diff --git a/cmd/tetragon/main.go b/cmd/tetragon/main.go
index b09a3453872..d1d87f8e146 100644
--- a/cmd/tetragon/main.go
+++ b/cmd/tetragon/main.go
@@ -48,6 +48,7 @@ import (
 	"github.com/cilium/tetragon/pkg/reader/namespace"
 	"github.com/cilium/tetragon/pkg/reader/proc"
 	"github.com/cilium/tetragon/pkg/rthooks"
+	"github.com/cilium/tetragon/pkg/runtimesecuritypolicy"
 	"github.com/cilium/tetragon/pkg/sensors/base"
 	"github.com/cilium/tetragon/pkg/sensors/program"
 	"github.com/cilium/tetragon/pkg/server"
@@ -481,6 +482,13 @@ func tetragonExecute() error {
 		}
 	}
 
+	if len(option.Config.RuntimeSecurityPolicy) > 0 {
+		err = addRuntimeSecurityPolicy(ctx, option.Config.RuntimeSecurityPolicy)
+		if err != nil {
+			return err
+		}
+	}
+
 	// k8s should have metrics, so periodically log only in a non k8s
 	if !option.Config.EnableK8s {
 		go logStatus(ctx, obs)
@@ -584,6 +592,25 @@ func loadTpFromDir(ctx context.Context, dir string) error {
 	return err
 }
 
+func addRuntimeSecurityPolicy(ctx context.Context, file string) error {
+	tp, err := runtimesecuritypolicy.FromFileToTracingPolicy(file)
+	if err != nil {
+		return err
+	}
+
+	err = observer.GetSensorManager().AddTracingPolicy(ctx, tp)
+	if err != nil {
+		return err
+	}
+
+	logger.GetLogger().WithFields(logrus.Fields{
+		"RuntimeSecurityPolicy": file,
+		"metadata.name":         tp.Name,
+	}).Info("Added RuntimeSecurityPolicy with success")
+
+	return nil
+}
+
 func addTracingPolicy(ctx context.Context, file string) error {
 	f, err := filepath.Abs(filepath.Clean(file))
 	if err != nil {
diff --git a/pkg/option/config.go b/pkg/option/config.go
index 348fd70030c..146c3702dcd 100644
--- a/pkg/option/config.go
+++ b/pkg/option/config.go
@@ -46,11 +46,12 @@ type config struct {
 	ProcessCacheSize int
 	DataCacheSize    int
 
-	MetricsServer      string
-	MetricsLabelFilter metrics.LabelFilter
-	ServerAddress      string
-	TracingPolicy      string
-	TracingPolicyDir   string
+	MetricsServer         string
+	MetricsLabelFilter    metrics.LabelFilter
+	ServerAddress         string
+	TracingPolicy         string
+	TracingPolicyDir      string
+	RuntimeSecurityPolicy string
 
 	ExportFilename             string
 	ExportFileMaxSizeMB        int
diff --git a/pkg/option/flags.go b/pkg/option/flags.go
index 745bb8bd893..2e12e49d465 100644
--- a/pkg/option/flags.go
+++ b/pkg/option/flags.go
@@ -36,14 +36,15 @@ const (
 	KeyK8sKubeConfigPath      = "k8s-kubeconfig-path"
 	KeyEnableProcessAncestors = "enable-process-ancestors"
 
-	KeyMetricsServer      = "metrics-server"
-	KeyMetricsLabelFilter = "metrics-label-filter"
-	KeyServerAddress      = "server-address"
-	KeyGopsAddr           = "gops-address"
-	KeyEnableProcessCred  = "enable-process-cred"
-	KeyEnableProcessNs    = "enable-process-ns"
-	KeyTracingPolicy      = "tracing-policy"
-	KeyTracingPolicyDir   = "tracing-policy-dir"
+	KeyMetricsServer         = "metrics-server"
+	KeyMetricsLabelFilter    = "metrics-label-filter"
+	KeyServerAddress         = "server-address"
+	KeyGopsAddr              = "gops-address"
+	KeyEnableProcessCred     = "enable-process-cred"
+	KeyEnableProcessNs       = "enable-process-ns"
+	KeyTracingPolicy         = "tracing-policy"
+	KeyTracingPolicyDir      = "tracing-policy-dir"
+	KeyRuntimeSecurityPolicy = "runtime-security-policy"
 
 	KeyCpuProfile = "cpuprofile"
 	KeyMemProfile = "memprofile"
@@ -197,6 +198,7 @@ func ReadAndSetFlags() error {
 	Config.EnableRuntimeSecurityPolicyCRD = viper.GetBool(KeyEnableRuntimeSecurityPolicyCRD)
 
 	Config.TracingPolicy = viper.GetString(KeyTracingPolicy)
+	Config.RuntimeSecurityPolicy = viper.GetString(KeyRuntimeSecurityPolicy)
 
 	switch viper.GetString(KeyUsernameMetadata) {
 	case "unix":
@@ -303,6 +305,8 @@ func AddFlags(flags *pflag.FlagSet) {
 
 	flags.String(KeyTracingPolicyDir, defaults.DefaultTpDir, "Directory from where to load Tracing Policies")
 
+	flags.String(KeyRuntimeSecurityPolicy, "", "Runtime security policy file to load at startup")
+
 	// Options for debugging/development, not visible to users
 	flags.String(KeyCpuProfile, "", "Store CPU profile into provided file")
 	flags.MarkHidden(KeyCpuProfile)
diff --git a/pkg/runtimesecuritypolicy/validation.go b/pkg/runtimesecuritypolicy/validation.go
index 4e0e21e7acb..329af5739bc 100644
--- a/pkg/runtimesecuritypolicy/validation.go
+++ b/pkg/runtimesecuritypolicy/validation.go
@@ -2,6 +2,7 @@ package runtimesecuritypolicy
 
 import (
 	"fmt"
+	"os"
 	"sync"
 
 	"github.com/cilium/tetragon/pkg/k8s/apis/cilium.io/client"
@@ -110,6 +111,26 @@ func FromYAMLToTracingPolicy(data []byte) (*RuntimeSecurityTracingPolicy, error)
 	return ToTracingPolicy(*rsp)
 }
 
+func FromFile(path string) (*v1alpha1.RuntimeSecurityPolicy, error) {
+	policy, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+	tp, err := FromYAML(policy)
+	if err != nil {
+		return nil, fmt.Errorf("failed loading runtime security policy file %q: %w", path, err)
+	}
+	return tp, nil
+}
+
+func FromFileToTracingPolicy(path string) (*RuntimeSecurityTracingPolicy, error) {
+	rsp, err := FromFile(path)
+	if err != nil {
+		return nil, err
+	}
+	return ToTracingPolicy(*rsp)
+}
+
 func ValidateCRD(policy v1alpha1.RuntimeSecurityPolicy) (*validate.Result, error) {
 	metaErrors := ValidateCRDMeta(policy)