Skip to main content

Module 15: AI Infrastructure Security Slides

Slide walkthrough for Module 15 of Cloud Native Security Engineering: Securing Kubernetes, Workloads, APIs & Zero Trust Systems: Securing AI agents, LLM...

This slide page is the visual review companion for the full course module. Use it to recap the architecture, examples, exercises, production warnings, and takeaways after reading the lesson.

Slide Outline

  1. AI Infrastructure Security - Securing AI agents, LLM endpoints, MCP servers, vector databases, and inference pipelines
  2. Learning Objectives - 4 outcomes for this module
  3. Why This Module Matters - AI infrastructure is the next frontier for security engineering. As AI agents become more autonomous, the blast radius o
  4. Before vs After - The operational shift this module teaches
  5. The AI Security Problem - Lesson section from the full module
  6. SPIFFE for AI Agents - Lesson section from the full module
  7. Securing MCP Servers - Lesson section from the full module
  8. Vector Database Access Control - Lesson section from the full module
  9. Real-World Use Cases - AI agent identity for autonomous systems, Securing MCP server access with workload identity
  10. Hands-On Labs - 2 hands-on labs
  11. Key Takeaways - 5 points to remember

Learning Objectives

  • Understand AI infrastructure threat landscape
  • Implement workload identity for AI agents
  • Secure MCP servers and vector databases with mTLS
  • Design identity-aware AI access control policies

Why This Module Matters

AI infrastructure is the next frontier for security engineering. As AI agents become more autonomous, the blast radius of a compromised agent grows. Engineers who understand workload identity for AI systems today are positioning themselves for the most in-demand security roles of tomorrow.

Key Takeaways

  • AI agents are workloads — they need cryptographic identity, not shared API keys
  • SPIFFE secures agent-to-LLM, agent-to-tool, and agent-to-database communication
  • MCP servers should verify agent identity before granting tool access
  • OPA policies enable fine-grained AI access control (read vs write, model access by agent role)
  • The zero trust skills from earlier modules apply directly to AI infrastructure

Hands-On Labs

  1. Secure AI Agent Communication

    Deploy AI agents with SPIFFE identities and OPA policies.

    35 min - Advanced

    • Deploy simulated AI agent with SPIFFE identity
    • Deploy LLM mock service with SPIFFE identity
    • Configure mTLS between agent and LLM
    • Add OPA policy: only authorized agents can invoke the LLM

    View lab files on GitHub

  2. Identity-Aware AI API Access

    Restrict AI service access based on agent identity.

    30 min - Advanced

    • Register multiple AI agents with different SPIFFE IDs
    • Create OPA policies: support agent = read-only, training pipeline = full access
    • Test enforcement with different agent identities
    • Audit access logs with verified SPIFFE IDs

    View lab files on GitHub

Read the full module | Back to course curriculum