惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
S
Secure Thoughts
月光博客
月光博客
美团技术团队
雷峰网
雷峰网
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
N
News and Events Feed by Topic
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Forbes - Security
Forbes - Security
W
WeLiveSecurity
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
爱范儿
爱范儿
G
GRAHAM CLULEY
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AI
AI
Last Week in AI
Last Week in AI
Google Online Security Blog
Google Online Security Blog
Schneier on Security
Schneier on Security
云风的 BLOG
云风的 BLOG
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Recent Announcements
Recent Announcements
Webroot Blog
Webroot Blog
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
N
News and Events Feed by Topic
罗磊的独立博客
The Register - Security
The Register - Security
Blog — PlanetScale
Blog — PlanetScale
T
Threat Research - Cisco Blogs
博客园 - 【当耐特】
Apple Machine Learning Research
Apple Machine Learning Research
人人都是产品经理
人人都是产品经理
T
The Exploit Database - CXSecurity.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
B
Blog
腾讯CDC
Microsoft Azure Blog
Microsoft Azure Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Engineering at Meta
Engineering at Meta
Latest news
Latest news
IT之家
IT之家
D
DataBreaches.Net
博客园 - 司徒正美
N
Netflix TechBlog - Medium
V
V2EX
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知

Blog on Tailscale

Audit AI agent requests, logs, and access with Aperture A no-nonsense explainer to Agentic AI Database, Kubernetes, and SSH access without passwords | Border0 + Tailscale Tailscale adds log streaming for Azure Blob Storage Build a flexible AI stack with Aperture More Tailscale tricks for your jailbroken Kindle Redundancy only matters if you can reach it Fixing my ridiculous fridge with a tiny Funnel site Canada’s Bill C-22 and the security cost of collecting more data Introducing: Aperture CLI Five TailscaleUp sessions I’d attend if I didn’t work here Bambuddy: self-hosted 3D printing beyond the vendor cloud Fixing Headlamp OIDC login with Tailscale and tsidp Tailscale + Paperless-ngx: scan everything, expose nothing Aperture, now in beta, adds the controls teams need for AI agents This month at Tailscale for April 2026 Meet tailscale-rs, our new Rust library preview Pricing v4: more value, more simply Being the adult in the room The hidden costs of “good enough” network access This month at Tailscale for March 2026 Escaping the notch: Tailscale's new macOS home
How Cleric uses tsnet to securely automate software operations
Michael Saah · 2026-05-01 · via Blog on Tailscale

At Cleric, we are building the first autonomous AI Site Reliability Engineer (SRE). Our mission is to handle the heavy lifting of software operations. Cleric investigates incidents, triages alerts, and captures production context, so that engineering teams can focus on building.

For an AI SRE to be effective, it needs to query the same internal tools, databases, and telemetry providers that a human engineer would. This presents a significant architectural challenge: How do we gain secure, low-latency access to our customers' private resources without creating a massive burden for their platform and security teams?

By leveraging Tailscale and the tsnet library, we’ve built a secure connectivity layer that is easy for the customer to integrate and for us to operate.

The Connectivity Problem

Our customers’ environments are as diverse as the services they run. We see everything from AWS shops with strict VPC requirements to modern, identity-perimeter setups where every service is authenticated via an identity provider (IdP). Some require VPNs for any internal access; others leverage complex peering models across multiple clouds.

When we set out to build Cleric’s connectivity layer, we had three non-negotiables:

  1. Security: We must follow the principle of least privilege. We shouldn't have access to any network endpoints that the customer does not desire us to have.
  2. Ease of Use: If a customer has to spend three weeks configuring routing tables and getting through security review just to try Cleric, we’ve already lost.
  3. Scalability: We cannot manage a unique, bespoke networking stack for every individual customer.

Why traditional methods fall short

Before landing on Tailscale, we evaluated the "standard" ways of connecting to private infrastructure. Each came with trade-offs that were ultimately unacceptable.

The reverse proxy

We could ask customers to set up an authenticated reverse proxy to expose specific internal endpoints to our agent. This sounds reasonable on the surface, but in practice it’s a nightmare for everyone involved. For the customer, it’s extra infrastructure to maintain and a high-friction security review. For us, it creates "implementation debt", in that we have to maintain custom logic for how we integrate with each specific customer’s proxy.

Solutions like AWS VPC peering or Azure VNet peering are robust, but they require significant coordination. There are CIDR block overlaps to worry about, routing table updates, and cross-account permissions. Furthermore, as a multi-cloud provider, managing a heterogeneous mix of provider-specific connection mechanisms would quickly become an operational bottleneck for our team.

Building a private overlay with Tailscale

We realized that what we actually needed wasn't direct connectivity into the customer’s network; we needed a private, programmable overlay network. We wanted to control exactly which endpoints were exposed, with zero changes to the customer’s existing network configuration.

Tailscale provided the perfect foundation. By using Tailscale’s WireGuard™-based mesh, we could establish encrypted, peer-to-peer connections between our agent and customer resources regardless of where they sit.

The breakthrough for us was tsnet, Tailscale’s library that allows you to embed Tailscale directly into a Go binary.

This network diagram shows a "Cleric Agent" inside a "Cleric VPC" connecting via blue lines labeled with IP addresses 100.64.0.1-3:443 to a central "Cleric Connector" within a "Customer VPC." From the connector, green arrows branch out to three target servers: a "Kubernetes API Server" at 10.0.0.1:443, a "Grafana Server" at 10.0.0.2:443, and a "Prometheus Server" at 10.0.0.3:443.

How it works: virtualizing the network

Instead of asking a customer to install a VPN client on a gateway or bastion host, we provide them with a simple binary or Helm chart. This "Cleric Connector" acts as a device (or several) on a Tailscale tailnet.

Here is how we’ve structured the implementation:

  • Endpoint modeling: We model each customer resource (a database, a Prometheus instance, etc.) as a distinct "device" within our internal architecture.
  • The tsnet advantage: Using tsnet, we virtualize these devices into a single process. Our agent doesn't see a complex web of subnets; it sees a flat, secure namespace of authorized services.
  • Zero-config deployment: To the customer, the setup is "drop-in." They provide the Connector with a list of internal endpoints they wish to expose, and Tailscale handles the NAT traversal and encrypted tunneling automatically. No firewall holes, no public IPs, and no routing table headaches.

Security by design: beyond the bastion

One of the most significant advantages of this model is that it avoids the "all-or-nothing" trap of traditional VPNs.

In a traditional VPN or bastion host model, once you are "inside," you often have broad visibility into the private network. If the internal firewall rules are misconfigured, an external agent could potentially reach any resource on that subnet.

With the Cleric + Tailscale model, lateral movement is impossible. Because we model each endpoint as a unique device, our agent can only see the specific endpoints it has been explicitly granted access to. In other words, we don’t route based on IP ranges, we connect based on identity. If a resource isn't explicitly configured for the Connector, it doesn't exist as far as the Cleric agent is concerned.

For the security team, this model is trivially auditable: just look at what endpoints have been configured on the Connector. Cleric has no access to private endpoints beyond what’s on that list.

The result

By building on Tailscale, we’ve turned a complex infrastructure hurdle into a competitive advantage. This solution has been running in production for several months now and has cut our time-to-value substantially, in some cases eliminating weeks of process time.

We’ve stopped worrying about network topologies, and started focusing on what we do best: building the future of autonomous operations.