Tailscale is building beyond the VPN. In this Changelog episode, co-founder and Chief Strategy Officer David Carney walks through four concrete bets: TSIDP, TSNet, multiple tailnets, and Aperture. TSIDP delivers clickless authentication over OIDC without requiring a separate identity provider like Okta or Microsoft Entra ID. TSNet lets applications join a tailnet directly as a Go library, no daemon required. Multiple tailnets enable hard network isolation between environments. These are not roadmap slides. They are shipping features.
Aperture is the most forward-looking piece. It is Tailscale's private AI gateway, sitting between your agents and upstream APIs from providers like Anthropic and Amazon Bedrock. It handles API key management, request observability, and agent security in a single control plane. The MCP specification is referenced directly as context for why agent security needs a dedicated layer now, not later. Carney's email for Aperture access is aperture@tailscale.com.
Read the full transcript for the technical depth on policy file syntax and how multiple tailnets interact with access controls. The conversation also covers where Proxmox VE and Incus fit into self-hosted tailnet topologies. The argument Carney makes, that Tailscale is becoming an identity and networking platform rather than a connectivity tool, is worth hearing in full.
[READ ORIGINAL →]