All integrations
Aperture
AI

Zero Trust authorization for AI agents with Aperture by Tailscale

Enforce fine-grained, identity-aware authorization on AI agent tool calls routed through Aperture by Tailscale using Cerbos.

Identity-aware authorization

Identity-aware authorization

Tailscale attaches identity to every connection. Cerbos uses that identity to enforce fine-grained tool-call authorization per user and role.

Visibility and control

Visibility and control

Aperture shows which agents are running and what they invoke. Cerbos determines whether each action is allowed based on policy.

No code changes

No code changes

Policies are enforced at the gateway, independent of agent code. Update permissions without redeploying your agents.

How Cerbos works with Aperture by Tailscale

AI agents and tools introduce a new class of authorization challenges. They act on behalf of users, access sensitive data, and chain operations, all of which need fine-grained access control.

Cerbos provides policy-driven authorization that controls what AI systems can do, which data they can access, and on whose behalf. Policies are written in human-readable YAML and evaluated at request time.

With Cerbos and Aperture by Tailscale, you get guardrails that scale with your AI adoption, centrally managed policies, full audit trails, and sub-millisecond decision times that don't slow down agent workflows.

Policy-as-codeHuman-readable YAML policies managed like source codeScalable PDPStateless policy decision point with sub-millisecond latencyCentralized managementManage, test, and deploy policies from a single control plane

How Cerbos authorizes agents through Aperture

  1. Agent connects via Aperture, The AI agent routes through Aperture by Tailscale, which attaches the user's identity to the connection.
  2. Tool call triggers an authorization check, Before a tool call proceeds, the request is sent to the Cerbos PDP with the user context, tool, and target resource.
  3. Cerbos evaluates policies, The PDP applies fine-grained rules based on identity, role, and environment. Decisions are deterministic and auditable.
  4. Allow or deny, with full audit trail, Cerbos returns a decision. Every tool call is logged with the principal, action, resource, and result.

FAQ

How does Cerbos work with Aperture by Tailscale?

Aperture routes AI agent traffic over your Tailscale network with identity attached to every connection. Cerbos evaluates fine-grained policies at every tool call to decide what each agent can do, based on the identity, role, and context provided by Tailscale.

Can I control which tools each agent can use?

Yes. Cerbos policies are attribute-based, so you can restrict tool access by user, role, department, or any other context. Policies are written in YAML and managed outside your application code.

Does this provide an audit trail for agent actions?

Yes. Aperture tracks which agents are running and which tools they invoke. Cerbos logs every authorization decision with full context, giving you a complete audit trail of what was allowed, denied, and why.

Learn more about Cerbos

How Cerbos worksCerbos PDPCerbos HubWebinars and ebooksFeatures & use casesSuccess stories

Related integrations

View all integrations →
Agent2Agent
Agent2Agent ProtocolPolicy-driven authorization for inter-agent communication via the Agent2Agent protocol
AI
Agent Gateway
Agent GatewayPolicy-driven authorization for MCP, A2A, and LLM traffic through Agent Gateway
AI
ChromaDB
ChromaDBTranslate Cerbos query plans into ChromaDB metadata filters
Data filteringAI
Claude Agent SDK
Claude Agent SDKGate Claude agent tool calls and data access through Cerbos policies
AI
Claude Code
Claude CodeCentralized policy enforcement and audit logging for Claude Code agent tool calls
AI
CrewAI
CrewAIPer-agent and per-tool authorization for CrewAI multi-agent workflows through Cerbos policies
AI

Cerbos + Aperture by Tailscale

  • Cerbos policies govern AI agent tool access and data visibility
  • Full audit trail for every AI tool call and data access
  • Per-user permissions enforced across autonomous agent workflows
  • Sub-millisecond policy evaluation with no agent pipeline overhead
Book a free policy workshopTry the Playground