Riptides

AI agents are becoming incredibly helpful. They also tend to hold credentials that unlock far more than they should. Utility is rising. So is overprivilege. blog.riptides.io/out-ai-is-help…

Why manage secrets when you can exchange identities? Discover how our open-source tokenex library simplifies secretless Azure access by turning external identity into short-lived, native cloud credentials for a more secure and scalable architecture. blog.riptides.io/secretless-az-…

Federation is rarely the first problem teams solve with workload identity. It shows up once systems cross trust domains and assumptions about trust start to break. An introduction to SPIFFE identity federation. blog.riptides.io/spiffe-identit…

Secrets should not exist at rest. Riptides delivers Vault/OpenBao credentials only when a workload actually makes a request. Nothing to preload, nothing to rotate in apps, nothing to leak or left behind. blog.riptides.io/vault-credenti…

Stop using static OpenAI API keys in AI agents. Identity first. Kernel enforced. Zero embedded secrets. blog.riptides.io/ritptides-open…

The open-source tokenex library now supports HashiCorp Vault and OpenBao, allowing you to exchange OIDC JWTs for secrets just-in-time. It's a unified workflow for cloud IAM and infrastructure secrets, no static tokens or manual distribution required. riptides.io/blog-post/toke…

Authenticate to #OCI without storing or handling secrets. This post shows how SPIFFE-based workload identities and on-the-wire credential injection enable applications to authenticate without stored secrets. riptides.io/blog-post/secr…

Remote Code Execution is inevitable in complex systems, but what defines the severity of an incident is post-exploit containment. riptides.io/blog-post/when…

Testing Linux Kernel Modules with Bats riptides.io/blog-post/behi…

Riptides brings identity-first, zero-trust security to Kafka without requiring any code or configuration changes. We transparently upgrade every connection to mTLS and eliminate secret sprawl, keystores, and operational overhead, all at the kernel layer. riptides.io/blog-post/supe…

Riptides’ Conditional Access delivers time-aware, fine-grained policies that enforce least-privilege access, revoke credentials after use, and enable safe break-glass workflows, with zero changes to your application code. riptides.io/blog-post/intr…

How do you debug a kernel module under real workloads, real traffic, and real Kubernetes scheduling quirks and do it repeatedly without guessing? riptides.io/blog-post/from…

SPIFFE-backed OAuth is emerging as a strong fit for the MCP ecosystem, enabling AI agents to self-authenticate without secrets and laying the foundation for a secure, identity-first model. riptides.io/blog-post/brin… #AI #AIAgent #MCP

Every SPIFFE ID, certificate, and mTLS handshake at Riptides originates in the Linux kernel and starts with one question: can we prove who this workload is? This post explores how process-level evidence builds verifiable trust. riptides.io/blog-post/work…

We ran WebAssembly inside the Linux kernel to evaluate Open Policy Agent policies in real-time. It was fast. It was elegant. It was... a nightmare to maintain. Here's what we learned moving from kernel-space WASM to user-space policy evaluation. riptides.io/blog-post/from…

OAuth2 solved human consent. Now it must evolve for workloads and AI agents. In our new post we explore how SPIFFE + emerging OAuth2 standards enable secure workload identity. riptides.io/blog-post/spif… #OAuth2 #SPIFFE #WorkloadIdentity #AgenticAI #security

Riptides anchors non-human identity in the kernel with SPIFFE, kTLS & in-kernel mTLS handshakes, merging identity and encrypted communication seamlessly. Cryptography is the foundation that makes it all possible. riptides.io/blog-post/from… #Security #Cryptography

Riptides delivers credentials straight into the request stream. No app changes, no secret handling. AWS, GCP, Azure, or OAuth2 tokens, secure invocation is seamless. riptides.io/blog-post/on-t… #security #NHI #devops #secops

We’ve open sourced libsigv4, a lightweight C library for AWS SigV4 signatures. It runs inside the Linux kernel to transparently sign outgoing requests. No app changes, no secret leaks, just secure AWS integration. riptides.io/blog-post/intr… #kernel #aws #security

Current identity federation isn't workload-aware, lacks granularity, and falls short of true zero trust. For modern-day security, you need fine-grained, SPIFFE-based secure identities, ephemeral credentials, and seamless multi-cloud integration. riptides.io/blog-post/why-…