惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V
V2EX
爱范儿
爱范儿
Martin Fowler
Martin Fowler
T
The Blog of Author Tim Ferriss
B
Blog RSS Feed
博客园 - 聂微东
G
GRAHAM CLULEY
Engineering at Meta
Engineering at Meta
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
WordPress大学
WordPress大学
Scott Helme
Scott Helme
AI
AI
S
Security Affairs
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
人人都是产品经理
人人都是产品经理
AWS News Blog
AWS News Blog
T
Threatpost
Cyberwarzone
Cyberwarzone
www.infosecurity-magazine.com
www.infosecurity-magazine.com
U
Unit 42
V
Vulnerabilities – Threatpost
J
Java Code Geeks
博客园 - Franky
月光博客
月光博客
Blog — PlanetScale
Blog — PlanetScale
NISL@THU
NISL@THU
D
Docker
小众软件
小众软件
N
News and Events Feed by Topic
Microsoft Security Blog
Microsoft Security Blog
Y
Y Combinator Blog
A
Arctic Wolf
D
DataBreaches.Net
云风的 BLOG
云风的 BLOG
Forbes - Security
Forbes - Security
量子位
PCI Perspectives
PCI Perspectives
美团技术团队
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
I
InfoQ
Security Archives - TechRepublic
Security Archives - TechRepublic
有赞技术团队
有赞技术团队
腾讯CDC
P
Proofpoint News Feed
S
Security @ Cisco Blogs
G
Google Developers Blog
C
Cisco Blogs

Blog on Tailscale

A no-nonsense explainer to Agentic AI Database, Kubernetes, and SSH access without passwords | Border0 + Tailscale Tailscale adds log streaming for Azure Blob Storage Build a flexible AI stack with Aperture More Tailscale tricks for your jailbroken Kindle Redundancy only matters if you can reach it Fixing my ridiculous fridge with a tiny Funnel site Canada’s Bill C-22 and the security cost of collecting more data Introducing: Aperture CLI Five TailscaleUp sessions I’d attend if I didn’t work here Bambuddy: self-hosted 3D printing beyond the vendor cloud Fixing Headlamp OIDC login with Tailscale and tsidp How Cleric uses tsnet to securely automate software operations Tailscale + Paperless-ngx: scan everything, expose nothing Aperture, now in beta, adds the controls teams need for AI agents This month at Tailscale for April 2026 Meet tailscale-rs, our new Rust library preview Pricing v4: more value, more simply Being the adult in the room The hidden costs of “good enough” network access This month at Tailscale for March 2026 Escaping the notch: Tailscale's new macOS home
Audit AI agent requests, logs, and access with Aperture
Kevin Purdy · 2026-06-30 · via Blog on Tailscale

Have you ever asked an LLM in chat what seemed like a simple question, then watched as it reinvented fire, the wheel, and quantum physics to tell you how far Scotiabank Arena is from the Toronto airport?

AI agents, like Claude Code, Codex, OpenCode, and OpenClaw, can do that, too. But their users explicitly encourage them to dig deep. Agents can make dozens of LLM requests per task, invoke tools, and pass data to one or more providers. So who sent what data to which model, and where is it logged?

If you’re using Aperture, you can see, store, and control access to this data.

Here’s how Aperture works to help you audit what your AI agents are accessing, who’s managing them, and where it’s all logged.

Administration panel showing Grants management interface with a search bar and Add grant button. A table displays four access grant entries with sources (including an email address, group, and tagged user) and their corresponding grant permissions for various roles and tools.

Every AI request has an identity attached

Aperture’s ability to rein in AI agent sprawl starts with its identity layer. Every request routed through Aperture comes with cryptographic proof of identity through Tailscale. When tokens are set on fire, you’ll know where the smoke started.

Every time a person or a agent makes a request through Aperture, their login name, device ID, and any related tags are pulled from their identity. The same goes for tagged “non-human” devices, like CI runners or background agents, which pick up an identity from their tags.

You don’t have to go message-by-message through a coding session or chat session, thanks to Aperture’s session tracking. Related requests are all grouped into sessions, so you can see the context of the data, tools, and costs associated with deeper work.

Identity flows through the whole system: every record, dashboard, and session log. You can always answer “Who did this,” and the answer is a specific person or device. Some vendors try to provide visibility by pulling every user, and every job, into a single ecosystem and control panel. Aperture provides consistent identity, visibility, and control layers across whatever tools teams choose to use.

Logs dashboard showing request sessions and captured interactions. Table displays user activity with columns for user, user agent, requests, models, input/output tokens, cached content, reasoning, total usage, cost, tool uses, and last activity timestamp. Two users listed: amelie with 11 requests costing $0.57, and pangolin with 279 requests costing $30.63. Below shows detailed metric breakdown for individual requests with model opus-4-8, token counts, and timestamps from June 15, 2026.

What data is captured, where it’s kept

Aperture captures the full request-response lifecycle of every LLM interaction. Administrators get granular access and control to what data is being retained and where it ends up.

Here’s what Aperture captures:

  • The full request body from a user
  • Full response body from the LLM
  • HTTP headers (with sensitive values redacted)
  • Token counts by type (input/output/cached/reasoning)
  • Model name
  • Duration
  • Tool use

All of this is captured asynchronously, after a response is completed. Aperture doesn’t slow down AI work in any way.

How much captured data you want to keep is up to you. You can reduce your capture log retention all the way down to zero. You can export logs to S3-compatible storage for your SIEM system so you can detect and respond to threats. Or you could do both, holding no data, but still having a full audit trail.

You can let trusted partners into your data, too. Aperture has already built APIs and integrations with Cribl, Oso, Apollo Research, and Cerbos, with more to come.

Aperture audit logs display showing system events and configuration changes within an Aperture instance, with timestamps, actor information, actions performed, and resource details for security monitoring and compliance tracking.

Who can see the logs (and who can’t)

Aperture’s access policy for session data is deny-by-default. Access to logs, just like access to models, is controlled through a grants system, one that can map directly onto Tailscale identities.

Grants can be highly specific (alice@example.com), categorical (tag:ci-runner), or open-door (*). In Aperture, you can also scope by provider and model, like anthropic/** or openai/gpt-5, and set MCP tool access through grants, too. There are two roles at the moment, user and admin, with more to come soon.

If you’ve already got Tailscale grants configured, you can set up Aperture in the same tailnet policy. Aperture and Tailscale grants combine additively.

Administrator access logging

Along with insights into AI use, Aperture, unlike most gateways, can also log what administrators do with those logs.

When someone with an admin role views logs owned by another user, the access is recorded. Other administrators can review the audit trail, either by API endpoint or Aperture’s web interface. It’s a clear signal to auditors that admin access to sensitive session data is both tracked and reviewable.

Enforcing policy before data leaves your network

Aperture’s policies wouldn’t mean much if all you could do is see what went out the door. By providing LLM access through Aperture, policies can be enforced before requests hit their providers, through guardrails. You can see not only what did happen, but what was blocked from happening.

  • Pre-request hooks can scrub personally identifiable information (PII), block requests that violate data policy, or strip out specific tool declarations
  • Should the guardrail service be unreachable, requests can be configured to fail_closed (blocked) or fail_open (proceed)
  • Aperture partners can add fine-grained authorization at the tool-call level, allowing or denying individual calls
  • Quotas can enforce spending per user, group, agent, or run, across all providers.

Auditing highly active AI agents requires identity, logging, and visibility into who can see what. Smart limits on data, tools, and spending are a natural outgrowth of Aperture’s gateway design. It’s a single place to see what’s happening, what happened, and what's being blocked from happening with your LLM tools.

See for yourself by getting started with Aperture on any Tailscale account, including our Personal plan. If you’d like to know more about how Aperture would fit your organization’s needs, contact us and we’ll walk you through it.