CodersSecret

Module 15 of 16

AI Infrastructure Security

Securing AI agents, LLM endpoints, MCP servers, vector databases, and inference pipelines

3 hours2 labsFree
Watch as Slides Course overview Lab code

Start here

Learning objectives

  • Understand AI infrastructure threat landscape
  • Implement workload identity for AI agents
  • Secure MCP servers and vector databases with mTLS
  • Design identity-aware AI access control policies

Before

  • Shared API keys for all AI agents
  • No distinction between agent roles
  • Unencrypted agent-to-service traffic
  • No audit trail for AI tool access

After

  • Unique SPIFFE identity per AI agent
  • OPA policies per agent role
  • mTLS between agents and services
  • Complete audit trail with verified identity
AI INFRASTRUCTURE SECURITYAI AgentSPIFFE ID: /ai/agentLLM ServiceSPIFFE ID: /ai/llmVector DBSPIFFE ID: /ai/vectordbMCP ServerSPIFFE ID: /ai/mcpAll connections secured with mTLS via SPIFFE SVIDsAI Infrastructure ThreatsUnauthorized model accessPrompt injectionData exfiltration via agentMCP tool abuseVector DB poisoningModel theftAgent impersonationInference endpoint abuseIdentity + authorization prevent most AI infrastructure attacks

AI infrastructure introduces new attack surfaces. AI agents make autonomous decisions and call external tools. LLM endpoints are expensive — unauthorized access costs real money. Vector databases contain sensitive embeddings. MCP servers expose powerful capabilities. All of these need the same workload identity and authorization that traditional microservices require.

The AI Security Problem

Most AI infrastructure today uses shared API keys. One key for all agents accessing the LLM. One key for the vector database. No distinction between a customer support agent and a code review agent. If one key leaks, all AI capabilities are compromised.

SPIFFE for AI Agents

Each AI agent gets its own SPIFFE ID. OPA policies control which agents can access which models, tools, and databases. Every interaction is authenticated and auditable.

# AI Agent SPIFFE IDs:
spiffe://ai.company.org/agent/customer-support/v2
spiffe://ai.company.org/agent/code-review/v1
spiffe://ai.company.org/pipeline/training/job-abc

# OPA Policy: customer-support can query LLM but not train models
allow {
  input.source == "spiffe://ai.company.org/agent/customer-support/v2"
  input.target == "spiffe://ai.company.org/service/llm-proxy"
  input.method == "POST"
  input.path == "/v1/chat/completions"
}

Securing MCP Servers

Model Context Protocol (MCP) servers give AI agents access to tools — file systems, databases, APIs. Without identity, any process can call MCP tools. With SPIFFE, only verified agents can access specific MCP servers based on their identity and OPA policies.

Vector Database Access Control

Vector databases store embeddings of sensitive documents. mTLS with SPIFFE ensures only authorized services can query or write to the vector database. OPA policies can further restrict: read-only for query agents, write access only for training pipelines.

Real world

Where this shows up

  • AI agent identity for autonomous systems
  • Securing MCP server access with workload identity
  • Vector database access control with mTLS
  • LLM endpoint cost protection via identity-based rate limiting

Key terms

Vocabulary used in this module

MCP

Model Context Protocol — standard for AI agents to access tools and data

Vector Database

Database optimized for storing and searching high-dimensional embeddings

LLM

Large Language Model — AI model for text generation and reasoning

AI Agent

Autonomous AI system that makes decisions and takes actions

Labs

Hands-on labs

35 minAdvanced

Secure AI Agent Communication

Deploy AI agents with SPIFFE identities and OPA policies.

  1. Deploy simulated AI agent with SPIFFE identity
  2. Deploy LLM mock service with SPIFFE identity
  3. Configure mTLS between agent and LLM
  4. Add OPA policy: only authorized agents can invoke the LLM
View lab on GitHub
30 minAdvanced

Identity-Aware AI API Access

Restrict AI service access based on agent identity.

  1. Register multiple AI agents with different SPIFFE IDs
  2. Create OPA policies: support agent = read-only, training pipeline = full access
  3. Test enforcement with different agent identities
  4. Audit access logs with verified SPIFFE IDs
View lab on GitHub

Recap

Key takeaways

  • AI agents are workloads — they need cryptographic identity, not shared API keys
  • SPIFFE secures agent-to-LLM, agent-to-tool, and agent-to-database communication
  • MCP servers should verify agent identity before granting tool access
  • OPA policies enable fine-grained AI access control (read vs write, model access by agent role)
  • The zero trust skills from earlier modules apply directly to AI infrastructure

Related resources

Keep learning across CodersSecret

Related guides

Read practical engineering walkthroughs that connect this lesson to real systems.

Cheatsheets

Keep command references and production checklists close while you practice.

Interactive labs

Practice infrastructure decisions through short, scenario-driven exercises.

Glossary terms

Build the vocabulary needed to explain architecture clearly in reviews.