Current identity federation isn't workload-aware, lacks granularity, and falls short of true zero trust. For modern-day security, you need fine-grained, SPIFFE-based secure identities, ephemeral credentials, and seamless multi-cloud integration. riptides.io/blog-post/why-…

We’ve open sourced libsigv4, a lightweight C library for AWS SigV4 signatures. It runs inside the Linux kernel to transparently sign outgoing requests. No app changes, no secret leaks, just secure AWS integration. riptides.io/blog-post/intr… #kernel #aws #security

Riptides delivers credentials straight into the request stream. No app changes, no secret handling. AWS, GCP, Azure, or OAuth2 tokens, secure invocation is seamless. riptides.io/blog-post/on-t… #security #NHI #devops #secops

Riptides anchors non-human identity in the kernel with SPIFFE, kTLS & in-kernel mTLS handshakes, merging identity and encrypted communication seamlessly. Cryptography is the foundation that makes it all possible. riptides.io/blog-post/from… #Security #Cryptography

OAuth2 solved human consent. Now it must evolve for workloads and AI agents. In our new post we explore how SPIFFE + emerging OAuth2 standards enable secure workload identity. riptides.io/blog-post/spif… #OAuth2 #SPIFFE #WorkloadIdentity #AgenticAI #security

We ran WebAssembly inside the Linux kernel to evaluate Open Policy Agent policies in real-time. It was fast. It was elegant. It was... a nightmare to maintain. Here's what we learned moving from kernel-space WASM to user-space policy evaluation. riptides.io/blog-post/from…

Every SPIFFE ID, certificate, and mTLS handshake at Riptides originates in the Linux kernel and starts with one question: can we prove who this workload is? This post explores how process-level evidence builds verifiable trust. riptides.io/blog-post/work…

SPIFFE-backed OAuth is emerging as a strong fit for the MCP ecosystem, enabling AI agents to self-authenticate without secrets and laying the foundation for a secure, identity-first model. riptides.io/blog-post/brin… #AI #AIAgent #MCP

How do you debug a kernel module under real workloads, real traffic, and real Kubernetes scheduling quirks and do it repeatedly without guessing? riptides.io/blog-post/from…

Riptides’ Conditional Access delivers time-aware, fine-grained policies that enforce least-privilege access, revoke credentials after use, and enable safe break-glass workflows, with zero changes to your application code. riptides.io/blog-post/intr…

Riptides brings identity-first, zero-trust security to Kafka without requiring any code or configuration changes. We transparently upgrade every connection to mTLS and eliminate secret sprawl, keystores, and operational overhead, all at the kernel layer. riptides.io/blog-post/supe…

Testing Linux Kernel Modules with Bats riptides.io/blog-post/behi…

Remote Code Execution is inevitable in complex systems, but what defines the severity of an incident is post-exploit containment. riptides.io/blog-post/when…

Authenticate to #OCI without storing or handling secrets. This post shows how SPIFFE-based workload identities and on-the-wire credential injection enable applications to authenticate without stored secrets. riptides.io/blog-post/secr…

The open-source tokenex library now supports HashiCorp Vault and OpenBao, allowing you to exchange OIDC JWTs for secrets just-in-time. It's a unified workflow for cloud IAM and infrastructure secrets, no static tokens or manual distribution required. riptides.io/blog-post/toke…

Stop using static OpenAI API keys in AI agents. Identity first. Kernel enforced. Zero embedded secrets. blog.riptides.io/ritptides-open…

Secrets should not exist at rest. Riptides delivers Vault/OpenBao credentials only when a workload actually makes a request. Nothing to preload, nothing to rotate in apps, nothing to leak or left behind. blog.riptides.io/vault-credenti…

Federation is rarely the first problem teams solve with workload identity. It shows up once systems cross trust domains and assumptions about trust start to break. An introduction to SPIFFE identity federation. blog.riptides.io/spiffe-identit…

Why manage secrets when you can exchange identities? Discover how our open-source tokenex library simplifies secretless Azure access by turning external identity into short-lived, native cloud credentials for a more secure and scalable architecture. blog.riptides.io/secretless-az-…

AI agents are becoming incredibly helpful. They also tend to hold credentials that unlock far more than they should. Utility is rising. So is overprivilege. blog.riptides.io/out-ai-is-help…