Securing AI
Bring AI usage into focus with Aperture
Aperture by Tailscale provides a unified AI governance solution that covers both AI agents and users without the need to manage and distribute API keys.
Aperture by Tailscale provides a unified AI governance solution that covers both AI agents and users without the need to manage and distribute API keys.
Analyze AI agent and user usage by examining full LLM session histories, including both local and MCP tool calls. Detect anomalies, spot emerging patterns, and optimize your usage.
Aperture supports major agents like Claude Code, Codex, Gemini CLI and agent frameworks that support a custom base URL. Connect self-hosted OSS models and hosted models from OpenAI, Anthropic, and Google.
See and stop tool calls before users or agents make them. Keep API keys here safely, not in sandboxed containers or user machines. Get detailed session logs for compliance and auditability.
Grant granular access for AI users, agents, and tools to data and infrastructure.
Teams can securely share local LLM access just by adding them to the tailnet.
Enable connectivity for AI agents in production environments and dev workflows.
Have AI agents communicate with one another. Tags can tie agents to an identity.
With Aperture, you only need a single API key per provider. The gateway uses Tailscale identities to identify connecting users and agents, meaning it’s no longer necessary to distribute keys to individual users.
Aperture works with any coding agent that allows the end user to replace the base URL of the API endpoint. It supports Claude Code, Codex, Gemini CLI, Roo Code, Cline, and others.
We do not have published pricing during the current Alpha and Beta period. Contact sales to learn more.
We have plans to expand availability in the near future, but there is not a public timeline yet.
We’re currently experimenting with multiple deployment options, and supporting Alpha and Beta customers one-on-one. Contact sales to learn more.
Yes, Aperture currently supports S3 export.
Yes, Aperture relies on Tailscale identity to eliminate API keys. However, we can work in many different environments with specific requirements. Contact sales to learn more.
Yes, as long as it’s possible to run Tailscale. Aperture and Tailscale work in common containerized environments, like GitHub Actions, without needing to expose either the agent or gateway to the public internet.
Currently, Aperture can extract MCP and local tool calls from popular agents. We are planning to add more fine-grained MCP control.
Yes, it’s possible to proxy self-hosted LLMs with Aperture without exposing the endpoints to the public internet.
For individuals who want to securely connect personal devices, for free.
For teams or organizations looking for an easy-to-use, secure, legacy VPN replacement.
For companies who need service and resource level authentication and access control.
For companies who need advanced integrations, compliance and support for access control at scale.