Firetiger’s agents observe, triage, and operate production software autonomously, but only if they can access the systems they need in the first place. Most production systems live on private networks, which makes that first connection an integral part of the product. By integrating Tailscale into Firetiger, the team turned multi-day onboarding hurdles for customers into minutes of setup.

John Pugliesi, Founding Engineer at Firetiger, joins us to share why their teams decided to build a Tailscale integration directly into their product. It now provides their clients with a convenient, self-serve option that saves Firetiger “days in engineering hours” and radically upgrades their networking.

Engineering the best outcomes

Firetiger was founded in 2024 around a simple idea: software breaks in two ways. Your code changes, and the world around it changes too. Firetiger watches both. Its AI agents verify every deploy, triage production issues, and connect what happened in production back to the engineers and coding agents responsible for fixing it. The team calls this “outcome engineering,” a way of thinking about software operations that puts the customer’s goals and intended changes at the center, not the alerts, dashboards, or tickets around it. John Pugliesi was the first engineer to join the company, and his hands-on experience working directly with customers gave him unique insights into the networking challenges behind making that possible.

“We are building a product that helps you observe and operate your software more autonomously so that you can focus on what we like to call ‘outcome engineering,’” he explains. “It’s when you build products that help your customers achieve outcomes they actually care about, as opposed to building software and products for the sake of software and products.”

Making the networking happen

One of the key components to making “outcome engineering” possible is reliable networking connections between Firetiger and their clients’ existing software systems. They need consistent access to their software telemetry, which includes the data sources and databases clients want to monitor.

John explains, “Most interesting software systems live on private networks, which creates a real problem for any system on the Internet (Firetiger included) that needs to talk to them. VPC peering hits CIDR conflicts. AWS PrivateLink only works if everyone's on AWS. Site-to-site VPNs mean hours of debugging IPsec tunnels. Bastion hosts work great until someone forgets to rotate keys. Every option for connecting AI agents to private systems is some flavor of painful, which is why Tailscale stood out.”

Since these connections were crucial to operations, John began searching for a reliable way to create them. Fortunately, he had heard of Tailscale before. Several of Firetiger’s earliest customers were already using it, so building in an integration became “an obvious way” to provide secure connectivity and improve user experience.

“It's been on our radar for a while. It's a really great product in concept and solves a real pain point – making networking simple,” he explains. “That's particularly relevant for our product, where we are trying to help clients operate and observe their software system autonomously.”

Firetiger operates across cloud providers and has a cloud-native architecture. John shares that building Tailscale into their existing tech stack has been relatively easy, especially since it’s heavily written in Go. They found it very natural to use tsnet, and there were only minor integration hurdles.

Reducing friction and empowering self-serve

Now that Firetiger has a Tailscale integration, their clients have a convenient, built-in way to connect that’s self-serve. They simply add Firetiger to their tailnet, and they can easily monitor their own databases and all of the private resources on their network.

“Network Transports are how Firetiger gets from our infrastructure to yours — the underlay for connecting our AI agents to your databases. Tailscale was the obvious way to ship it. The experience is just so much better than anything else: customers plug in OAuth credentials once, our agents join their tailnet as ephemeral devices, and connectivity just works.”

With this custom approach, onboarding clients is far less of a headache than with other networking solutions. Users first create a Tailscale OAuth client and provide the credentials to Firetiger so they can be authenticated. From there, they go into Firetiger to create a Network Transport where they plug in their OAuth credentials.

“If you come into our product, you can see we already have a network transport set up here,” John explains. “You give it a name and description, plug in your OAuth information, and click ‘create.’”

Once a connection to Firetiger’s internal tailnet has been established, clients attach the transport to various connections, which allow Firetiger’s AI agents to access whatever their credentials allow.

John elaborates, “This database connection will connect via the tailnet network transport, and then it just kind of works. It's really cool. Again, the game is: How do we make it easy to connect your data sources so that agents can use them to observe and operate autonomously? That's pretty much it.”

He adds that, compared to other networking solutions, using Tailscale reduces friction, and while clients who don’t use it can still connect, the process isn’t as convenient. Nevertheless, Firetiger is not prescriptive regarding their clients’ networking choices. Instead, they aim to educate about the greater convenience of using Tailscale and advocate for why it's the best path forward.

“For customers who don't use Tailscale, it’s less seamless. We have to set up Privatelink, service endpoints, that kind of thing,” shares John. “We have docs, which are our guide for the whole setup. Folks see how it's easier, but at the end of the day, there is still a lift.”

Tailscale just works

Firetiger’s teams have saved considerable labor costs by facilitating self-serve for their clients.

“We save days of engineering time on every customer onboarding. Setting up a non-Tailscale connection means PrivateLinks, service endpoints, NLBs, back-and-forth — all the cloud-native plumbing. With Tailscale, we hand the customer our docs, and they're done.”

There’s also a glaring difference between the setup for clients who use Tailscale and those who insist on sticking with alternatives. When Tailscale isn’t used, it can take hours to get clients up and running, and when it is, they can often complete setup themselves.

As John explains, “If I have to go set up a non-Tailscale connection, it has a lot of handoffs back and forth, and I can't make it self-serve for the customer. It ends up being hours per integration. With Tailscale, I just send the customer the docs and say, ‘Let me know if you have any questions.’ I don't think there is any other cloud-native networking story that is going to be self-serve in the way Tailscale is.”

Ultimately, integrating Tailscale has made Firetiger’s operations run much more smoothly, and John shares that their team has no complaints. “Tailscale makes networking just work in the way you hope it would. The idea of connecting A to B has never been as simple as just setting up A and B to connect, and Tailscale is as close to that as possible.”

Start with networking that puts you ahead

With Tailscale integrated, Firetiger's agents can do their actual jobs: monitor code changes, triage software issues, recommend fixes, and operate the overall production systems autonomously, using the same privately networked tools and data sources an engineer would. Customers don't expose anything to the public internet, and Firetiger's agents get the access they need to deliver outcomes from day one.

Innovative startups like Firetiger should have networking that’s just as leading-edge. Schedule a demo of Tailscale to learn more about what it can do for your company.