I work at Tailscale, so I’m not exactly a neutral party when it comes to TailscaleUp, our conference on August 26, 2026. But if I worked somewhere else, and were looking at this agenda? These are the five sessions I’d mark as must-see.
I’d probably also mention the help desk, the hallway conversations, and yes, the discount code I used after finding it in this blog post. I’d close the deal with this one-page “boss letter,” perhaps. But first: the sessions.
Tailscale VPN Part 1: From Homelab to US-East-1
A big part of Tailscale’s not-so-secret marketing strategy is “Bring Tailscale to work.” It’s why we offer a generous free Personal plan, provide real human support, even for non-paying users, and make our product hugely backward compatible. Does it work? For my job’s sake, I hope so. But we also have proof.
John Downey from GoFundMe will talk about how his team replaced a stack of security and connectivity tools with Tailscale after people inside the company already knew it, used it, and trusted it.
I’d go because it validates my job. You might go because it shows how “This was so useful at home” can turn tino “My company depends on this in production.”
SaaS, Self-host, or Gateway: The AI Control Conundrum
Justin Garrison, Field CTO at Sidero Labs, has spent a lot of time around infrastructure tradeoffs. His background includes supporting animation and Disney+ at Disney, working on Amazon Elastic Kubernetes Service (EKS), co-authoring Cloud Native Infrastructure with Kris Nova, and hosting the Fork Around and Find Out podcast.
That’s why he’s given himself this challenging question to answer: If cost and quality were equal, what are the pros and cons of running AI remotely, self-hosted, or through a gateway, like our own Aperture? Think about how much your preferred models have shifted in the last few years, and it seems like less of a thought experiment.
Head to this talk, on Stage 2 just after lunch, if you want to know what it’s like to actually control and support AI infrastructure, while models, costs, capabilities, and security expectations keep shifting.
Build Your Own Identity-Scoped Workstation Environment for Automated PR Jobs with Agentic AI and Aperture
Like many of its customers, Tailscale has spent real time figuring out how AI coding agents should access systems. This session turns our experience into a hands-on build.
Carlos Catalan, a solutions engineer at Tailscale with a background in security, will walk through a system with three interlocking layers: Firecracker microVMs, Coder workstation orchestration, and Aperture as an identity-aware gateway. The goal is fully automated, ephemeral AI workloads whose access and actions can still trace back to a human role.
Pick this talk if you want to see some battle-tested, repeatable, traceable systems using AI agents. It’s not an “AI might do this someday” talk, it’s a workshop where you build the thing.
Power Up Your Policy File
Full disclosure: I’ve worked on projects with speakers Simon Law and Megan Walsh, and they’ve been wonderfully helpful to me getting up to speed on anything I ask about. So I trust them when they promise to help me with my biggest Tailscale shortcoming: policy files.
Tailscale’s default policy is easy to start with: everything talks to everything. It’s great for getting started, but not where most organizations should stay. This workshop will walk you, and your organization, out of that default, laptop in hand. You’ll move through setting up least-privileged grants, segmenting devices into tags like production and staging, and separating out the who (src), where (dst), and how (ip/app). You can go further into just-in-time access, device posture, and validation testing.
Between Simon’s experience with the policy engine, and Megan’s help making it easier to understand and use, you can expect to leave knowing what’s new, what’s possible, and how all the pieces of a policy fit together.
(Talk details, bios for Simon and Megan)
Total cop-out: The keynote
Lots of other talks could make my top-five cut. There’s a Border0 hands-on session; robot-related talks from Kabam Robotics and Dexory, and a session on building a Tailscale-enabled app with tsnet and Claude Code.
But I’ve been through a couple keynotes—the mandatory kind, at all-hands events—and I am regularly left realizing I didn’t have quite the handle on everything that I should.
CEO Avery Pennarun, VP of Product Ross Kukulinski, SVP of Marketing Sydney Rossman-Reich, and Alex Kretzschmar, head of developer relations—all these people enjoy a surprise. They also enjoy showing you new ways that all the things that seemed like unconnected bits actually fit together, and how they tell a story.
Even if you know all of Tailscale’s individual offerings, I think you’ll leave the main-stage talk with a clearer sense of where Tailscale is headed.
Oh, you made it this far? Why, thank you. I hear that kevinsentme gets you 20% off your ticket.
Now that your boss is satisfied, allow me to mention a few other things planned for TailscaleUp attendees:
- Swag bag and T-shirts
- "Tailtag" scavenger hunt
- Custom Fill it Forward water bottle
- Food, (good) coffee, and snacks
- Up After Dark after-party at Hibernia
What talks are you most eager to see? What did we miss? Tell us on Reddit, Discord, Bluesky, Mastodon, X, or LinkedIn.
Kevin Purdy
