In April, we announced a partnership with Tailscale to bring real-time security evaluation to AI traffic at the network layer. Tailscale Aperture captures every LLM interaction across your organization, prompts, responses, tool calls, user identity, without requiring changes to the agents themselves. Highflame evaluates that traffic against your configured security policies and surfaces what’s actually happening across your AI footprint.
That solved the visibility problem.
Security and platform teams could finally see which agents were making requests, which tools were being called, which users were behind those sessions, and which policies were matching. For many organizations, it was the first real window into their AI activity.
But seeing a risky request is not the same as stopping it. Visibility tells you what happened. Enforcement determines what happens next.
Today, we’re completing that picture.
What visibility gave you and what was still missing
The first integration was built around a simple insight: most organizations lack visibility & coverage. Agents built by individual teams, vendor tools making LLM requests in the background, shadow AI agents, unauthorized coding agents, unmanaged deployments adopted before security could review them none of these were visible, let alone governed.
Routing AI traffic through Aperture closed that gap. Every interaction passing through the network became observable. Highflame could tell you which agents were active, which tools were being used, and which security rules were relevant.
What it couldn’t do was stop a request before it reached the model provider.
Runtime enforcement: stopping risky requests before they leave your environment
The updated integration adds an enforcement layer that operates before a request reaches the model provider. When a request passes through Aperture, Highflame now evaluates it inline against your AI security policies checking for secret leakage, prompt injection, data exfiltration, and high-risk inputs and returns a decision in real time. Allow the request to continue, or block it before the model provider ever sees it.
The rollout model is designed for safety. Policies don’t have to block on day one. Security teams can run any rule in monitor mode, review matches against real traffic, and turn on blocking only when they’re confident in the policy. Start with visibility, tune against actual agent behavior, enforce when ready. That progression from observation to enforcement is now a single continuous workflow inside the same integration.
What the two capabilities solve together
Visibility and enforcement answer different questions.
Visibility tells you what your AI agents are doing: which users, which sessions, which tools, which rules matched. It’s the foundation of any governance program you can’t govern what you can’t see.
Enforcement lets you act on what you know: stopping requests before the model provider sees them, applying policies consistently across every agent that routes through Aperture, and building audit evidence that reflects real decisions made in real time.
Used together, they cover the full governance lifecycle. Security teams can start by understanding their AI footprint, identifying the highest-risk patterns, and tuning policies against real traffic, then activate enforcement for the controls they’re ready to apply. Compliance teams get an audit trail that includes both what was detected and what was stopped.
One integration. Consistent coverage.
The operational model stays simple.
Aperture sends all events visibility and enforcement alike to a single Highflame endpoint, authenticated with one API key. There’s no separate integration path for observation versus blocking. No per-team configuration. No agent modifications required.
For platform teams, this means governance extends to every agent that routes through Aperture managed tools, unmanaged tools, and tools you didn’t know were making LLM requests until you turned on the gateway. For security leaders, it means consistent policy coverage across a heterogeneous agent landscape, without waiting for individual teams to instrument their own tooling.
What this unlocks
Organizations already running the Tailscale Aperture + Highflame gain enforcement capabilities through a configuration update. No new integration work required.
Security teams can apply policies that block across every agent covered by Aperture simultaneously. Compliance teams have audit trails that include both detection events and enforcement decisions. Platform teams can govern consistently whether the agent was built in-house, adopted from a vendor, or deployed by a team that never ran it through a security review.
The AI agents already in your organization managed and unmanaged alike enter the same governance model as the agents you built and instrumented yourself.
One network-level gateway. One policy layer. The ability to see everything and stop what matters.
The integration is now documented in the official Tailscale docs. If you’re already running Tailscale Aperture, the Highflame integration guide walks through configuration for both enforcement and observability modes.
