Tailscale has launched Aperture, an AI access control platform designed to give IT teams visibility and governance over how employees use AI agents and large language models (LLMs) across their organizations. The expansion addresses a growing security blind spot: over 64% of activity on personal or free AI accounts is work-related, and nearly half of all workers upload sensitive data into public AI tools without IT oversight.

What's Driving the Urgency Around AI Agent Governance?

Organizations are facing a paradox. They want to adopt AI tools to boost productivity, but security and compliance teams often lack the visibility to enforce safeguards. Research cited by Tailscale reveals that 34.8% of corporate data fed to AI tools is sensitive, yet 48% of workers routinely upload sensitive information to public AI services without authorization. This "shadow AI" problem has become a critical risk for enterprises managing intellectual property, customer data, and regulatory compliance.

"Organizations face pressure to adopt AI while taking risks they would never accept elsewhere," said Avery Pennarun, co-founder and CEO of Tailscale. "Security teams often approve deployments lacking clear attribution, consistent controls or audit trails."

Avery Pennarun, Co-founder and CEO at Tailscale

Aperture tackles this problem by inserting a governance layer between employees and AI services. The platform acts as a gateway, allowing IT teams to enforce policies, log activity, and control which models and data sources employees can access.

How to Implement AI Agent Controls in Your Organization

• Identity-Linked Access: Bind AI requests to individual user identities through Tailscale's network layer, ensuring every interaction is traceable and attributable to a specific person rather than a shared API key.
• Pre-Request Data Filtering: Configure automatic removal of personally identifiable information (PII) before requests reach any AI model, preventing accidental exposure of sensitive employee or customer data.
• Token and Spend Quotas: Set configurable limits on how many tokens (units of text) each user or team can consume across multiple LLM providers, controlling both security risk and cloud costs.
• Centralized Audit Logging: Maintain detailed records of all AI interactions with configurable retention policies, including options for zero retention if compliance requirements demand it.
• Multi-Provider Support: Manage access to API keys from major LLM providers including OpenAI, Anthropic (Claude Code), Google Gemini, and Amazon Bedrock through a single control plane.

Aperture's architecture mirrors established patterns used to secure API-driven services. By implementing gateway and proxy controls, organizations can centralize secrets management, apply least-privilege access rules, and preserve auditability across heterogeneous model providers. The platform integrates with partner tools including Oso, Cerbos, and Cribl for authorization policy enforcement and telemetry routing.

What Does Aperture's Feature Set Actually Enable?

The platform's core capabilities address specific security gaps that shadow AI creates. Feature-level controls allow administrators to configure token and spend quotas across multiple LLM providers, preventing runaway costs and limiting exposure to any single service. Pre-request hooks strip PII before calls reach a model, reducing the risk of accidentally feeding confidential information to external AI services. Configurable log-retention policies give compliance teams the flexibility to meet regulatory requirements, while administrator audit logging creates an immutable record of who accessed which models and when.

A particularly notable capability is sandboxing for AI agents, currently in private alpha testing. This feature isolates agent execution environments, preventing agents from accessing resources or data beyond their assigned scope. The Cerbos project documentation indicates that Aperture's gateway-style enforcement can apply authorization policies to a wide range of agent frameworks and model endpoints, including Claude Code, OpenAI Codex, Gemini CLI, and Amazon Bedrock.

When Will Aperture Be Available and What Will It Cost?

Aperture is currently available during alpha and beta testing with partner integrations already active. The platform is free during the alpha phase, with enterprise pricing to be introduced when the product reaches general availability. Organizations interested in early access can participate in the current testing phase to evaluate whether the platform meets their governance requirements before pricing is finalized.

For security and compliance teams evaluating agent governance solutions, gateway and proxy approaches like Aperture represent one viable architecture among several options. The key advantage is model-agnostic control: the same policies apply whether employees are using Claude Code, OpenAI's tools, or Google's services. Teams implementing such tooling will need to validate end-to-end threat models, audit-chain completeness, and any vendor-specific limitations around provider API features or rate limits.

The broader significance of Aperture's launch reflects a maturing recognition in enterprise IT: AI adoption without governance is a liability, not an asset. As organizations scale their use of AI agents and LLMs, the ability to enforce identity-based controls, centralize logging, and apply least-privilege access becomes as essential as managing traditional cloud infrastructure.