From Tailnet to platform (Interview) - The Changelog: Software Development, Open Source Recap

Podcast: The Changelog: Software Development, Open Source

Published: 2026-03-11

Duration: 1 hr 42 min

Guests: David Carney

Summary

David Carney, Chief Strategy Officer of Tailscale, discusses how Tailscale is evolving from a VPN solution into a versatile platform with tools like TSNet for application development and Aperture, an AI gateway aimed at solving API key management and enabling secure AI workflows.

What Happened

David Carney, Chief Strategy Officer of Tailscale, described the evolution of Tailscale from a VPN alternative into a platform for building private, secure networks. He explained how Tailscale's core technology allows users to connect devices anywhere in the world while embedding identity and access controls into every connection. This simplifies security and reduces the need for traditional VPNs.

Carney introduced TSIDP, a tool that functions as a private identity provider within Tailscale's networks. It allows users to integrate identity management for services like Proxmox or Salesforce without relying on external providers. This streamlines authentication and enables "clickless login" experiences for users, saving time and improving security.

The discussion highlighted TSNet, a library that lets developers create applications that behave like nodes on a Tailscale network. This capability has been used internally by Tailscale to build applications like Aperture, an AI gateway that centralizes API key management and provides visibility into AI tool usage within organizations.

Aperture's ability to log every API interaction and associate it with specific users was emphasized as a key feature. This ensures accountability, simplifies compliance, and helps teams audit and optimize their AI workflows. Carney shared how Tailscale uses Aperture internally for tracking team-wide AI usage and improving prompt engineering.

Carney explained how multi-tailnets, a feature allowing separate, isolated networks within an organization, can simplify complex setups and improve security for enterprises. This is particularly useful for companies deploying agentic workloads or managing customer-specific environments.

The episode also explored the challenges of educating users about Tailscale's full capabilities. Despite its initial positioning as a VPN alternative, Carney emphasized that Tailscale’s core strength lies in its ability to embed identity and encryption at the network layer, enabling advanced use cases like private AI gateways and secure, decentralized application development.

Carney encouraged developers to explore building on TSNet, noting its potential to simplify application development by eliminating the need for separate networking and authentication layers. He also expressed interest in partnerships and community contributions to expand Tailscale's ecosystem.

The conversation wrapped up with a look at Tailscale's future, including plans for expanding Aperture's capabilities, supporting self-hosted solutions, and continuing to evolve Tailscale into a robust platform for secure, scalable networking.

Key Insights

• Tailscale's TSIDP allows companies to run their own private identity provider, eliminating reliance on external services like Okta or Azure AD. This enables 'clickless login' for tools like Salesforce, saving time and reducing security risks tied to third-party providers.
• TSNet lets developers turn applications into secure nodes on a Tailscale network, removing the need for separate authentication and networking layers. Tailscale used this internally to create Aperture, an AI gateway that tracks API usage organization-wide and improves accountability for prompt engineering.
• Multi-tailnets enable organizations to create isolated, secure networks for different teams or customers without complex configurations. This feature is especially valuable for enterprises handling agentic workloads or customer-specific environments where separation is critical.
• Aperture records every API call and ties it to individual users, making it easier for teams to audit and optimize AI workflows. Tailscale uses this internally to refine its own AI usage, showing how tracking prompts leads to better engineering and accountability.

Key Questions Answered

What is Tailscale’s AI gateway Aperture and how does it work?

Aperture is an AI gateway built on Tailscale’s TSNet, designed to centralize API key management and provide visibility into AI tool usage. It logs every API interaction, associates actions with specific users, and allows real-time governance for secure AI workflows.

How does Tailscale's multi-tailnet feature improve network security?

Multi-tailnets enable organizations to create isolated networks for different workloads or customers. This segmentation improves security by preventing lateral movement between networks and simplifies governance for agentic workloads.

What is TSIDP and how does it enhance identity management?

TSIDP is a private identity provider for Tailscale networks, allowing users to manage identity internally without relying on external providers. It supports OIDC and OAuth 2, enabling seamless authentication for applications like Proxmox and Salesforce.