Cerbos + Aperture (Tailscale)
AI agent access control at the gateway level — enforces fine-grained authorization on tool calls from Claude Code, OpenAI Codex, Gemini CLI, and MCP servers without code changes.
What it does
Cerbos provides open-source, fine-grained authorization as a policy engine. Aperture by Tailscale provides visibility into AI agent actions across an organisation. Together they form an agent access control layer: Aperture shows what agents are doing, Cerbos controls what they are allowed to do. Policies are enforced at the gateway, independent of agent code — no code changes required in the agent itself.
Security relevance
Addresses LLM08 (Excessive Agency) directly by enforcing least-privilege on every tool call an agent makes. Works with all major agent frameworks: Claude Code, OpenAI Codex, Gemini CLI, Azure AI Agents, Amazon Bedrock, Mistral, and any MCP-compatible server. The gateway enforcement model means security controls cannot be bypassed by the agent — a critical property for autonomous AI systems.
When to use it
Deploy when you have AI coding agents (Claude Code, Codex) or autonomous agents accessing tools and need to enforce per-action authorization without modifying agent code. The gateway model makes this one of the fastest paths to agentic security — policies enforced externally, visible immediately.
OWASP coverage
Risks addressed — mapped to both OWASP Top 10 standards. 2 in LLM, 2 in Agentic.
The raw record
What Yuntona stores. Single source of truth — fork it on GitHub.
name: Cerbos + Aperture (Tailscale) slug: cerbos-aperture-tailscale type: Mixed category: Identity & AppSec url: https://www.cerbos.dev/tailscale-aperture reviewed: 2026-04 added: 2026-04 updated: 2026-04 risks: llm: [LLM07, LLM08] asi: [ASI02, ASI03] complexity: Guided Setup pricing: — audience: Blue Team lifecycle: [deploy] tags: [Agentic, AuthZ, Gateway, MCP, Policy Engine]