Tailscale co-founder and Chief Strategy Officer David Carney told the Changelog podcast that Tailscale is moving well beyond its VPN origins. The conversation covers four specific bets: TSIDP, TSNet, multiple tailnets, and Aperture. TSIDP delivers clickless auth by acting as an OpenID Connect provider inside your tailnet, eliminating the redirect dance with Okta or Entra ID for internal apps. TSNet lets Go applications join a tailnet directly as first-class nodes, no sidecar required.

Aperture is the sharpest edge here. It is Tailscale's private AI gateway, sitting between your agents and upstream APIs from Anthropic, Amazon Bedrock, and others. It handles API key management, request observability, and security for agentic workflows including MCP. Multiple tailnets adds hard network isolation between environments or tenants without juggling separate accounts. Together these features describe a control plane, not just a connectivity tool.

Read the full episode transcript or listen to understand why Carney frames each of these as composable primitives rather than standalone features. The MCP security angle and how Aperture fits the emerging agent trust problem is the part worth your full attention. Contact Carney directly at aperture@tailscale.com.

[READ ORIGINAL →]