Riptides is a runtime identity enforcement platform for non-human identities (NHI), designed to secure workload-to-workload communication, services, and AI agents without requiring application code changes. Core Concept: - Replaces static secrets and credentials with short-lived, cryptographic workload identities - Enforces access control at the kernel level, independent of application logic and network stack - Implements the SPIFFE standard for identity issuance and federation Identity & Access Control: - Issues and rotates short-lived identities automatically to workloads and AI agents - Ties access policies to identities rather than IP addresses or network zones - Enforces mutual TLS (mTLS) transparently without application-level changes - Supports federated trust across systems using SPIFFE trust domains AI Agent Security: - Issues verifiable identities to AI agents - Securely injects third-party API keys (e.g., OpenAI, Grok) at runtime without exposing secrets - Controls agent behavior and blocks unauthorized actions - Logs all agent actions for forensics and compliance Security Features: - Monitors network traffic to detect secrets in transit - Maintains a real-time inventory of non-human credentials - Enforces process-level access control to block malware and lateral movement - Blocks credential replay and privilege escalation post-compromise Deployment: - Integrates with Kubernetes using pod, namespace, and service account metadata - Can run fully on-premises or in a hybrid model - Control plane never stores secrets; all sensitive operations remain within the customer environment - Planned open-source release of the core kernel module