~ / directory / spiffe
SP
Mixed · Identity & AppSec · reviewed 2026-04

SPIFFE

Secure Production Identity Framework.

Visit spiffe.io
01

What it does

The Secure Production Identity Framework for Everyone — an open standard for workload identity in cloud-native and AI infrastructure. SPIRE (the SPIFFE Runtime Environment) provides the production implementation for issuing and managing workload identities.

02

Security relevance

SPIFFE provides cryptographic workload identity without static credentials. Every workload — including AI model serving instances, data pipelines, and agent processes — gets a verifiable identity (SVID) that enables mutual TLS and fine-grained authorisation. This is the foundation for zero-trust AI infrastructure.

03

When to use it

Implement when building zero-trust infrastructure for AI workloads. Requires deploying SPIRE servers, registering workloads, configuring PKI, and integrating with your service mesh. Expert-level infrastructure work but the open-standard approach avoids vendor lock-in.

04

OWASP coverage

Risks addressed — mapped to both OWASP Top 10 standards. 1 in LLM, 2 in Agentic.

LLM Top 10 · 2025 · 1/10 covered
01
02
03
04
05
06
07
08
09
10
LLM08 · Vector & Embedding Weaknesses
Agentic Top 10 · 2026 · 2/10 covered
01
02
03
04
05
06
07
08
09
10
ASI03 · Identity & Privilege Abuse ASI07 · Insecure Inter-Agent Communication
05

The raw record

What Yuntona stores. Single source of truth — fork it on GitHub.

name: SPIFFE
slug: spiffe
type: Mixed
category: Identity & AppSec
url: https://spiffe.io

reviewed:   2026-04
added:      2026-04
updated:    2026-04

risks:
  llm:  [LLM08]
  asi:  [ASI03, ASI07]

complexity:    Expert Required
pricing:       —
audience:      Builder
lifecycle:     [deploy]

tags: [Identity, Open Source, Standard]