Cerbos + Aperture by Tailscale
Fine-grained authorization for AI agents
Control what every AI agent is allowed to do at the moment a tool call is made. Policy-driven decisions with full context about who is making the call and what they are trying to do.
What you get
Every AI agent tool call — reads, writes, database queries, API calls — evaluated against your authorization policies before execution.
Policies enriched with real-time context from Tailscale identity, Okta, Workday, PagerDuty, and more to build a complete picture of who is making the call and under what conditions.
Update authorization rules in seconds across your entire tailnet - no redeployments, no agent modifications, no coordination required.
Decision-level audit evidence for every tool call: who made it, what was attempted, which policy evaluated it, and the result.