Riptides Blog

Riptides BlogDeep dives on secure identity, AI agent infrastructure, and what's next for workload-to-workload trust.https://riptides.io/en-usSPIFFE Is What AI Agents Need for Identity, The Question Is How to Deliver Ithttps://riptides.io/how-to-deliver-spiffe-identity-to-ai-agents/https://riptides.io/how-to-deliver-spiffe-identity-to-ai-agents/Mon, 20 Apr 2026 10:10:00 GMThttps://blog.riptides.io/_astro/integration.BVVxlCo__1pNBWS.webpNon-Human Identity Done Right: Why AI Agents Need SPIFFE and Riptideshttps://riptides.io/non-human-identity-done-right-why-ai-agents-need-spiffe-and-riptides/https://riptides.io/non-human-identity-done-right-why-ai-agents-need-spiffe-and-riptides/Mon, 19 May 2025 09:00:00 GMThttps://blog.riptides.io/_astro/poster.By4MMLId_Z1mzUNj.webpThe API Key Leaks Keep Cominghttps://riptides.io/api-key-leaks-keep-coming/https://riptides.io/api-key-leaks-keep-coming/Thu, 17 Jul 2025 09:00:00 GMThttps://blog.riptides.io/_astro/poster.Dpn19JHF_1kAwol.webp“On demand credentials - Secretless AI assistant example on GCP”https://riptides.io/on-demand-credentials-secretless-ai-assistant-example-on-gcp/https://riptides.io/on-demand-credentials-secretless-ai-assistant-example-on-gcp/Mon, 22 Sep 2025 15:32:00 GMThttps://blog.riptides.io/_astro/thumb.CGpkKtTZ_Z1IagSg.webpNon-human identity federation with external IDPs: a guide for AWS, GCP, and Azurehttps://riptides.io/federating-non-human-identities-with-external-idps-using-id-tokens-in-aws-gcp-and-azure/https://riptides.io/federating-non-human-identities-with-external-idps-using-id-tokens-in-aws-gcp-and-azure/Mon, 07 Jul 2025 10:00:00 GMThttps://blog.riptides.io/_astro/thumb.DsxffTNX_1U1jp6.webpIntroducing libsigv4: AWS SigV4 Signatures in Portable C with Kernel Compatibilityhttps://riptides.io/introducing-libsigv4-aws-sigv4-signatures-in-portable-c-with-kernel-compatibility/https://riptides.io/introducing-libsigv4-aws-sigv4-signatures-in-portable-c-with-kernel-compatibility/Mon, 25 Aug 2025 10:10:00 GMThttps://blog.riptides.io/_astro/libsigv4.B9Yik6hY_FzDnU.webpWhen eBPF Isn’t Enough: Why We Went with a Kernel Modulehttps://riptides.io/when-ebpf-isnt-enough-why-we-went-with-a-kernel-module/https://riptides.io/when-ebpf-isnt-enough-why-we-went-with-a-kernel-module/Mon, 27 Oct 2025 10:52:00 GMThttps://blog.riptides.io/_astro/ebpf-modul.DQnDmB8J_1n2RGN.webpFrom Keys to Handshakes: How Cryptography Powers Riptideshttps://riptides.io/from-keys-to-handshakes-how-cryptography-powers-riptides/https://riptides.io/from-keys-to-handshakes-how-cryptography-powers-riptides/Mon, 08 Sep 2025 10:52:00 GMThttps://blog.riptides.io/_astro/ec-rsa-blog.DdJLLDcD_Z1UAKPM.webpSecretless OCI Authentication with SPIFFE-based workload identityhttps://riptides.io/secretless-oci-authentication-with-spiffe-based-workload-identity/https://riptides.io/secretless-oci-authentication-with-spiffe-based-workload-identity/Mon, 12 Jan 2026 10:00:00 GMThttps://blog.riptides.io/_astro/thumb.-nb-La4x_Zsdsv4.webpOn-the-Wire Credential Injection: Secretless AWS Bedrock Access examplehttps://riptides.io/on-the-wire-credential-injection-secretless-aws-bedrock-access-example/https://riptides.io/on-the-wire-credential-injection-secretless-aws-bedrock-access-example/Mon, 01 Sep 2025 10:00:00 GMThttps://blog.riptides.io/_astro/thumb.DMxzaBVG_Z2amHda.webpSecuring Workloads with Kernel Telemetry and Metricshttps://riptides.io/securing-workloads-with-kernel-telemetry-and-metrics/https://riptides.io/securing-workloads-with-kernel-telemetry-and-metrics/Thu, 07 Aug 2025 11:00:00 GMThttps://blog.riptides.io/_astro/poster.fUBA2xq1_1E65xL.webpFrom Tracepoints to Prometheus: The journey of a kernel event to observability.https://riptides.io/from-tracepoints-to-prometheus-the-journey-of-a-kernel-event-to-observability/https://riptides.io/from-tracepoints-to-prometheus-the-journey-of-a-kernel-event-to-observability/Mon, 21 Jul 2025 10:52:00 GMThttps://blog.riptides.io/_astro/whole_trace.Ds4YON7R_Z13Iffc.webpTesting Linux Kernel Modules with Batshttps://riptides.io/behind-the-scenes-how-we-test-at-riptides/https://riptides.io/behind-the-scenes-how-we-test-at-riptides/Mon, 15 Dec 2025 10:52:00 GMThttps://blog.riptides.io/_astro/how-we-test.D8VQeCKx_Z26k0bW.webpWorkload Identity Without Secrets: a Blueprint for the Post-Credential Erahttps://riptides.io/workload-identity-without-secrets-a-blueprint-for-the-post-credential-era/https://riptides.io/workload-identity-without-secrets-a-blueprint-for-the-post-credential-era/Thu, 25 Sep 2025 11:00:00 GMThttps://blog.riptides.io/_astro/poster.CaLaLyg2_ZtsANb.webpSupercharge Kafka security with Riptideshttps://riptides.io/supercharge-kafka-security-with-riptides/https://riptides.io/supercharge-kafka-security-with-riptides/Mon, 08 Dec 2025 10:10:00 GMThttps://blog.riptides.io/_astro/imageinblog01.CLUAMQ9f_ZLBf5a.webpIntroducing Riptides Conditional Access: Fine-Grained, Time-Aware Security Policieshttps://riptides.io/introducing-riptides-conditional-access-fine-grained-time-aware-security-policies/https://riptides.io/introducing-riptides-conditional-access-fine-grained-time-aware-security-policies/Thu, 27 Nov 2025 10:10:00 GMThttps://blog.riptides.io/_astro/poster.B_ryyoqZ_l7ow3.webpSecretless AI-Powered Development: Secure AWS Credentials for GitHub Copilot in Limahttps://riptides.io/secretless-ai-development-github-copilot-lima/https://riptides.io/secretless-ai-development-github-copilot-lima/Thu, 12 Feb 2026 10:10:00 GMThttps://blog.riptides.io/_astro/copilot-lima-riptides.C95TDHQA_Z2fGU31.webpRiptides: Kernel-Level Identity and Security Reinventedhttps://riptides.io/riptides-kernel-level-identity-and-security-reinvented/https://riptides.io/riptides-kernel-level-identity-and-security-reinvented/Wed, 23 Apr 2025 10:52:00 GMThttps://blog.riptides.io/_astro/kernel-mtls.BagFL020_1RdPP8.webpFrom Breakpoints to Tracepoints: An Introduction to Linux Kernel Tracinghttps://riptides.io/from-breakpoints-to-tracepoints-an-introduction-to-linux-kernel-tracing/https://riptides.io/from-breakpoints-to-tracepoints-an-introduction-to-linux-kernel-tracing/Sat, 03 May 2025 10:52:00 GMThttps://blog.riptides.io/_astro/tracepoint.CFnvWhAY_1K4wx0.webpBuilding Linux Driver at Scale: Our Automated Multi-Distro, Multi-Arch Build Pipelinehttps://riptides.io/building-linux-driver-at-scale-our-automated-multi-distro-multi-arch-build-pipeline/https://riptides.io/building-linux-driver-at-scale-our-automated-multi-distro-multi-arch-build-pipeline/Mon, 28 Jul 2025 10:00:00 GMThttps://blog.riptides.io/_astro/blog-og.D1dYav0Q_Z1QVgPN.webpBeyond the Limits: Scaling Our Kernel Module Build Pipeline Even Furtherhttps://riptides.io/beyond-the-limits-scaling-our-kernel-module-build-pipeline-even-further/https://riptides.io/beyond-the-limits-scaling-our-kernel-module-build-pipeline-even-further/Mon, 20 Oct 2025 10:00:00 GMThttps://blog.riptides.io/_astro/blog-og.leRUbq41_1op6oW.webpSeamless Kernel-Based Non-Human Identity with kTLS and SPIFFEhttps://riptides.io/seamless-kernel-based-non-human-identity-with-ktls-and-spiffe/https://riptides.io/seamless-kernel-based-non-human-identity-with-ktls-and-spiffe/Mon, 02 Jun 2025 10:51:00 GMThttps://blog.riptides.io/_astro/poster.Dpn19JHF_1kAwol.webpRethinking Workload Identity at the Kernel Levelhttps://riptides.io/rethinking-workload-identity-at-the-kernel-level/https://riptides.io/rethinking-workload-identity-at-the-kernel-level/Mon, 14 Jul 2025 11:00:00 GMThttps://blog.riptides.io/_astro/poster.DeLjjtV6_1j3JRC.webpLinux kernel module telemetry: beyond the usual suspectshttps://riptides.io/linux-kernel-module-telemetry-beyond-the-usual-suspects/https://riptides.io/linux-kernel-module-telemetry-beyond-the-usual-suspects/Tue, 10 Jun 2025 10:00:00 GMThttps://blog.riptides.io/_astro/poster.fUBA2xq1_1E65xL.webpMCP: A Quickstart Guidehttps://riptides.io/mcp-a-quickstart-guide/https://riptides.io/mcp-a-quickstart-guide/Sat, 14 Jun 2025 10:51:00 GMThttps://blog.riptides.io/_astro/mcp-blog.DkuqP5pf_2uBdBP.webpSecuring Agentic OAuth Flows with Riptideshttps://riptides.io/mcp-riptides-oauth/https://riptides.io/mcp-riptides-oauth/Wed, 08 Apr 2026 13:00:00 GMThttps://blog.riptides.io/_astro/thumb.DlJikaj4_1HnlKO.webpOur AI Is Helpful. Also Slightly Overprivileged.https://riptides.io/out-ai-is-helpful-also-slightly-overprivileged/https://riptides.io/out-ai-is-helpful-also-slightly-overprivileged/Tue, 10 Mar 2026 10:00:00 GMThttps://blog.riptides.io/_astro/imageinblog.4HAFtl6V_Z1H3IuR.webpSecuring MCP Communication with Riptideshttps://riptides.io/securing-mcp-communication-with-riptides/https://riptides.io/securing-mcp-communication-with-riptides/Mon, 30 Jun 2025 10:51:00 GMThttps://blog.riptides.io/_astro/mcp-with-riptides.B_uIRqwt_Z1mY0py.webpAnnouncing oci-req-signer-c: A Lightweight C Library for Oracle Cloud Request Signinghttps://riptides.io/announcing-oci-req-signer-c-a-lightweight-c-library-for-oracle-cloud-request-signing/https://riptides.io/announcing-oci-req-signer-c-a-lightweight-c-library-for-oracle-cloud-request-signing/Mon, 03 Nov 2025 10:00:00 GMThttps://blog.riptides.io/_astro/imageinblog.CBSj4LsH_Z2lduFF.webpThe Quantum Threat to Workload Identity — And Why It Starts Todayhttps://riptides.io/the-quantum-threat-to-workload-identity-and-why-it-starts-today/https://riptides.io/the-quantum-threat-to-workload-identity-and-why-it-starts-today/Wed, 22 Apr 2026 07:15:00 GMThttps://blog.riptides.io/_astro/poster.C0kwxcgC_ZoAgtt.webpWhen Remote Code Execution Isn’t the End — Designing for Containmenthttps://riptides.io/when-remote-code-execution-isnt-the-end---designing-for-containment/https://riptides.io/when-remote-code-execution-isnt-the-end---designing-for-containment/Tue, 06 Jan 2026 11:52:00 GMThttps://blog.riptides.io/_astro/riptides-intro-blogimage.D0c7QgIS_11Fw6L.webpZero-Touch Secrets: On-The-Wire Injection of Vault-Sourced Credentialshttps://riptides.io/vault-credentials-on-the-wire-riptides/https://riptides.io/vault-credentials-on-the-wire-riptides/Mon, 02 Feb 2026 08:00:00 GMThttps://blog.riptides.io/_astro/imageinblog.D1a2Kx5t_Z14QHXi.webpReflections from Identiverse: Why Security Needs Operational Efficiencyhttps://riptides.io/reflections-from-identiverse-why-security-needs-operational-efficiency/https://riptides.io/reflections-from-identiverse-why-security-needs-operational-efficiency/Mon, 09 Jun 2025 11:00:00 GMThttps://blog.riptides.io/_astro/poster.DeLjjtV6_1j3JRC.webpFederation is easy. Runtime enforcement is hard.https://riptides.io/federation-is-easy-runtime-enforcement-is-hard/https://riptides.io/federation-is-easy-runtime-enforcement-is-hard/Mon, 02 Mar 2026 10:00:00 GMThttps://blog.riptides.io/_astro/imageinblog.BZyLtPCm_Z1BlkvY.webpWhy Riptides Embraces SPIFFE But Not SPIREhttps://riptides.io/why-riptides-embraces-spiffe-but-not-spire/https://riptides.io/why-riptides-embraces-spiffe-but-not-spire/Wed, 22 Oct 2025 11:00:00 GMThttps://blog.riptides.io/_astro/poster.Cqv6Dk49_1SeuEz.webpFrom Tracepoints to Metrics: A journey from kernel to user-spacehttps://riptides.io/from-tracepoints-to-metrics-a-journey-from-kernel-to-user-space/https://riptides.io/from-tracepoints-to-metrics-a-journey-from-kernel-to-user-space/Mon, 26 May 2025 10:52:00 GMThttps://blog.riptides.io/_astro/metrics.DVoBP_Z6_Z1HgE0w.webpWhy Cloud-Native Federation Isn’t Enough for Non-Human Identities in AWS, GCP, and Azurehttps://riptides.io/why-cloud-native-federation-isnt-enough-for-non-human-identities-in-aws-gcp-and-azure/https://riptides.io/why-cloud-native-federation-isnt-enough-for-non-human-identities-in-aws-gcp-and-azure/Mon, 11 Aug 2025 10:00:00 GMThttps://blog.riptides.io/_astro/riptides-nhi-federation.CkbDrtuH_kPK2L.webpRiptides is heading to Identiverse 2025!https://riptides.io/riptides-is-heading-to-identiverse-2025/https://riptides.io/riptides-is-heading-to-identiverse-2025/Thu, 29 May 2025 09:00:00 GMThttps://blog.riptides.io/_astro/poster.B4zkkQhe_ZSi3L0.webpPractical Linux Kernel Debugging: From pr_debug() to KASAN/KFENCEhttps://riptides.io/practical-linux-kernel-debugging-from-pr-debug-to-kasan-kfence/https://riptides.io/practical-linux-kernel-debugging-from-pr-debug-to-kasan-kfence/Mon, 18 Aug 2025 17:10:00 GMThttps://blog.riptides.io/_astro/kernel-debug.D5Tcd-OM_Z1MUt10.webpSupplying short-lived OpenAI API keys to AI agents with Riptideshttps://riptides.io/ritptides-openai-apikeys/https://riptides.io/ritptides-openai-apikeys/Mon, 26 Jan 2026 10:00:00 GMThttps://blog.riptides.io/_astro/imageinblog.CjfLGJMN_jzvHO.webpThe Riptides Vision: Identity-First Infrastructurehttps://riptides.io/the-riptides-vision-identity-first-infrastructure/https://riptides.io/the-riptides-vision-identity-first-infrastructure/Wed, 23 Apr 2025 11:00:00 GMThttps://blog.riptides.io/_astro/poster.BTORi9gZ_2oFVWS.webpFrom Build to Root Cause: How Riptides Debugs Its Kernel Module in Real Clustershttps://riptides.io/from-build-to-root-cause-how-riptides-debugs-its-kernel-module-in-real-clusters/https://riptides.io/from-build-to-root-cause-how-riptides-debugs-its-kernel-module-in-real-clusters/Mon, 24 Nov 2025 10:00:00 GMThttps://blog.riptides.io/_astro/run-on-debug.BYxra87G_ZOIUO8.webpThe Hidden Risk in Service Mesh mTLS: When Your Sidecar Becomes a Trojan Horsehttps://riptides.io/the-hidden-risk-in-service-mesh-mtls-when-your-sidecar-becomes-a-trojan-horse/https://riptides.io/the-hidden-risk-in-service-mesh-mtls-when-your-sidecar-becomes-a-trojan-horse/Mon, 04 Aug 2025 09:00:00 GMThttps://blog.riptides.io/_astro/poster.BBoauuXN_Z25SRP7.webpShai-Hulud and the Secret Hunters: How npm Installs Turn into Intrusionshttps://riptides.io/shai-halud-and-the-secret-hunters-how-npm-installs-turn-into-intrusions/https://riptides.io/shai-halud-and-the-secret-hunters-how-npm-installs-turn-into-intrusions/Thu, 18 Sep 2025 11:00:00 GMThttps://blog.riptides.io/_astro/poster.BawS17CC_ZQoAFM.webpShai-Hulud 2.0: A Technical Breakdown and Why Secrets Need to Diehttps://riptides.io/shai-hulud-2-0-a-technical-breakdown-and-why-secrets-need-to-die/https://riptides.io/shai-hulud-2-0-a-technical-breakdown-and-why-secrets-need-to-die/Wed, 26 Nov 2025 11:00:00 GMThttps://blog.riptides.io/_astro/poster.Bsv6j9Xl_26QOMY.webpIntroduction to SPIFFE: Secure Identity for Workloadshttps://riptides.io/introduction-to-spiffe-secure-identity-for-workloads/https://riptides.io/introduction-to-spiffe-secure-identity-for-workloads/Wed, 23 Apr 2025 11:00:00 GMThttps://blog.riptides.io/_astro/poster.DTIU1BVK_ZTqCBO.webpSPIFFE Identity Federation: Extending Trust Across Boundarieshttps://riptides.io/spiffe-identity-federation-extending-trust-across-boundaries/https://riptides.io/spiffe-identity-federation-extending-trust-across-boundaries/Mon, 09 Feb 2026 10:00:00 GMThttps://blog.riptides.io/_astro/poster.DvaF_zK__Z1fXHt7.webpSPIFFE Meets OAuth2: Current landspace for Secure Workload Identity in the Agentic AI Erahttps://riptides.io/spiffe-meets-oauth2-current-landscape-for-secure-workload-identity-in-the-agentic-ai-era/https://riptides.io/spiffe-meets-oauth2-current-landscape-for-secure-workload-identity-in-the-agentic-ai-era/Mon, 15 Sep 2025 09:00:00 GMThttps://blog.riptides.io/_astro/poster.BTORi9gZ_2oFVWS.webpBringing SPIFFE to OAuth for MCP: Secure Identity for Agentic Workloadshttps://riptides.io/bringing-spiffe-to-oauth-for-mcp-secure-identity-for-agentic-workloads/https://riptides.io/bringing-spiffe-to-oauth-for-mcp-secure-identity-for-agentic-workloads/Mon, 17 Nov 2025 00:00:00 GMThttps://blog.riptides.io/_astro/integration.BVVxlCo__1pNBWS.webpSharePoint Under Siege: Lateral Movement Is Still Security’s Blind Spothttps://riptides.io/sharepoint-under-siege-lateral-movement-is-still-securitys-blind-spot/https://riptides.io/sharepoint-under-siege-lateral-movement-is-still-securitys-blind-spot/Thu, 24 Jul 2025 11:00:00 GMThttps://blog.riptides.io/_astro/poster.Cqv6Dk49_1SeuEz.webpGrowing Threat of npm Supply Chain Attacks and the Runtime Fix That Stops Ithttps://riptides.io/growing-threat-of-npm-supply-chain-attacks/https://riptides.io/growing-threat-of-npm-supply-chain-attacks/Mon, 03 Nov 2025 10:00:00 GMThttps://blog.riptides.io/_astro/3-demo-riptides-connections2.CVgMDJo9_1DyRiV.webpThe 200-Day TLS Era Has Begun — Is Your Infrastructure Ready?https://riptides.io/the-200-day-tls-era/https://riptides.io/the-200-day-tls-era/Tue, 17 Mar 2026 10:10:00 GMThttps://blog.riptides.io/_astro/imageinblog.gSpVgfAW_CChmN.webpUpgrading Riptides to TLS 1.3: Forward Secrecy and a Path to Post-Quantum mTLShttps://riptides.io/tls-13-for-internal-connections/https://riptides.io/tls-13-for-internal-connections/Wed, 15 Apr 2026 06:15:00 GMThttps://blog.riptides.io/_astro/imageinblog.WpcolLSl_1lyJ17.webpSecretless Azure access with tokenex: Federated Identity via User-Assigned Managed Identityhttps://riptides.io/secretless-az-access-with-tokenex/https://riptides.io/secretless-az-access-with-tokenex/Mon, 23 Feb 2026 10:00:00 GMThttps://blog.riptides.io/_astro/imageinblog.C5Kp-M23_yKYgB.webptokenex adds Vault & OpenBao support: Exchanging ID tokens (JWTs) for secrets without static credentialshttps://riptides.io/tokenex-adds-vault-openbao-support-exchanging-id-tokens-jwts-for-secrets-without-static-credentials/https://riptides.io/tokenex-adds-vault-openbao-support-exchanging-id-tokens-jwts-for-secrets-without-static-credentials/Mon, 19 Jan 2026 14:00:00 GMThttps://blog.riptides.io/_astro/imageinblog2.BQ9ob2qS_hVx4T.webpIntroducing tokenex: an open source Go library for fetching and refreshing credentialshttps://riptides.io/introducing-tokenex-an-open-source-go-library-for-fetching-and-refreshing-cloud-credentials/https://riptides.io/introducing-tokenex-an-open-source-go-library-for-fetching-and-refreshing-cloud-credentials/Mon, 29 Sep 2025 10:00:00 GMThttps://blog.riptides.io/_astro/imageinblog.B-7HlQXw_1zh7uh.webpThe Critical Role of Unique Workload Identity in Modern Infrastructurehttps://riptides.io/the-critical-role-of-unique-workload-identity-in-modern-infrastructure/https://riptides.io/the-critical-role-of-unique-workload-identity-in-modern-infrastructure/Wed, 07 May 2025 09:00:00 GMThttps://blog.riptides.io/_astro/681cc1ba9e1c87678c6867c7_thumb.C9N-qMrj_1DDxfv.webpWorkload Attestation and Metadata Gathering: Building Trust from the Ground Uphttps://riptides.io/workload-attestation-and-metadata-gathering-building-trust-from-the-ground-up/https://riptides.io/workload-attestation-and-metadata-gathering-building-trust-from-the-ground-up/Mon, 13 Oct 2025 11:00:00 GMThttps://blog.riptides.io/_astro/68ecc25b5af2aeb52e384805.DtATAL6D_Z1t4qOr.webpX.509 Certificates in the Age of SPIFFE and Zero Trusthttps://riptides.io/x-509-certificates-in-the-age-of-spiffe-and-zero-trust/https://riptides.io/x-509-certificates-in-the-age-of-spiffe-and-zero-trust/Mon, 23 Jun 2025 09:00:00 GMThttps://blog.riptides.io/_astro/poster.DI8SP6P-_pnOXg.webpZero Trust: From Perimeter to Kernel — How Riptides Pushes the Boundaryhttps://riptides.io/zero-trust-from-perimeter-to-kernel---how-riptides-pushes-the-boundary/https://riptides.io/zero-trust-from-perimeter-to-kernel---how-riptides-pushes-the-boundary/Thu, 09 Oct 2025 11:00:00 GMThttps://blog.riptides.io/_astro/poster.BULerc7X_5zohx.webpFrom Kernel WASM to User-Space Policy Evaluation: Lessons Learned at Riptideshttps://riptides.io/from-kernel-wasm-to-user-space-policy-evaluation-lessons-learned-at-riptides/https://riptides.io/from-kernel-wasm-to-user-space-policy-evaluation-lessons-learned-at-riptides/Mon, 06 Oct 2025 10:52:00 GMThttps://blog.riptides.io/_astro/poster.DfXBBxYA_Z276FOW.webp