Skip to main content

Module 15: AI Infrastructure & Future Systems

MCP architecture, AI runtime systems, agent platforms, and workload identity for AI

3 hours. 2 hands-on labs. Free course module.

Learning Objectives

  • Understand MCP (Model Context Protocol) architecture
  • Design AI runtime systems for production
  • Secure AI agents with workload identity (SPIFFE)
  • Build future-proof AI infrastructure

Why This Matters

AI infrastructure is the fastest-evolving area of platform engineering. Engineers who understand how to secure, deploy, and operate AI systems — not just build chatbots — are positioned for the most in-demand roles in the industry.

AI INFRASTRUCTURE: MCP + IDENTITY + SECURITYAI AgentSPIFFE identityMCP Servertools + dataLLM Serviceinference APIVector DBknowledgeOPApolicymTLSEvery connection secured with mTLS. Every access controlled by OPA policy.This connects to the Mastering SPIFFE/SPIRE and Cloud Native Security courses.
Architecture diagram for Module 15: AI Infrastructure & Future Systems.

Lesson Content

AI infrastructure is evolving rapidly. MCP (Model Context Protocol) standardizes how agents access tools and data. Workload identity (SPIFFE) gives agents cryptographic credentials. OPA policies control what agents can access. This module connects RAG engineering with infrastructure security.

MCP: Model Context Protocol

MCP provides a standard protocol for AI agents to access external tools, data sources, and resources. Instead of building custom integrations for each tool, agents speak MCP to any MCP-compatible server.

AI Agent Identity

In production, AI agents need identity just like microservices. Who is this agent? What is it allowed to access? SPIFFE provides cryptographic identity for agents. OPA policies control access per agent role.

Building Future-Proof AI Infrastructure

  • Separation of concerns: Retrieval, generation, and tool execution as separate services
  • Identity-first: Every agent and service has cryptographic identity
  • Observable: Every request traced, every token counted, every access audited
  • Secure by default: mTLS between services, OPA at decision points

Key Terms

MCP
Model Context Protocol — standard for AI agent-tool communication
AI Runtime
Infrastructure for running AI agents and models in production
Agent Identity
Cryptographic identity for AI agents (via SPIFFE/SPIRE)

Hands-On Labs

  1. MCP Server Integration

    Connect your RAG system to MCP servers for tool access.

    35 min - Advanced

    • Build a simple MCP server exposing document search
    • Connect an AI agent to the MCP server
    • Test tool discovery and execution
    • Add authentication between agent and server

    View lab files on GitHub

  2. Secure AI Agents with Identity

    Give AI agents SPIFFE identity and OPA policies.

    35 min - Advanced

    • Deploy SPIRE and register AI agent workloads
    • Configure mTLS between agent and services
    • Add OPA policy controlling per-agent access
    • Audit agent tool usage with verified identity

    View lab files on GitHub

Key Takeaways

  • MCP standardizes how agents access tools — like HTTP for AI-tool communication
  • AI agents need cryptographic identity (SPIFFE) not shared API keys
  • OPA policies control what each agent can access based on its identity
  • Production AI infrastructure needs: identity + encryption + authorization + observability
  • These concepts connect directly to SPIFFE/SPIRE and Cloud Native Security courses