fidzu : Drupal

For Everyone: In-Context Customization Without the Learning Curve

Jürgen Haas Wed 27 May 2026 - 15:00

27 May 2026 1:00pm GMT

The Drupal AI Summit in New York City brought together developers, strategists, designers, and agencies for a full day of talks, demos, and conversations about where Drupal will go next in the age of AI. What struck me most wasn't any single talk or demo, it was the common belief that the Drupal community needs to come together to shape this future responsibly.

Here are the core themes, and the talks that stood out.

The Big Picture: Drupal as an "AI Harness"

Matthew Saunders kicked off the day with a framing that anchored everything that followed: "Drupal is becoming an AI harness." As organizations move AI from experimentation into practical operations, the focus should shift from which AI model is used to the system that orchestrates and governs those models.

An AI harness, as Saunders defined it, connects models to essential organizational requirements: structured data, governance, human oversight, and workflow automation. With 25 years of experience managing structured content, APIs, and permissions, Drupal is positioned to act as that operational layer.

Saunders also highlighted the Drupal AI Initiative - a community-led effort with 30+ partner organizations focused on coordinating responsible AI capabilities and avoiding vendor lock-in through community-driven innovation. A core value of the summit, repeated throughout the day, was the importance of a "human × AI partnership" - ensuring AI augments professional expertise rather than replacing it.

What the Industry Is Aligning On: Key Themes from the Drupal AI Summit

These were just a few of the ideas surfaced during the sessions:

Vibecoding for prototypes, Drupal for systems that last. Josh Koenig cautioned that while generative AI can rapidly build websites and democratize web creation by allowing users to assemble functional interfaces without traditional development hurdles, "vibe coding" often lacks long-term maintainability, governance, and structural integrity. The result is frequently "spaghetti code" that becomes difficult for teams to manage as projects grow in complexity. This is where Drupal can shine. The takeaway: use AI to prototype fast, but use Drupal to build systems that last - sustainable, reliable, and integrated into existing professional workflows.

Orchestrating autonomous agents. The future, according to Koenig, lies in turning AI into a teammate. Today's AI-driven web development is largely a "single-player" experience - just an individual talking to a computer. The next chapter is about building orchestrated workflows where multiple stakeholders collaborate within a controlled environment, ensuring consistency across a large ecosystem of websites. Drupal is well-positioned to be that orchestration layer - not just a platform with AI features, but an AI-friendly ecosystem that supports protocols like the Model Context Protocol (MCP), allowing it to act as a structured source of content and context for external AI agents.

Context-driven AI. Without structured context, AI outputs are off-brand, non-compliant, or just generic - what Kristen Pol memorably calls "AI slop." As Pol put it, context is the difference between "AI that guesses" and "AI that gets it." Her project, the Context Control Center (CCC), also known as the AI Context module, provides a centralized hub within Drupal to capture and manage an organization's rules, policies, and guidelines, then map them directly to AI features. Instead of relying on vague prompts or scattered style guides, CCC treats context as managed content - with familiar Drupal capabilities like revisioning, scheduling, and scoping by workflow, language, or site section. That means an organization can declare rules and have them applied consistently across every AI output.

From UX to AX (Agent Experience). Brands now need to design experiences not just for humans, but for the AI agents acting on their behalf. As more website traffic comes from AI agents and crawlers rather than human visitors, organizations have to think about how their content, components, and APIs are "consumed" by machines - and how to ensure brand voice, accuracy, and trust are preserved when an agent is the one mediating the experience.

Data sovereignty and trust. Particularly relevant for the public sector, Amazee's Jeroen Spitaels emphasized guarantees of no data retention and no training on user data as essential for public sector institutions. For governments, universities, and any organization handling sensitive information, it's not enough for AI to be powerful - it has to be trustworthy, transparent, and sovereign. That means knowing exactly where your data lives, who has access, and being certain it isn't quietly being used to train someone else's model.

Where It Got Specific: Sessions Worth a Closer Look

Every summit has sessions that move beyond the conceptual and get specific. These three stood out because they tackled the operational realities of actually deploying AI - and what it takes to do it well.

The Actual Playbook for Deploying AI without Breaking Trust

John Doyle's session on implementing AI teams and workflows was one of the day's standouts because it tackled the operational reality of AI - not just the tech.

His core idea: stop thinking about AI as isolated prompts and start building "digital teammates" - governed agents with defined owners, SLAs, and clear inputs and outputs. That's a profound reframing. A digital teammate isn't a tool you use; it's a team member you onboard, manage, and hold accountable.

Doyle made a strong case for Drupal as the ideal platform for AI orchestration thanks to its API-first architecture, structured content model, and workflow states. He demoed AI integrated directly into a Drupal interface, generating content drafts based on predefined project briefs and design systems.

His operational advice was refreshingly grounded:

• Give every AI agent a charter - clear scope, purpose, and boundaries.
• Always maintain a human-in-the-loop for final verification.
• Iterate slowly to ensure quality control.

This is exactly the playbook organizations need if they want to actually deploy AI without breaking trust. At the end of his talk, I was able to speak with him, and he mentioned they had piloted this approach at Digital Polygon, and it was very successful.

What a Real AI-Powered Website Experience Actually Looks Like in Practice

John Tran, CTO of Image X, delivered the kind of real-world example I wanted to see. His session detailed how Drupal can be transformed from a static content management system into a dynamic, AI-orchestrated experience platform using AG-UI (Agent-to-User Interaction).

The technical foundation is semantic search - using embedding models and vector databases to map relationships between content, focusing on intent, context, and meaning rather than keywords. That allows the system to retrieve highly relevant information even when the user's phrasing is conversational.

The proof-of-concept for an advanced implementation of an AI chatbot was great to see. The system:

• Triggers specific tools dynamically (such as directions or live weather APIs)
• Renders interactive SDC (Single Directory Components) directly within Drupal based on the agent's logic
• Lets users flag content as they navigate, which the AI then aggregates into a customized, downloadable brochure or notebook

Tran's future vision is for Drupal to handle the orchestration of these experiences natively - moving away from rigid, pre-built pages toward fully dynamic, component-based websites where the entire site experience is generated or assembled on-the-fly based on the user's specific goals, all while maintaining site governance and using standard Drupal form-handling workflows.

Just as importantly, because the AG-UI toolkit is agent-agnostic, it prevents vendor lock-in - allowing developers to switch between LLM providers or agent frameworks without rebuilding the front-end experience.

This is what "richer interactivity" looks like in practice. It's still a chatbot at its core, but with a level of engagement and contextual awareness that genuinely solves problems rather than just answering questions. This felt less like a novelty and more like a higher-order assistant doing meaningful work.

Three Capabilities Your Platform Needs for an AI-First Internet

The Acquia session from Martin Anderson-Clutz framed something every digital team needs to wrestle with: in the evolving role of websites and an AI-first internet, content has to go everywhere - not just to your website, but to AI crawlers, agents, and downstream experiences you don't directly control.

To meet that reality, Anderson-Clutz advocated for three keys to a modern DXP:

Agile Content Engine. Beyond traditional drafting and publishing, organizations need to use AI to accelerate planning and ideation, optimize content post-publication for conversion, and embrace structured content in formats like JSON and Markdown for true omnichannel delivery.

Robust Experience Layer. As users increasingly turn to websites to validate purchase decisions rather than for education, the site's role shifts toward frictionless brand onboarding (social proof, case studies, technical specs) and context-aware AI that keeps brand voice accurate, on-brand, and aligned with strategic objectives.

Agent-Friendly Architecture. With non-human traffic rising, websites must be built for AI agents as primary users. That means treating "APIs as the new UI" - standardizing on machine-readable formats, adopting emerging agent-to-agent protocols, and designing systems that offer packageable "skills" or recipes for modular, autonomous agent interaction.

His core argument: Drupal is uniquely positioned as a leading, AI-ready platform because of its emphasis on structured content, enterprise governance, and community-driven innovation.

The takeaway: in a world where your content is increasingly consumed by machines before it ever reaches a human, the platforms that win will be the ones that treat AI agents as primary users - and Drupal is already there.

A Community Embracing AI

If one line captured the spirit of the day, it was this: "Drupal has quietly become one of the most AI-ready platforms available."

While much of the AI conversation centers on flashy chatbots and proprietary tools, Drupal has been steadily building exactly what AI agents need to do real work. That's not marketing spin - it's the natural outcome of 25 years of disciplined engineering around content structure, governance, and openness. The very things that made Drupal a leader in the structured-content era are the things AI agents require to operate reliably, safely, and at scale.

The Drupal community isn't just adapting to AI. It's quietly becoming one of the most credible, agent-ready platforms on the open web - and the summit made it clear we're just getting started.

Bring practical, proven AI adoption strategies to your organization, let's start a conversation! We'd love to hear from you.

27 May 2026 12:00am GMT

26 May 2026 2:35pm GMT

In Open Source software, competition works differently than in proprietary software.

Companies compete through their own products and services, but they all depend on the same commons: the software, the community, the project's reputation, and the shared work that helps people trust and adopt it.

That shared foundation creates a different kind of responsibility: sharing a commons means sharing the work of keeping it strong.

The Open Source companies I admire most show up in two ways. They compete on the merits of their own products: features, support, and price. And they help sustain the commons: through code, documentation, security, marketing, events, education, sponsorships, and more.

Judge companies by what they do

Over the past year, Pantheon, one of Acquia's competitors in the Drupal market, has focused much of its messaging on attacking Acquia, including making our private equity ownership part of its story.

I have no quarrel with Pantheon's products or the people who build them. Competition is healthy. My concern is with marketing that attacks another Drupal company, often with misleading or unwarranted messaging.

I've spent nearly twenty years building Acquia through different stages and ownership models. Acquia has grown from a startup into a company backed first by venture capital and later by private equity. Every ownership model creates different pressures, but ownership determines far from everything.

Customers don't choose a platform because of an ownership model. They choose it because it works, because they can get help, and because they trust it will keep getting better.

No one benefits from unwarranted vendor attacks. They benefit when companies build better products, contribute to Drupal, and help more people adopt it.

License permits, stewardship grows

For an Open Source company, the test is not only what they build for themselves. It is what they help build for everyone.

An Open Source license defines what companies are allowed to do. It sets the floor.

Above that floor is a social contract. No one enforces it, but every healthy Open Source ecosystem depends on it.

Stewardship is what companies choose to do beyond the license: contribute code, fund security work, support maintainers, improve documentation, sponsor events, promote adoption, and more.

Drupal thrives because people and organizations honor the social contract and choose to do more than the license requires.

Contribution is one measure of stewardship

Drupal.org credit is one public signal of that commitment. Acquia is the largest single corporate contributor to Drupal, but the wider community contributes far more than any one company.

In the past year, Acquia engineers earned 2,955 weighted credits on Drupal issues, plus 164 from the Drupal Security Team.

These contributions are good for Acquia, for Drupal, and for every organization that builds on Drupal, including our competitors.

In the same period, Pantheon earned 30 issue credits and 2 security credits. Credits don't capture every form of contribution, and Pantheon contributes in other ways too. Even so, the gap is substantial.

What we let pass becomes the social contract

I don't usually write publicly about competitors. It's not how I want to spend my voice.

Before writing this, I asked myself a simple question: if a major company contributing to Drupal were under sustained attack from another major Drupal company, would I feel a responsibility as Drupal's founder and project lead to speak up?

I would.

The fact that Acquia is the company being attacked made me slower to respond, but it doesn't change the answer.

When companies built on Drupal spend their energy attacking each other instead of growing the project, it bothers me. It's not good for Drupal.

I'm not writing this believing it will change anyone's marketing and sales tactics. I'm writing it because what we let pass now will shape what is acceptable in Drupal years from now.

Communities like ours evolve their social contract through moments like this, when we say in public what we expect of each other. If this post contributes to a healthier social contract taking hold, I'm happy.

Compete on merit, but grow the commons

Every company that builds on Drupal depends on the same commons. Every company has a choice about whether to help sustain it, and how much. Drupal gets stronger when more of us invest in it.

My invitation to every company that builds on Drupal is simple: let's compete on the merits of our products and services, not by attacking each other. Let's serve customers well, contribute where we can, and put our energy into helping more organizations choose Drupal in the first place.

That is the social contract I'd like all of us to live by. I want Acquia to be judged by that same standard: what we ship, how well we serve customers, how much we contribute, and whether Drupal is stronger because of our work.

Not by who owns us. Not by claims made about us. By whether we keep building, contributing, and helping the ecosystem grow.

I have said what I wanted to say, and I won't turn this into an ongoing debate or respond to social media comments on this. My focus is on building and contributing.

26 May 2026 1:43pm GMT

Cybersecurity remained a central concern across enterprise and open-source ecosystems this month as multiple high-profile incidents and critical vulnerability disclosures affected widely deployed platforms. Security teams continued to face pressure to patch faster, monitor exposed systems more closely, and respond to a growing volume of actively exploited vulnerabilities.

Verizon's 2026 Data Breach Investigations Report found that the exploitation of vulnerabilities overtook stolen credentials as the leading initial access method in analysed breaches for the first time. Microsoft's May Patch Tuesday also addressed roughly 120 vulnerabilities affecting Office, SharePoint Server, and Windows enterprise infrastructure.

The open-source sector saw renewed urgency around patch management after the Drupal Security Team released SA-CORE-2026-004, a highly critical SQL injection vulnerability affecting supported Drupal core versions using PostgreSQL databases. The advisory prompted emergency patching efforts across enterprise Drupal deployments.

Security agencies continued to warn about the growing number of actively exploited vulnerabilities tracked in CISA's Known Exploited Vulnerabilities catalogue.

Elsewhere in the open-source ecosystem, discussion turned toward the widening gap between technological capability and public perception. In a recent post, Dries Buytaert argued that Drupal's reputation has not kept pace with its technical evolution despite continued investment in structured content architecture, APIs, and AI-oriented tooling.

The discussion reflects a broader challenge facing mature open-source platforms competing for visibility against newer frameworks with stronger marketing momentum. Community perception increasingly shapes how projects are evaluated alongside technical capability, governance maturity, and long-term sustainability.

That said, let us now look at the major developments covered in Volume 4, Issue 21 of The Drop Times weekly newsletter, Editor's Pick. Story listings are now permanently shifted to teaser blocks below, and we will no longer duplicate linked headlines within the Letter from the Editor.

Additional developments from across the Drupal ecosystem were published during the week. Readers can follow The Drop Times on LinkedIn, Twitter, Bluesky, and Facebook for ongoing updates. The publication is also active on Drupal Slack in the #thedroptimes channel.

Allen Jason
Junior Sub-editor
The Drop Times

26 May 2026 12:41pm GMT

Managing a patchwork of digital systems? Discover why 2026 is the year for membership bodies and charities to trade platform fragmentation for integration.

26 May 2026 12:00pm GMT

Does your content team know how much Drupal accessibility depends on them? From headings to tables, the choices editors make every day shape whether assistive tech users can navigate your site.

26 May 2026 10:56am GMT

Managing a patchwork of digital systems? Discover why 2026 is the year for membership bodies and charities to trade platform fragmentation for integration.

26 May 2026 8:25am GMT

Johanna Bates reflects on Drupal's nonprofit ecosystem, the value of structured content, and the stewardship needed to support contributors, clients, and mission-driven organisations.

26 May 2026 5:00am GMT

Today we are talking about Web Education, Level up Tutorials, and life after Drupal with guest Scott Tolinski. We'll also cover Views Row SDC as our module of the week.

For show notes visit: https://www.talkingDrupal.com/554

Topics

• Scott Origin Story
• Level Up Tutorials Era
• Syntax Podcast Beginnings
• Growing The Audience
• Web Components Debate
• Leaving Drupal Behind
• What Drupal Still Nails
• Agency Project Highlights
• Booking Podcast Guests
• Scott Work Week Setup
• Running Syntax Team
• Canvas HTML Experiments
• Livestream Tools Challenges
• Funding Via Sentry
• Project Ideas Process
• Conference Speaking Journey
• Speaking Logistics Family
• Content Focus Passion
• Drupal Influence Today
• Mad CSS Tournament
• AI Coding Workflow
• What Excites Him Now

Resources

• Scott Tolinski's Website
• Levelup tutorials
• 1000th episode
• Web awesome
• Talk in Amsterdam - React summit
  • This component could have been a class
• Sigraph conference site
• Too fast too furious learning things quickly
• JSNation
• Scratch
• Css tricks
• MadCss Championship
• State of ai survey
• Jazz.tools
• 0sync
• Graffiti

Guests

Scott Tolinski - tolin.ski stolinski

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Bernardo Martinez - bernardm28

MOTW Correspondent

Martin Anderson-Clutz - mandclu.com mandclu

• Brief description:
  • Have you ever wanted to use a Single Directory Component to format the output of a view on your Drupal website? There's a module for that
• Module name/project name:
  • Views Row SDC
• Brief history
  • How old: created in Apr 2026 by James Shields (lostcarpark), a friend of the podcast
  • Versions available: 1.0.0, which works with Drupal 11.3 and 12
• Maintainership
  • Actively maintained
  • Security coverage
  • Number of open issues: 9 open issues, 3 of which are bugs, though two are marked as fixed in the latest release
• Usage stats:
  • 4 sites
• Module features and usage
  • With this module installed, when you select "Show" in the Format modal for any views display, you'll see a new option for "Single Directory Component", in addition to standard options like "Content view mode" or "Fields"
  • You can then select which of the site's available SDCs you want to use to format each result, and then you can map fields defined in the view to the properties and slots defined for the selected component
  • You can also place a view using this format into a Drupal Canvas layout by having a block display
  • SDCs and Canvas are the new hotness in Drupal theming, so this module gives you some additional ways to incorporate theme into your own Drupal site

25 May 2026 6:00pm GMT

AI is unbundling both agencies and software. The rebundling is coming - will it be open or closed? Open platforms offer freedom, sovereignty, and portability.

25 May 2026 8:07am GMT

A problem I've been struggling with for a while now is managing my bookmarks. Every time I come across an interesting article I want to read, a good resource I want to keep, or a neat tool I want to try I create a bookmark.

Over time I have collected a large collection of bookmarks so when I add a new one to the list it gets lots in the pile. I've tried to create directories to keep "new" bookmarks or organise them into sections, but I always end up scrabbling to find them.

The problem is that web browsers don't allow you to categorise or search bookmarks so I can never find them again. Also when I swap browsers (which I have done twice this year) I end up having to migrate them over and set up synchronising between computers. This always removes the favicons of the sites so I have even more trouble finding the right link.

After losing yet another bookmark again recently I decided to do something about it. I realised that #! code was the best place for it as I'm always logged into the site, so I set about creating a link directory on the site. I didn't just want a big list of links though. In my mind a good link directory takes a screenshot of the site when the link is created so that it is easy to see what links are there from the screenshot of the original site.

In this article I will go through how I set up the link directory, how links are added, and how the site is able to take screenshots of the links as they are added to the directory.

Creating The Link Content Type

To store the links I created a content type called "Link" and added a few fields to it.

Read more

24 May 2026 6:07pm GMT

The Night the Internet Tried to Kill Your Website John Locke Fri, 05/22/2026 - 11:30

22 May 2026 6:30pm GMT

Drupal Core Accessibility Maintainer Mike Gifford says organisations risk accelerating inaccessible digital experiences when accessibility remains dependent on isolated advocates instead of embedded governance systems. Speaking as part of The DropTimes' continuing Global Accessibility Awareness Day coverage, Gifford argued that sustainable accessibility depends on integrating accountability, workflows, testing, and organisational culture directly into development infrastructure before automated systems amplify poor practices at scale.

22 May 2026 2:06pm GMT

Visualization of Drupal Core Change records over the years

theodore May 22, 2026

22 May 2026 1:40pm GMT

AI is accelerating content creation, making estate-scale governance critical. Learn the 5 dimensions of content governance and why it must live natively in your CMS.

22 May 2026 12:00pm GMT