@riptidesio profile picture
Riptides @riptidesio

Riptides is a comprehensive solution for securing workload-to-workload communication, with identity as its foundation.

Joined March 2025
  • Tweets 34
  • Following 109
  • Followers 29
Photos and videos
Unified TUI for inventory, health-check, and track every API key issued across your AI providers. riptides.io/blog/keyledger-a…

Introducing KeyLedger: Because You Probably Don't Know How Many AI Keys Your Org Has | Riptides

Most organizations have no idea how many AI API keys they've issued across OpenAI, Anthropic, Google Cloud, and AWS, let alone which ones are stale, orphaned, or exposed. KeyLedger is a new open...

riptides.io
2
2
25
AI agents are becoming incredibly helpful. They also tend to hold credentials that unlock far more than they should. Utility is rising. So is overprivilege. blog.riptides.io/out-ai-is-h…

Our AI Is Helpful. Also Slightly Overprivileged. | Riptides

MCP makes AI assistants genuinely useful by connecting them to real systems. But once agents start acting through MCP servers, a new question appears quietly in the background: who is actually...

riptides.io
4
4
78
Why manage secrets when you can exchange identities? Discover how our open-source tokenex library simplifies secretless Azure access by turning external identity into short-lived, native cloud credentials for a more secure and scalable architecture. blog.riptides.io/secretless-…

Secretless Azure access with tokenex: Federated Identity via User-Assigned Managed Identity |...

Why manage secrets when you can exchange identities? Discover how the open-source tokenex library simplifies secretless Azure access by turning external identity assertions into short-lived, native...

riptides.io
1
1
32
Federation is rarely the first problem teams solve with workload identity. It shows up once systems cross trust domains and assumptions about trust start to break. An introduction to SPIFFE identity federation. blog.riptides.io/spiffe-iden…

SPIFFE Identity Federation: Extending Trust Across Boundaries | Riptides

SPIFFE identity federation allows independent trust domains to verify each other’s workload identities without sharing private keys or centralizing control. By exchanging trust bundles instead of...

riptides.io
24
Secrets should not exist at rest. Riptides delivers Vault/OpenBao credentials only when a workload actually makes a request. Nothing to preload, nothing to rotate in apps, nothing to leak or left behind. blog.riptides.io/vault-crede…

Zero-Touch Secrets: On-The-Wire Injection of Vault-Sourced Credentials | Riptides

Riptides now enables full secretless access by injecting Vault/OpenBao credentials directly into outbound requests from kernel space. By ensuring API keys never enter user space, organizations can...

riptides.io
2
2
64
Stop using static OpenAI API keys in AI agents. Identity first. Kernel enforced. Zero embedded secrets. blog.riptides.io/ritptides-o…
4
3
87
The open-source tokenex library now supports HashiCorp Vault and OpenBao, allowing you to exchange OIDC JWTs for secrets just-in-time. It's a unified workflow for cloud IAM and infrastructure secrets, no static tokens or manual distribution required. riptides.io/blog-post/tokene…

tokenex adds Vault & OpenBao support: Exchanging ID tokens (JWTs) for secrets without static...

Vault and OpenBao become first-class citizens in tokenex’s identity-driven workflow, unifying access to cloud credentials and application secrets, without static Vault tokens, long-lived credentials,...

riptides.io
5
5
179
Authenticate to #OCI without storing or handling secrets. This post shows how SPIFFE-based workload identities and on-the-wire credential injection enable applications to authenticate without stored secrets. riptides.io/blog-post/secret…

Secretless OCI Authentication with SPIFFE-based workload identity | Riptides

Riptides brings secretless, on-the-wire credential injection to non-human clients. Instead of storing long-lived credentials, workloads receive short-lived credentials dynamically and transparently...

riptides.io
1
1
67
Remote Code Execution is inevitable in complex systems, but what defines the severity of an incident is post-exploit containment. riptides.io/blog-post/when-r…

When Remote Code Execution Isn’t the End — Designing for Containment | Riptides

Remote Code Execution is inevitable in complex systems — what matters is whether it leads to lateral movement. By enforcing identity at the process level and securing internal communication with...

riptides.io
1
2
27
Riptides@riptidesio
15 Dec 2025
Testing Linux Kernel Modules with Bats riptides.io/blog-post/behind…
4
4
95
Riptides@riptidesio
8 Dec 2025
Riptides brings identity-first, zero-trust security to Kafka without requiring any code or configuration changes. We transparently upgrade every connection to mTLS and eliminate secret sprawl, keystores, and operational overhead, all at the kernel layer. riptides.io/blog-post/superc…
3
3
41
Riptides@riptidesio
1 Dec 2025
Riptides’ Conditional Access delivers time-aware, fine-grained policies that enforce least-privilege access, revoke credentials after use, and enable safe break-glass workflows, with zero changes to your application code. riptides.io/blog-post/introd…
4
4
69
Riptides@riptidesio
24 Nov 2025
How do you debug a kernel module under real workloads, real traffic, and real Kubernetes scheduling quirks and do it repeatedly without guessing? riptides.io/blog-post/from-b…

From Build to Root Cause: How Riptides Debugs Its Kernel Module in Real Clusters | Riptides

At Riptides, SPIFFE-based identities and encrypted communication start in the kernel. When your trust fabric lives that deep, fast builds and full test coverage aren't optional, they're essential. In...

riptides.io
4
4
40
Riptides@riptidesio
17 Nov 2025
SPIFFE-backed OAuth is emerging as a strong fit for the MCP ecosystem, enabling AI agents to self-authenticate without secrets and laying the foundation for a secure, identity-first model. riptides.io/blog-post/bringi… #AI #AIAgent #MCP

Bringing SPIFFE to OAuth for MCP: Secure Identity for Agentic Workloads | Riptides

Built on emerging OAuth RFC drafts and using SPIFFE based identities, workloads in an MCP environment can authenticate and obtain tokens without client secrets. This approach enables self-registeri...

riptides.io
1
37
Riptides@riptidesio
13 Oct 2025
Every SPIFFE ID, certificate, and mTLS handshake at Riptides originates in the Linux kernel and starts with one question: can we prove who this workload is? This post explores how process-level evidence builds verifiable trust. riptides.io/blog-post/worklo…

Workload Attestation and Metadata Gathering: Building Trust from the Ground Up | Riptides

Every SPIFFE ID, certificate, and mTLS handshake at Riptides originates in the Linux kernel and begins with a single question: can we prove who this workload really is? This post explores how...

riptides.io
1
3
71
Riptides@riptidesio
6 Oct 2025
We ran WebAssembly inside the Linux kernel to evaluate Open Policy Agent policies in real-time. It was fast. It was elegant. It was... a nightmare to maintain. Here's what we learned moving from kernel-space WASM to user-space policy evaluation. riptides.io/blog-post/from-k…

From Kernel WASM to User-Space Policy Evaluation: Lessons Learned at Riptides | Riptides

At Riptides, we issue identities directly to workloads in the kernel and use OPA policies to secure and orchestrate their communication. These policies govern socket connections in real time,...

riptides.io
4
4
71
Riptides@riptidesio
15 Sep 2025
OAuth2 solved human consent. Now it must evolve for workloads and AI agents. In our new post we explore how SPIFFE emerging OAuth2 standards enable secure workload identity. riptides.io/blog-post/spiffe… #OAuth2 #SPIFFE #WorkloadIdentity #AgenticAI #security

SPIFFE Meets OAuth2: Current landspace for Secure Workload Identity in the Agentic AI Era | Riptides

OAuth2 is evolving beyond human consent into a universal model for secure workload identity. Learn how SPIFFE and emerging OAuth2 standards form the foundation for safe, auditable agentic AI.

riptides.io
2
2
50
Riptides@riptidesio
8 Sep 2025
Riptides anchors non-human identity in the kernel with SPIFFE, kTLS & in-kernel mTLS handshakes, merging identity and encrypted communication seamlessly. Cryptography is the foundation that makes it all possible. riptides.io/blog-post/from-k… #Security #Cryptography

From Keys to Handshakes: How Cryptography Powers Riptides | Riptides

In this blog post, we take a closer look at the cryptography that powers Riptides, the non-human identity fabric for workloads and AI agents. We break down the fundamentals of symmetric and asymmet...

riptides.io
1
43
Riptides@riptidesio
1 Sep 2025
Riptides delivers credentials straight into the request stream. No app changes, no secret handling. AWS, GCP, Azure, or OAuth2 tokens, secure invocation is seamless. riptides.io/blog-post/on-the… #security #NHI #devops #secops

On-the-Wire Credential Injection: Secretless AWS Bedrock Access example | Riptides

Riptides brings secretless, on-the-wire credential injection to non-human clients. Instead of storing long-lived credentials, workloads receive short-lived credentials dynamically and transparently...

riptides.io
2
2
46
Riptides@riptidesio
25 Aug 2025
We’ve open sourced libsigv4, a lightweight C library for AWS SigV4 signatures. It runs inside the Linux kernel to transparently sign outgoing requests. No app changes, no secret leaks, just secure AWS integration. riptides.io/blog-post/introd… #kernel #aws #security

Introducing libsigv4: AWS SigV4 Signatures in Portable C with Kernel Compatibility | Riptides

We’ve released libsigv4, a lightweight and portable C implementation of AWS SigV4 signatures, built for kernel-based and embedded environments. It requires zero allocations, supports pluggable crypto...

riptides.io
1
2
94
Load more