here for you.

The AI Summit: Community and Possibility

Friday morning, October 25, BADCamp is hosting a special three-hour AI Summit. This unconference-style session will give the Drupal community a space to explore how we’re using AI in the real world and where we want to take it next.

It’s not a keynote. It’s not a showcase. It’s a collaborative working session where the participants set the agenda. The goal is to move the conversation forward by grounding it in actual experience. What’s working, what isn’t, and what’s needed.

Details here: AI Summit at BADCamp

Drupal AI Initiative in the Spotlight

The Drupal AI Strategic Initiative will also be well represented. I'll be leading a hands-on session that shows how anyone can integrate private AI tools into their Drupal site without writing code:

• Getting Hands-On with DrupalAI: Build Smarter Sites with Zero Code
  – J. Matthew Saunders, Initiative Marketing Specialist

Kristen Pol will provide a look at the bigger picture, including how the initiative is positioning Drupal for the future:

• Accelerating Innovation: The Drupal AI Initiative
  – Kristen Pol, Initiative Co-Lead
   

AI Topics Across the Camp

BADCamp isn’t just featuring AI. It’s threading it through the whole program. Here are some of the other sessions digging into what AI can do in and around Drupal:

• 3 Ways to Use AI in Drupal: Chatbots, Smart Search, and Code Generation – Salim Lakhani
• Building Smart Content Moderation in Drupal: AI-Powered Spam Detection and Community Tools – Prabhakar Singh
• AI + Headless Drupal – Jordan Koplowicz
• Creating an AI Chatbot in Drupal the Easy Way – Jordan Koplowicz
• Preparing Your Pipeline for the AI Revolution – James Sansbury
• Quick and Easy Migrations and Upgrades Using AI – Luke McCormick
• Preparing for the Future: AI, the Changing Consumption Landscape, and Combating AI Threats – Steve Carlson

AI is no longer on the sidelines. The Drupal community is actively shaping how open source, ethical, and privacy-respecting AI tools can work in real content workflows.

If you're curious about where Drupal and AI meet, BADCamp is the place to see it all in motion. This isn’t about someday. It’s about what you can do right now.

badcamp.org

​

BADCamp has always been a community-first event where ideas, experimentation, and practical knowledge-sharing thrive. This year, it’s also where Drupal’s AI conversation gets very real.

From a focused, three-hour AI Summit to a range of practical sessions across the camp, AI is showing up in force at BADCamp 2025. Whether you're a site builder, developer, themer, or content strategist, there's something here for you.

The AI Summit: Community and Possibility

Friday morning, October 25, BADCamp is hosting a special three-hour AI Summit. This unconference-style session will give the Drupal community a space to explore how we’re using AI in the real world and where we want to take it next.

It’s not a keynote. It’s not a showcase. It’s a collaborative working session where the participants set the agenda. The goal is to move the conversation forward by grounding it in actual experience. What’s working, what isn’t, and what’s needed.

Details here: AI Summit at BADCamp

Drupal AI Initiative in the Spotlight

The Drupal AI Strategic Initiative will also be well represented. I'll be leading a hands-on session that shows how anyone can integrate private AI tools into their Drupal site without writing code:

• Getting Hands-On with DrupalAI: Build Smarter Sites with Zero Code
  – J. Matthew Saunders, Initiative Marketing Specialist

Kristen Pol will provide a look at the bigger picture, including how the initiative is positioning Drupal for the future:

• Accelerating Innovation: The Drupal AI Initiative
  – Kristen Pol, Initiative Co-Lead
   

AI Topics Across the Camp

BADCamp isn’t just featuring AI. It’s threading it through the whole program. Here are some of the other sessions digging into what AI can do in and around Drupal:

• 3 Ways to Use AI in Drupal: Chatbots, Smart Search, and Code Generation – Salim Lakhani
• Building Smart Content Moderation in Drupal: AI-Powered Spam Detection and Community Tools – Prabhakar Singh
• AI + Headless Drupal – Jordan Koplowicz
• Creating an AI Chatbot in Drupal the Easy Way – Jordan Koplowicz
• Preparing Your Pipeline for the AI Revolution – James Sansbury
• Quick and Easy Migrations and Upgrades Using AI – Luke McCormick
• Preparing for the Future: AI, the Changing Consumption Landscape, and Combating AI Threats – Steve Carlson

AI is no longer on the sidelines. The Drupal community is actively shaping how open source, ethical, and privacy-respecting AI tools can work in real content workflows.

If you're curious about where Drupal and AI meet, BADCamp is the place to see it all in motion. This isn’t about someday. It’s about what you can do right now.

badcamp.org

November 17–19, 2025 | Nara, Japan

The energy is building in Asia. Following July's groundbreaking first-ever Contribution Day in Tokyo—where developers, translators, and UX experts came together to push Drupal forward—that momentum is heading straight to one of Japan's most culturally rich cities.

Innovation Meets Tradition

Set against Nara's stunning temples and serene gardens, DrupalCon Nara offers something truly special: a chance to experience cutting-edge digital innovation in a setting that's steeped in centuries of craftsmanship and attention to detail. It's the perfect backdrop for a community that values both technological excellence and thoughtful design.

What makes Nara unique:

• Bilingual sessions in Japanese and English, reflecting Drupal's truly global nature

• Vibrant Contribution Day building on Tokyo's success, where every skill level finds a way to make an impact

• Cultural immersion opportunities that remind us why diverse perspectives make better software

• Intimate scale that makes every conversation meaningful and every connection genuine

Building Bridges Across Asia

The Drupal Asia Agency Leaders Dinner isn't just networking—it's ecosystem building. Agency leaders and service providers from across the region will gather for an evening designed to spark collaborations, share market insights, and explore opportunities that benefit the entire Asian Drupal community.

With limited seats available, this exclusive gathering represents a unique opportunity to shape the future of Drupal adoption across one of the world's most dynamic regions.

Your Gateway to the Asian Drupal Renaissance

Nara represents more than a conference—it's a celebration of how the open source movement thrives when it embraces local culture while maintaining global standards. Whether you're contributing code, sharing strategies, or simply soaking in the unique energy of Japan's Drupal community, you'll leave with perspectives that transform how you approach digital challenges.

The combination of Japan's meticulous attention to detail and Drupal's flexible architecture creates something special. Come see what happens when two cultures of excellence collide.

Ready for Nara? Register now and secure your spot.

Register today

The Early Bird registration is now open for the largest Drupal event in North America, DrupalCon Chicago 2026, happening March 23–26, 2026 in Chicago, Illinois. Don’t miss your chance to connect, learn, and celebrate with the global Drupal community.

For a limited time, secure your DrupalCon Chicago registration for just $575—the lowest price available!

Learn more and register now to get your ticket at the lowest price!

Don’t miss your chance to connect, learn, and celebrate with the global Drupal community.

When you buy a conference ticket, you’ll get access to:

• DrupalCon opening reception
• All general conference sessions
• All contribution sessions
• Keynote speakers, access to the Expo Hall, and raffle contest
• Trivia Night
• Lunch and coffee breaks
• Networking and mentorship

View the program at a glance now.

Stay at DrupalCon Chicago 2026 Headquarters

Make the most of your DrupalCon experience by staying at the Hilton Chicago, the official DrupalCon hotel.

DrupalCon is more than just sessions. The real magic happens in hallway track conversations, late-night discussions, and spontaneous coffee meetups. Book the conference hotel to stay close to it all.

Book your room at Hilton Chicago!!

DrupalCon Chicago 2026 Call For Speakers Deadline Approaching Soon

The Drupal Association is dedicated to creating an event that is welcoming and inclusive to everyone. The Call for Speakers for DrupalCon Chicago 2026 submission deadline is almost here!

Submitters may edit their submissions until 26 September 2025, 11:59 pm Central Time.

Submit your session soon!

We’re thrilled to introduce Glenn Hilton, one of the newest members elected to the Drupal Association Board, with his term beginning 1 November 2025.

Glenn is the Founder and CEO of ImageX, a Drupal agency that he established in 2001. Over more than two decades of leadership, Glenn has combined creativity with community to guide both his company and his career. His passion for open source and collaboration has made him an active participant in the Drupal community for more than ten years.

Beyond his role as CEO, Glenn is deeply committed to building strong teams and helping people reach their full potential. He believes that lasting success comes from relationships and from creating environments where individuals and communities can thrive.

We are thrilled to have Glenn bring this perspective to the Board. Here are his thoughts as he begins this new chapter:

What are you most excited about when it comes to joining the Drupal Association Board?
I'm excited to help shape the business strategy that ensures the long-term sustainability of the Drupal ecosystem. It is a unique opportunity to bridge the gap between agencies, contributors, and end clients while keeping Drupal both innovative and commercially viable.

What do you hope to accomplish during your time on the board?
I want to strengthen feedback loops with agencies and enterprise users so that we have stronger data to help us better understand and support the needs of those investing in Drupal. I also hope to help expand Drupal’s reach by improving how we communicate its value and create new paths for commercial growth.

What specific skill or perspective do you contribute to the board?
As CEO of a long-standing Drupal agency, I bring a business-first perspective rooted in delivery, growth strategy, and client expectations. With more than 20 years in leadership, I focus on scalable teams, efficient operations, and long-term partnerships.

How has Drupal impacted your life or career?
Drupal changed the trajectory of my agency and gave me a career grounded in purpose, global collaboration, and community. It is more than a platform, it is a values-driven ecosystem where even competitors work together with integrity and a shared mission.

Tell us something that the Drupal community might not know about you.
Outside of work, I am a real estate and architecture enthusiast and probably spend too much time analyzing floor plans. I have four amazing kids, one grandchild, a wonderful wife, and a deep passion for my faith in Jesus Christ.

Share a favorite quote or piece of advice that has inspired you.
“Leadership is not about being in charge. It is about taking care of those in your charge.” — Simon Sinek

We look forward to the contributions Glenn will make during his time on the Drupal Association Board. Thank you, Glenn, for sharing your time and expertise with the Drupal community. You can connect with Glenn on LinkedIn.

About the Drupal Association Board of Directors

The Drupal Association Board of Directors comprises 13 members with nine nominated for staggered three-year terms, two elected by Drupal Association members, and one seat is reserved for the Drupal Project Founder, Dries Buytaert. One seat  is reserved for the immediate past chair as a non-voting member. All Board terms start on 1 November of each year.

The Board meets twice in person for weekend retreat and about 5 times virtually each year.  The Board provides strategic guidance to the Drupal Association and oversight of the Association’s management, policy development, management, budget, and fundraising efforts.

We’re thrilled to introduce Glenn Hilton, one of the newest members elected to the Drupal Association Board, with her term beginning 1 November 2025.

Glenn is the Founder and CEO of ImageX, a Drupal agency that he established in 2001. Over more than two decades of leadership, Glenn has combined creativity with community to guide both his company and his career. His passion for open source and collaboration has made him an active participant in the Drupal community for more than ten years.

Beyond his role as CEO, Glenn is deeply committed to building strong teams and helping people reach their full potential. He believes that lasting success comes from relationships and from creating environments where individuals and communities can thrive.

We are thrilled to have Glenn bring this perspective to the Board. Here are his thoughts as he begins this new chapter:

What are you most excited about when it comes to joining the Drupal Association Board?
I'm excited to help shape the business strategy that ensures the long-term sustainability of the Drupal ecosystem. It is a unique opportunity to bridge the gap between agencies, contributors, and end clients while keeping Drupal both innovative and commercially viable.

What do you hope to accomplish during your time on the board?
I want to strengthen feedback loops with agencies and enterprise users so that we have stronger data to help us better understand and support the needs of those investing in Drupal. I also hope to help expand Drupal’s reach by improving how we communicate its value and create new paths for commercial growth.

What specific skill or perspective do you contribute to the board?
As CEO of a long-standing Drupal agency, I bring a business-first perspective rooted in delivery, growth strategy, and client expectations. With more than 20 years in leadership, I focus on scalable teams, efficient operations, and long-term partnerships.

How has Drupal impacted your life or career?
Drupal changed the trajectory of my agency and gave me a career grounded in purpose, global collaboration, and community. It is more than a platform, it is a values-driven ecosystem where even competitors work together with integrity and a shared mission.

Tell us something that the Drupal community might not know about you.
Outside of work, I am a real estate and architecture enthusiast and probably spend too much time analyzing floor plans. I have four amazing kids, one grandchild, a wonderful wife, and a deep passion for my faith in Jesus Christ.

Share a favorite quote or piece of advice that has inspired you.
“Leadership is not about being in charge. It is about taking care of those in your charge.” — Simon Sinek

We look forward to the contributions Glenn will make during her time on the Drupal Association Board. Thank you, Glenn, for sharing your time and expertise with the Drupal community. You can connect with Glenn on LinkedIn.

About the Drupal Association Board of Directors

The Drupal Association Board of Directors comprises 13 members with nine nominated for staggered three-year terms, two elected by Drupal Association members, and one seat is reserved for the Drupal Project Founder, Dries Buytaert. One seat  is reserved for the immediate past chair as a non-voting member. All Board terms start on 1 November of each year.

The Board meets twice in person for weekend retreat and about 5 times virtually each year.   The Board provides strategic guidance to the Drupal Association and oversight of the Association’s management, policy development, management, budget, and fundraising efforts.

At the time of writing there are 7,151 reported installs of Drupal AI and adoption is accelerating. Every day, new examples emerge of how Drupal AI helps teams tackle real-world business challenges, optimise content management, streamline workflows, and improve user experiences. Yet, with so many organisations adopting Drupal AI, it can be challenging to uncover every use case.

Be the next Drupal AI success story - Share your innovation

We want to hear from you! If your organization is using Drupal AI—whether you are a Drupal Certified Partner, AI Maker, agency, end customer, or an independent consultant—we invite you to share your story. You could be featured in a guest blog post or invited to participate in a webinar, helping others understand the practical applications of AI.

Get in touch to let us know how you are putting Drupal AI to work.

Drupal AI in action: examples from local government and education

Southwark Council, London: is transforming how it brings content online. Their digital estate holds over 2,000 PDFs, most designed for print rather than web consumption. A new AI PDF Importer, developed for the LocalGov Drupal, is helping convert these static documents into accessible, structured, and user-friendly web content. By integrating AI-powered automation, the project addresses pagination, heading hierarchies, image extraction, and link mapping, reducing a process that previously took hours to just seconds, and making vital information more accessible for residents.

University of Edinburgh, Scotland: has developed an AI tool, created during an internship, integrated into its Drupal-based content management system, EdWeb. Leveraging Drupal AI and a new “AI Agents” framework, the tool allows content editors to interact with specialised AI agents, such as a style guide agent and a site maintenance agent. These agents access trusted university resources, including the editorial style guide and acronym database, to provide context-aware guidance and support for publishers.

Artevelde University of Applied Sciences, Ghent, Belgium: is advancing knowledge on AI-assisted development through student contributions. Witze Van der Straeten has published a tutorial on converting Figma designs into Drupal components, illustrating how Drupal AI can significantly accelerate the process of turning designs into functional solutions.

These examples demonstrate the broad range of applications for Drupal AI, from local government to higher education and the wider ICT community, showing how AI can make content management smarter and more efficient. Of course Drupal AI has many other applications and we want to hear yours!

Share your Drupal AI achievements and help others learn

We want to showcase how organisations are using Drupal AI, whether in research, pilot, beta, or full production. Share your experience and you could be featured in a blog or invited to a webinar, helping others understand the practical impact of AI with Drupal.

Contact us to tell your story.

At the time of writing there are 7,151 reported installs of Drupal AI and adoption is accelerating. Every day, new examples emerge of how Drupal AI helps teams tackle real-world business challenges, optimise content management, streamline workflows, and improve user experiences. Yet, with so many organisations adopting Drupal AI, it can be challenging to uncover every use case.

Your Drupal AI use case could be featured—tell us how you’re innovating

We want to hear from you! If your organisation is using Drupal AI—whether you are a Drupal certified partner, AI Maker, agency, end customer, or an independent consultant—we invite you to share your story. You could be featured in a guest blog post or invited to participate in a webinar, helping others understand the practical applications of AI.

Get in touch to let us know how you are putting Drupal AI to work.

Drupal AI in action: examples from local government and education

Southwark Council, London: is transforming how it brings content online. Their digital estate holds over 2,000 PDFs, most designed for print rather than web consumption. A new AI PDF Importer, developed for the LocalGov Drupal, is helping convert these static documents into accessible, structured, and user-friendly web content. By integrating AI-powered automation, the project addresses pagination, heading hierarchies, image extraction, and link mapping, reducing a process that previously took hours to just seconds, and making vital information more accessible for residents.

University of Edinburgh, Scotland: has developed an AI tool, created during an internship, integrated into its Drupal-based content management system, EdWeb. Leveraging Drupal AI and a new “AI Agents” framework, the tool allows content editors to interact with specialised AI agents, such as a style guide agent and a site maintenance agent. These agents access trusted university resources, including the editorial style guide and acronym database, to provide context-aware guidance and support for publishers.

Artevelde University of Applied Sciences, Ghent, Belgium: is advancing knowledge on AI-assisted development through student contributions. Witze Van der Straeten has published a tutorial on converting Figma designs into Drupal components, illustrating how Drupal AI can significantly accelerate the process of turning designs into functional solutions.

These examples demonstrate the broad range of applications for Drupal AI, from local government to higher education and the wider ICT community, showing how AI can make content management smarter and more efficient. Of course Drupal AI has many other applications and we want to hear yours!

Share your Drupal AI achievements and help others learn

We want to showcase how organisations are using Drupal AI, whether in research, pilot, beta, or full production. Share your experience and you could be featured in a blog or invited to a webinar, helping others understand the practical impact of AI with Drupal.

Contact us to tell your story.

Keeping your site up to date is essential, but it is only the beginning when it comes to web security. For Drupal site maintainers, this comes naturally thanks to a long-standing culture of best practices, code quality, and the dedicated work of the Drupal Security Team. But today’s threat landscape doesn’t just target vulnerabilities in code. It exploits infrastructure, automation, and scale.

This is where the Drupal Association and CrowdSec collaboration comes in. It combines deep application-layer awareness with a community-powered defense system to offer broader, more adaptive protection for the modern web.

Drupal’s Internal Security Culture

Drupal has earned a reputation for prioritizing security from the ground up. Core security practices, frequent updates, and responsible disclosure processes form the baseline. Modules like CAPTCHA, Honeypot, TFA, OAuth, and header hardening tools are widely used across websites to harden attack surfaces.

“We’ve always used a layered security model,” explains Jürgen Haas, a long-time Drupal contributor and maintainer of the CrowdSec Drupal module. “Before using CrowdSec, the Drupal Ban module helped us manually block problematic IPs, and we combined that with host-level tools like Fail2Ban or Apache’s security plugin.”

But that model has limits. For many Drupal sites, especially those with interactive features such as logins, registrations, and comment sections, malicious behavior can’t always be spotted at the infrastructure level. As traffic becomes more dynamic and attackers more sophisticated, another layer of protection is needed.

The Growing Challenge: Spam and Bots

Brute-force logins, spam submissions, scraping bots, and SEO manipulation are not new, but their sophistication is evolving. AI-generated content can now bypass traditional filters. CAPTCHA-bypass tools are widely available. And attacks are no longer personal. They are automated and global.

One Drupal community member running a high-traffic political forum suffered frequent spam attacks that rendered the site nearly unusable. Implementing CrowdSec almost immediately resolved the issue. However, it also revealed new challenges around legitimate traffic coming from sources like Tor. It is a reminder that today’s security work is not only technical but also must be ethical and nuanced.

CrowdSec: A Community Approach to Protection

CrowdSec is a free and open source security engine that detects aggressive behaviors and shares signals with a global network. If a malicious IP is attacking other sites, CrowdSec users benefit from that real-time threat intelligence. The Drupal module brings this collaborative protection directly into the CMS layer.

Initially, Jürgen was skeptical. “I used to think you should block threats early, at the server level,” he admits. “But I came to understand that some patterns of abuse, like brute force or spam, only emerge over time within the application. Drupal is in a unique position to spot them.”

That is where the Drupal integration shines. It enables behavior-driven detection that contributes to our global reputation network, without tracking personal data. The result is smarter, faster protection, especially when combined with traditional host-level defenses.

Why CrowdSec and Why Now

“We were already researching CrowdSec as a potential replacement for Fail2Ban,” Jürgen explains. “It’s easier to configure, and the crowd-sourced decision-making is what really convinced us. The idea that we all benefit from what others observe is a very open source way of thinking.”

The Drupal module allows CrowdSec to gather rich behavioral context from inside the CMS, something not possible from logs alone. Current efforts are focused on building APIs to allow other Drupal modules to contribute signals, from spam protection to user activity patterns.

“There are a dozen modules already doing great work spotting bad behavior,” says Jürgen. “Imagine if they could all contribute signals. The insights we could gain and share would be huge.”

Real-World Use and Future Evolution

Today, the CrowdSec module is running on dozens of Drupal sites, protecting everything from portals to customer platforms and content-rich applications. The roadmap includes:

• Richer behavioral context to improve upstream signals
• A signal-sharing API that enables other modules to contribute
• Enhanced reporting in the Drupal backend to show impact
• Improved documentation to help users understand and build on the module
   

On the infrastructure side, most deployments run on LAMP stacks, with a gradual shift toward Docker-based hosting. Regardless of setup, the goal is the same: stop threats efficiently, collaboratively, and without compromising the openness of the web.

Rooted in Open Source Ethics

What sets this partnership apart is not just the technology. It is the shared values. Drupal Association and CrowdSec are both rooted in transparency, collaboration, and community-driven improvement.

“CrowdSec's approach feels intuitive to people from open source communities,” says Jürgen. “You contribute data, benefit from what others share, and improve things together.”

Security is often treated as a premium feature, locked behind proprietary platforms. This partnership challenges that idea. It shows how powerful, scalable security can be built in the open, shared freely, and improved collectively.

Together, We Can Build a Safer Web

Security is not a static checklist. It is a living, evolving effort. As attackers innovate, so must defenders. That is why this partnership invites not just users, but contributors.

Here’s how to get involved:

• Try the CrowdSec Drupal module and explore what it can do
• Share your experience with others in the CrowdSec community and Drupal Security Team
• Contribute your story to help others improve their defenses
   

Security is not just about stopping bad actors. It is about protecting the values that make open source and the open web possible. Through this partnership, the Drupal Association and CrowdSec are helping build a more resilient internet. One where collective action protects everyone.

Safer together.

Keeping your site up to date is essential, but it is only the beginning when it comes to web security. For Drupal site maintainers, this comes naturally thanks to a long-standing culture of best practices, code quality, and the dedicated work of the Drupal Security Team. But today’s threat landscape doesn’t just target vulnerabilities in code. It exploits infrastructure, automation, and scale.

This is where the Drupal Association and CrowdSec collaboration comes in. It combines deep application-layer awareness with a community-powered defense system to offer broader, more adaptive protection for the modern web.

Drupal’s Internal Security Culture

Drupal has earned a reputation for prioritizing security from the ground up. Core security practices, frequent updates, and responsible disclosure processes form the baseline. Modules like CAPTCHA, Honeypot, TFA, OAuth, and header hardening tools are widely used across websites to harden attack surfaces.

“We’ve always used a layered security model,” explains Jürgen Haas, a long-time Drupal contributor and maintainer of the CrowdSec Drupal module. “Before using CrowdSec, the Drupal Ban module helped us manually block problematic IPs, and we combined that with host-level tools like Fail2Ban or Apache’s security plugin.”

But that model has limits. For many Drupal sites, especially those with interactive features such as logins, registrations, and comment sections, malicious behavior can’t always be spotted at the infrastructure level. As traffic becomes more dynamic and attackers more sophisticated, another layer of protection is needed.

The Growing Challenge: Spam and Bots

Brute-force logins, spam submissions, scraping bots, and SEO manipulation are not new, but their sophistication is evolving. AI-generated content can now bypass traditional filters. CAPTCHA-bypass tools are widely available. And attacks are no longer personal. They are automated and global.

One Drupal community member running a high-traffic political forum suffered frequent spam attacks that rendered the site nearly unusable. Implementing CrowdSec almost immediately resolved the issue. However, it also revealed new challenges around legitimate traffic coming from sources like Tor. It is a reminder that today’s security work is not only technical but also must be ethical and nuanced.

CrowdSec: A Community Approach to Protection

CrowdSec is a free and open source security engine that detects aggressive behaviors and shares signals with a global network. If a malicious IP is attacking other sites, CrowdSec users benefit from that real-time threat intelligence. The Drupal module brings this collaborative protection directly into the CMS layer.

Initially, Jürgen was skeptical. “I used to think you should block threats early, at the server level,” he admits. “But I came to understand that some patterns of abuse, like brute force or spam, only emerge over time within the application. Drupal is in a unique position to spot them.”

That is where the Drupal integration shines. It enables behavior-driven detection that contributes to our global reputation network, without tracking personal data. The result is smarter, faster protection, especially when combined with traditional host-level defenses.

Why CrowdSec and Why Now

“We were already researching CrowdSec as a potential replacement for Fail2Ban,” Jürgen explains. “It’s easier to configure, and the crowd-sourced decision-making is what really convinced us. The idea that we all benefit from what others observe is a very open source way of thinking.”

The Drupal module allows CrowdSec to gather rich behavioral context from inside the CMS, something not possible from logs alone. Current efforts are focused on building APIs to allow other Drupal modules to contribute signals, from spam protection to user activity patterns.

“There are a dozen modules already doing great work spotting bad behavior,” says Jürgen. “Imagine if they could all contribute signals. The insights we could gain and share would be huge.”

Real-World Use and Future Evolution

Today, the CrowdSec module is running on dozens of Drupal sites, protecting everything from portals to customer platforms and content-rich applications. The roadmap includes:

• Richer behavioral context to improve upstream signals
• A signal-sharing API that enables other modules to contribute
• Enhanced reporting in the Drupal backend to show impact
• Improved documentation to help users understand and build on the module
   

On the infrastructure side, most deployments run on LAMP stacks, with a gradual shift toward Docker-based hosting. Regardless of setup, the goal is the same: stop threats efficiently, collaboratively, and without compromising the openness of the web.

Rooted in Open Source Ethics

What sets this partnership apart is not just the technology. It is the shared values. Drupal Association and CrowdSec are both rooted in transparency, collaboration, and community-driven improvement.

“CrowdSec's approach feels intuitive to people from open source communities,” says Jürgen. “You contribute data, benefit from what others share, and improve things together.”

Security is often treated as a premium feature, locked behind proprietary platforms. This partnership challenges that idea. It shows how powerful, scalable security can be built in the open, shared freely, and improved collectively.

Together, We Can Build a Safer Web

Security is not a static checklist. It is a living, evolving effort. As attackers innovate, so must defenders. That is why this partnership invites not just users, but contributors.

Here’s how to get involved:

• Try the CrowdSec Drupal module and explore what it can do
• Share your experience with others in the CrowdSec community and Drupal Security Team
• Contribute your story to help others improve their defenses
   

Security is not just about stopping bad actors. It is about protecting the values that make open source and the open web possible. Through this partnership, the Drupal Association and CrowdSec are helping build a more resilient internet. One where collective action protects everyone.

Safer together.

Keeping your site up to date is essential, but it is only the beginning when it comes to web security. For Drupal site maintainers, this comes naturally thanks to a long-standing culture of best practices, code quality, and the dedicated work of the Drupal Security Team. But today’s threat landscape doesn’t just target vulnerabilities in code. It exploits infrastructure, automation, and scale.

This is where the Drupal Association and CrowdSec collaboration comes in. It combines deep application-layer awareness with a community-powered defense system to offer broader, more adaptive protection for the modern web.

Drupal’s Internal Security Culture

Drupal has earned a reputation for prioritizing security from the ground up. Core security practices, frequent updates, and responsible disclosure processes form the baseline. Modules like CAPTCHA, Honeypot, TFA, OAuth, and header hardening tools are widely used across websites to harden attack surfaces.

“We’ve always used a layered security model,” explains Jürgen Haas, a long-time Drupal contributor and maintainer of the CrowdSec Drupal module. “Before using CrowdSec, the Drupal Ban module helped us manually block problematic IPs, and we combined that with host-level tools like Fail2Ban or Apache’s security plugin.”

But that model has limits. For many Drupal sites, especially those with interactive features such as logins, registrations, and comment sections, malicious behavior can’t always be spotted at the infrastructure level. As traffic becomes more dynamic and attackers more sophisticated, another layer of protection is needed.

The Growing Challenge: Spam and Bots

Brute-force logins, spam submissions, scraping bots, and SEO manipulation are not new, but their sophistication is evolving. AI-generated content can now bypass traditional filters. CAPTCHA-bypass tools are widely available. And attacks are no longer personal. They are automated and global.

One Drupal community member running a high-traffic political forum suffered frequent spam attacks that rendered the site nearly unusable. Implementing CrowdSec almost immediately resolved the issue. However, it also revealed new challenges around legitimate traffic coming from sources like Tor. It is a reminder that today’s security work is not only technical but also must be ethical and nuanced.

CrowdSec: A Community Approach to Protection

CrowdSec is a free and open source security engine that detects aggressive behaviors and shares signals with a global network. If a malicious IP is attacking other sites, CrowdSec users benefit from that real-time threat intelligence. The Drupal module brings this collaborative protection directly into the CMS layer.

Initially, Jürgen was skeptical. “I used to think you should block threats early, at the server level,” he admits. “But I came to understand that some patterns of abuse, like brute force or spam, only emerge over time within the application. Drupal is in a unique position to spot them.”

That is where the Drupal integration shines. It enables behavior-driven detection that contributes to our global reputation network, without tracking personal data. The result is smarter, faster protection, especially when combined with traditional host-level defenses.

Why CrowdSec and Why Now

“We were already researching CrowdSec as a potential replacement for Fail2Ban,” Jürgen explains. “It’s easier to configure, and the crowd-sourced decision-making is what really convinced us. The idea that we all benefit from what others observe is a very open source way of thinking.”

The Drupal module allows CrowdSec to gather rich behavioral context from inside the CMS, something not possible from logs alone. Current efforts are focused on building APIs to allow other Drupal modules to contribute signals, from spam protection to user activity patterns.

“There are a dozen modules already doing great work spotting bad behavior,” says Jürgen. “Imagine if they could all contribute signals. The insights we could gain and share would be huge.”

Real-World Use and Future Evolution

Today, the CrowdSec module is running on dozens of Drupal sites, protecting everything from portals to customer platforms and content-rich applications. The roadmap includes:

• Richer behavioral context to improve upstream signals
• A signal-sharing API that enables other modules to contribute
• Enhanced reporting in the Drupal backend to show impact
• Improved documentation to help users understand and build on the module
   

On the infrastructure side, most deployments run on LAMP stacks, with a gradual shift toward Docker-based hosting. Regardless of setup, the goal is the same: stop threats efficiently, collaboratively, and without compromising the openness of the web.

Rooted in Open Source Ethics

What sets this partnership apart is not just the technology. It is the shared values. Drupal Association and CrowdSec are both rooted in transparency, collaboration, and community-driven improvement.

“CrowdSec's approach feels intuitive to people from open source communities,” says Jürgen. “You contribute data, benefit from what others share, and improve things together.”

Security is often treated as a premium feature, locked behind proprietary platforms. This partnership challenges that idea. It shows how powerful, scalable security can be built in the open, shared freely, and improved collectively.

Together, We Can Build a Safer Web

Security is not a static checklist. It is a living, evolving effort. As attackers innovate, so must defenders. That is why this partnership invites not just users, but contributors.

Here’s how to get involved:

• Try the CrowdSec Drupal module and explore what it can do
• Share your experience with others in the CrowdSec community and Drupal Security Team
• Contribute your story to help others improve their defenses
   

Security is not just about stopping bad actors. It is about protecting the values that make open source and the open web possible. Through this partnership, the Drupal Association and CrowdSec are helping build a more resilient internet. One where collective action protects everyone.

Safer together.

Keeping your site up to date is essential, but it is only the beginning when it comes to web security. For Drupal site maintainers, this comes naturally thanks to a long-standing culture of best practices, code quality, and the dedicated work of the Drupal Security Team. But today’s threat landscape doesn’t just target vulnerabilities in code. It exploits infrastructure, automation, and scale.

This is where the Drupal Association and CrowdSec collaboration comes in. It combines deep application-layer awareness with a community-powered defense system to offer broader, more adaptive protection for the modern web.

Drupal’s Internal Security Culture

Drupal has earned a reputation for prioritizing security from the ground up. Core security practices, frequent updates, and responsible disclosure processes form the baseline. Modules like CAPTCHA, Honeypot, TFA, OAuth, and header hardening tools are widely used across websites to harden attack surfaces.

“We’ve always used a layered security model,” explains Jürgen Haas, a long-time Drupal contributor and maintainer of the CrowdSec Drupal module. “Before using CrowdSec, the Drupal Ban module helped us manually block problematic IPs, and we combined that with host-level tools like Fail2Ban or Apache’s security plugin.”

But that model has limits. For many Drupal sites, especially those with interactive features such as logins, registrations, and comment sections, malicious behavior can’t always be spotted at the infrastructure level. As traffic becomes more dynamic and attackers more sophisticated, another layer of protection is needed.

The Growing Challenge: Spam and Bots

Brute-force logins, spam submissions, scraping bots, and SEO manipulation are not new, but their sophistication is evolving. AI-generated content can now bypass traditional filters. CAPTCHA-bypass tools are widely available. And attacks are no longer personal. They are automated and global.

One Drupal community member running a high-traffic political forum suffered frequent spam attacks that rendered the site nearly unusable. Implementing CrowdSec almost immediately resolved the issue. However, it also revealed new challenges around legitimate traffic coming from sources like Tor. It is a reminder that today’s security work is not only technical but also must be ethical and nuanced.

CrowdSec: A Community Approach to Protection

CrowdSec is a free and open source security engine that detects aggressive behaviors and shares signals with a global network. If a malicious IP is attacking other sites, CrowdSec users benefit from that real-time threat intelligence. The Drupal module brings this collaborative protection directly into the CMS layer.

Initially, Jürgen was skeptical. “I used to think you should block threats early, at the server level,” he admits. “But I came to understand that some patterns of abuse, like brute force or spam, only emerge over time within the application. Drupal is in a unique position to spot them.”

That is where the Drupal integration shines. It enables behavior-driven detection that contributes to our global reputation network, without tracking personal data. The result is smarter, faster protection, especially when combined with traditional host-level defenses.

Why CrowdSec and Why Now

“We were already researching CrowdSec as a potential replacement for Fail2Ban,” Jürgen explains. “It’s easier to configure, and the crowd-sourced decision-making is what really convinced us. The idea that we all benefit from what others observe is a very open source way of thinking.”

The Drupal module allows CrowdSec to gather rich behavioral context from inside the CMS, something not possible from logs alone. Current efforts are focused on building APIs to allow other Drupal modules to contribute signals, from spam protection to user activity patterns.

“There are a dozen modules already doing great work spotting bad behavior,” says Jürgen. “Imagine if they could all contribute signals. The insights we could gain and share would be huge.”

Real-World Use and Future Evolution

Today, the CrowdSec module is running on dozens of Drupal sites, protecting everything from portals to customer platforms and content-rich applications. The roadmap includes:

• Richer behavioral context to improve upstream signals
• A signal-sharing API that enables other modules to contribute
• Enhanced reporting in the Drupal backend to show impact
• Improved documentation to help users understand and build on the module
   

On the infrastructure side, most deployments run on LAMP stacks, with a gradual shift toward Docker-based hosting. Regardless of setup, the goal is the same: stop threats efficiently, collaboratively, and without compromising the openness of the web.

Rooted in Open Source Ethics

What sets this partnership apart is not just the technology. It is the shared values. Drupal Association and CrowdSec are both rooted in transparency, collaboration, and community-driven improvement.

“CrowdSec's approach feels intuitive to people from open source communities,” says Jürgen. “You contribute data, benefit from what others share, and improve things together.”

Security is often treated as a premium feature, locked behind proprietary platforms. This partnership challenges that idea. It shows how powerful, scalable security can be built in the open, shared freely, and improved collectively.

Together, We Can Build a Safer Web

Security is not a static checklist. It is a living, evolving effort. As attackers innovate, so must defenders. That is why this partnership invites not just users, but contributors.

Here’s how to get involved:

• Try the CrowdSec Drupal module and explore what it can do
• Share your experience with others in the CrowdSec community and Drupal Security Team
• Contribute your story to help others improve their defenses
   

Security is not just about stopping bad actors. It is about protecting the values that make open source and the open web possible. Through this partnership, the Drupal Association and CrowdSec are helping build a more resilient internet. One where collective action protects everyone.

Safer together.

October 14–17, 2025 | Austria Center Vienna

Vienna is calling the global Drupal community home this October, and we can't wait to see what happens when ambitious minds gather in one of Europe's most inspiring cities.

Your Platform for Growth and Connection

DrupalCon Vienna isn't just a conference—it's where the future of digital experiences takes shape. Whether you're a marketer pushing the boundaries of what's possible, a developer crafting the next breakthrough, or a decision-maker charting your organization's digital course, Vienna offers exactly what you need to level up.

What awaits you:

• 100+ sessions diving deep into site building, design, accessibility, DevOps, and the technologies shaping tomorrow's web

• Keynotes from Dries Buytaert and industry leaders sharing insights that will reshape how you think about digital possibilities

• Hands-on contribution opportunities where you can directly impact the platform powering millions of websites worldwide

• The International Splash Awards, celebrating the most innovative Drupal projects that prove what's possible when creativity meets capability

Beyond the Sessions: Where Magic Happens

The real power of DrupalCon lies in those moments between sessions—the conversations over coffee that spark new partnerships, the late-night discussions that solve complex challenges, and the connections that transform how you approach your work.

Vienna's central location and world-class public transportation make it easy to explore beyond the Austria Center. But honestly? With this community, you might find the most valuable discoveries happen right within the venue walls.

Your Invitation to Shape the Future

This isn't just about attending sessions—it's about joining a movement. From first-time contributors getting mentored on Contribution Day to seasoned professionals sharing battle-tested strategies, Vienna brings together everyone who believes the web should be open, flexible, and built for ambition.

Ready to join us? Regular registration is available until September 15, 2025. Don't wait—Vienna fills up fast, and you won't want to miss being part of this year's most important gathering of digital innovators.

Register today 

We’re thrilled to introduce Maya Schaeffer, one of the newest members elected to the Drupal Association Board, with her term beginning 1 November 2025.

Maya is the lead organizer of EvolveDigital & EvolveDrupal, where she has been instrumental in rebuilding the in-person side of the community post-pandemic, connecting over 1,000 attendees (40% from outside the traditional Drupal space) across summits in Montreal, Ottawa, Toronto, Atlanta, NYC, and Boston (upcoming June 2025). These events highlight the demand for cross-functional community spaces that showcase Drupal’s relevance across industries.

Beyond events, Maya is passionate about contributing to Promote Drupal and helping shape an Association that champions clear storytelling, accessible entry points, and a strong pipeline for the next generation of users and contributors.

We’re excited to have Maya on the Board. Here are her thoughts as she begins this new chapter:

What are you most excited about when it comes to joining the Drupal Association Board?
I'm excited to bring a fresh perspective that bridges the gap between technical and non-technical communities. I want to help Drupal grow by expanding its reach, telling a more inclusive story, and making it easier for new voices to get involved, especially beyond code.

What do you hope to accomplish during your time on the board?
I want to help Drupal reach new audiences, support more inclusive contribution pathways, and strengthen community engagement beyond the developer space. That includes amplifying Promote Drupal, making it easier for newcomers to get involved, and championing voices from underrepresented regions and roles. I also hope to bring a marketing and events lens to our strategy, helping the project tell a clearer, more compelling story to the world.

What specific skill or perspective do you contribute to the board?
I bring a marketing and community-building lens, shaped by leading EvolveDrupal (and EvolveDigital) and engaging non-technical audiences. My background in event management and my administrative experience as an executive assistant in Germany give me the tools to align stakeholders and turn ideas into action, something I’m especially excited to bring to the Board’s work. I thrive at making vision tangible and creating inclusive spaces where more people can see themselves in Drupal.

How has Drupal impacted your life or career?
When I started at Evolving Web, I didn’t even know what Drupal was. But from my very first event, the community welcomed me in. That sense of openness gave me room to grow, build confidence, and discover a whole new path in tech. I’ve found a place where I can connect with people, contribute in meaningful ways, and keep learning every step of the way.

Tell us something that the Drupal community might not know about you.
I started playing ball hockey after moving to Canada, and just 3.5 years later, I made it onto the United Nations team for the 2024 Ball Hockey World Championship in Switzerland. It was an unforgettable experience and a reminder that it’s never too late to try something new and go all in.

Share a favorite quote or piece of advice that has inspired you.
"You miss 100% of the shots you don’t take." — Wayne Gretzky

This quote has guided so many of my big life decisions. I moved to a new country, stepped into a completely new industry, and said yes to opportunities I didn’t feel fully “ready” for, from organizing summits to playing in a world championship. None of it would’ve happened if I hadn’t taken the shot. 

We look forward to the contributions Maya will make during her time on the Drupal Association Board. Thank you, Maya, for sharing your time and expertise with the Drupal community. You can connect with Maya on LinkedIn.

About the Drupal Association Board of Directors

The Drupal Association Board of Directors comprises 13 members with nine nominated for staggered three-year terms, two elected by Drupal Association members, and one seat is reserved for the Drupal Project Founder, Dries Buytaert, while another is reserved for the immediate past chair (non-voting). Terms start on 1 November of each year.

The Board meets twice in person for weekend retreat and about 5 times virtually each year.   The Board provides strategic guidance to the Drupal Association and oversight of the Association’s management, policy development, management, budget, and fundraising efforts.

Last week’s webinar brought together three voices helping to shape the Drupal AI Initiative: Paul Johnson, Christoph Breidert, and Kristen Pol. Together, they painted a picture of where Drupal is headed with AI, and what the community is already learning through direct experimentation.

Watch the full webinar recording on The Drupal Association YouTube Channel.

Paul opened with key takeaways from the global AI survey. 79.2% of respondents reported using AI in their everyday work, and over 61% of organisations were already running internal experiments. One message was clear: AI isn’t theoretical anymore. People are trying, testing, and shipping.

The majority of respondents, 79.2%, reported that they were using AI in their everyday work.

— Paul Johnson

Christoph followed with a look at what’s driving the momentum behind the Drupal AI initiative. He emphasized that Drupal’s open and flexible nature makes it a strong fit for AI innovation, and that the initiative was a natural response to the rapid experimentation already happening across agencies and contributors.

The Drupal AI initiative was launched not so long ago, and it just came out of that many companies are of course experimenting with AI. Drupal has always been at the forefront of innovation.

— Christoph Breidert

Kristen brought the discussion back to the roadmap, reminding us that all of this work depends on collaboration, visibility, and good stewardship. She also highlighted that the initiative has gained traction because contributors are sharing back, not just building in silos.

We couldn’t have analyzed any results if we didn’t have any, so appreciate that. This is only working because people are contributing back.

— Kristen Pol

The takeaway for me? The initiative is gaining momentum because it’s being built with the community, not for it. If you want to get involved, this is the moment. Whether you’re experimenting with use cases, building tools, or helping shape the messaging, the door is wide open and we’re eager for the help.

The full webinar is available to watch on the Drupal Association YouTube Channel.

Want to Help?

There are many ways to plug in: contribute to the codebase, share your experiments, join the Slack channel, or attend the next webinar. The Drupal AI Initiative is making room for builders, strategists, and communicators alike.

We will try to give back information about what is happening on the technical side, so people can stay up to date with improvements happening in the Drupal AI space from a developers perspective.

I was recently myself away on vacation for some weeks, and realized just how quickly everything is moving, both in the AI space and the Drupal AI space when you are not actively following it. The Drupal AI Initiative and its people contributing to it, outside of FreelyGive, have started its own momentum.

So this is a way to get a bi-weekly update on what is happening outside of releases, to be able to test things happening on the dev branches of different projects.

Tool API is released

The first alpha release of Tool API happened in the past week. The idea behind the Tool API is to create one uniformed API for any type of tool with clear input and output schemas. These will be able to be used both as function calling tools for AI, for tools for MCP, but also in the future derive actions for powerful automation tools like ECA. 

In practice it means that you can define a tool once and use it in multiple systems, including as a function call for AI. The idea with this is that you should be able to create reusable tools for manipulating entities, using views as context, getting information about the Drupal system etc. simply in the GUI and be shipped as configuration. 

This together with the functionality to create completely custom function calls in the UI using ECA, opens up for shipping a lot of agents as configuration without other module dependencies.

Tool API is being released as its own module, since the possibilities of how to use this is something that is outside of the scope of just the AI module.

Going forward with the MCP Client, we will most likely use Tool API as well as the foundation to make sure that any tool from a MCP server you want to create a version of inside Drupal.

A huge thanks to Michael Lander who has been working tirelessly on this project and for all the expertise he has been giving back to the AI project in general.

A video of the tool api in action creating Drupal content that with Claude Desktop and MCP using natural language can be found here.

Image-To-Image operation type is merged

One year ago when the initial Image to image operation type was thought of, it was a fairly “useless” AI inference type. The problem was that the AI models could not keep consistency, meaning that at best you could use it for some nice demoing purposes, most of which made little sense to use in a Drupal context.

This has somewhat since changed, with Dreamstudio offering things like removing backgrounds, outpainting of images to fit specific ratios etc. and OpenAI GPT-1-Image making it possible to generate images in a style of another image. This was what it was initially meant for.

However, since the issue was put “in review” and it has now been merged, Nano Banana was released and is a complete game changer in this field. It lets you edit images in natural language with very good consistency and gives a future image of what is to come.

We just need to add that to a provider now and we will have a way for a chatbot or another prompting interface to change images directly inside Drupal using natural language.

Use Tavily in your agents to do web searches and research

The Tavily module got another release - 2.0.0-rc3. Tavily is a service specifically designed for connecting your agent to the web.

The main feature of this release is a function call that you can use in your agent to do web searches to get either full html scraped webpages or markdown versions of the websites it finds.

This means that you can have an agent summarizing some topic for you or fact checking something for you.

See more here: https://www.drupal.org/project/tavily

Support for Fibers

Currently the AI module is treating any provider synchronously. This means that if you ask for instance OpenAI four different things that are not dependent on each other, we at the moment run the first one, start the second one when the first one is done and so on.

This change makes sure that we can utilize Fibers in PHP and run this asynchronously, so the process only becomes as slow as the slowest of the four calls in this case.

Currently we have no real case usage of this, but future jobs like for instance AI Translate, where each field translation is independent of the other, could work in parallel to translate a lot faster.

See: https://www.drupal.org/project/ai/issues/3538027

Removing code reiteration and reusing provider standards

A lot of providers today are using a standard that OpenAI created for its messaging API platforms. This means that a lot of providers can actually reuse a lot of code that we initially set up for the OpenAI provider.

The problem is that you do not want to make a provider dependent on the OpenAI provider, just because you want to inherit functionality from it.

Because of this we have opted to create a base class for OpenAI based providers, outside of the normal base class.

You can see the base class here.

We have already started removing huge chunks of code that was just duplication of code found in other providers.

Other smaller but noticeable fixes:

• The AI Translate’s Drush command to translate can now take multiple ids, instead of just one: https://www.drupal.org/project/ai/issues/3537084

• We have added a marker interface for all exceptions the AI module throws, so you can catch em’ all: https://www.drupal.org/project/ai/issues/3542498

• The StreamIteratorInterface has been worked over for 1.2.x release, without being backwards breaking, but with provider developers needing to take a step to make logging of the response working. This is to prepare for making tool calling possible using streamed output:

  • https://www.drupal.org/project/ai/issues/3541471

  • https://www.drupal.org/project/ai/issues/3541472

Stay tuned for further bi-weekly Drupal AI development progress. Visit the Drupal AI Initiative home for ways to connect and get involved.