If you’ve been running Claude Code or Codex across a team, you’ve probably hit that awkward moment: who’s burning through tokens, what prompts are going out, and are we leaking anything sensitive? Tailscale just dropped something that tackles exactly this. It’s called [Aperture](https://tailscale.com/blog/aperture-private-alpha), and it entered private alpha on February 17th. The announcement blew up on [Hacker News](https://news.ycombinator.com/item?id=46782091) and got picked up by [SiliconANGLE](https://siliconangle.com/2026/02/17/secure-networking-startup-tailscale-launches-identity-linked-governance-ai-tools-agents/) almost immediately.
Here’s the pitch: Aperture sits as a private AI gateway on your tailnet and proxies all LLM traffic — OpenAI, Anthropic, Google Gemini, OpenRouter, self-hosted models, you name it. The clever part is that it piggybacks on Tailscale’s existing identity system. Every API call gets tagged with who made it and from which machine, without anyone needing a separate API key or login. You just point your agent at it and go. For Claude Code, the setup is literally two lines in your settings.json — set `ANTHROPIC_BASE_URL` to your Aperture instance and you’re done.
What makes this more than just another proxy is the visibility layer. You get full breakdowns of token usage (input, output, cached, reasoning tokens), tool call tracking, and session-level logs that you can export to S3 for your SIEM. Want to know if an intern’s coding agent just dumped your entire codebase into a prompt? Aperture will tell you. Want to enforce policies about which models or tools are allowed? That too. It supports Claude Code, Codex, Gemini CLI, and pretty much any agent framework that lets you set a custom base URL.
Now, the [HN crowd](https://news.ycombinator.com/item?id=46782091) had mixed feelings. Some folks argued a capable engineer could wire up something similar in a day or two. Others pointed out that robust token counting, schema normalization across providers, and proper audit logging are deceptively hard to get right — and that’s before you deal with MCP tool call extraction. There was also the usual grumbling about Tailscale chasing AI hype instead of fixing their [3.8k open GitHub issues](https://github.com/tailscale/tailscale/issues), which is fair criticism.
Personally, I think the timing is spot-on. Every company I talk to is scrambling to figure out AI governance now that agents are everywhere. Aperture is free during the alpha across all Tailscale plans (with a 3-user limit on the free tier), so if you’re already on Tailscale, there’s basically zero friction to try it. You can sign up at [aperture.tailscale.com](https://aperture.tailscale.com/) and poke around. It’s rough around the edges — they’re upfront about it being experimental — but the core idea of tying AI usage to network identity feels like the right abstraction. Keep an eye on this one.
Leave a comment