What happens when your VPN meets 200 AI agents

Wait 5 sec.

Providing secure access for your human staff is no simple task. For one, traditional VPNs often grant unnecessarily broad access, so you may have replaced that aging technology with a newer zero-trust network access (ZTNA) solution. And you may have hammered your human-centered privileged access management (PAM) tools into working order, so your engineers are just as happy as your security auditors.But what happens when you add dozens or hundreds of AI agents to the equation? We know that today’s enterprise is racing to become agentic. Or what if you want to run continuous integration (CI) and continuous deployment (CD) jobs? After all, you want a modern DevOps stack! You’ll learn quickly that the tools you built and tuned for human access come up short.Checking identity upfront isn’t enough to securely control access. You need to be able to tailor access based on need, not merely identity. And you’ll need to be able to revoke access when work is completed and provide an audit trail to boot. Even more, you don’t want to run separate access architecture for humans and agents. To support both human and agentic network access, companies need a unified architecture that can handle all access requests without compromise or delay. That means one consistent policy regardless of who requests access or what they need.Join us on July 22Today, there are frameworks and tools you can use to harmonize network access control, intelligent PAM, and agentic control into a single access layer that can handle any request from any source at any time.On July 28, 2026, Tailscale Solutions Engineer Kartik Bharath and Tailscale Product Manager XingLu Wang will join The New Stack to dig into the difficulties that human-first access policies face in the agentic era and how to address them.We’ll walk you through what a unified access architecture actually covers today: human developers, contractors, pipelines, and AI agents, under one consistent policy model, without adding IT overhead or slowing down engineering teams.How to join this free, live event REGISTER NOW FOR THIS WEBINARWhat best describes your biggest access management challenge today?*Please selectVPNs are over-permissive and create constant IT toil managing exceptions and access requestsPAM tools were built for compliance auditors, not the engineering teams that actually use themNo consistent policy model for non-human identities like AI agents, pipelines, and service accountsSprawling access tools for different identity types with no unified visibility or controlJust exploring the topic / no specific challenge yetRegisterYou have successfully registered for the webinar.$(document).ready(function() {// Get UTM parameters.var utm_source = window.tns.getUTMParameterValue('utm_source');var utm_medium = window.tns.getUTMParameterValue('utm_medium');var utm_campaign = window.tns.getUTMParameterValue('utm_campaign');var utm_term = window.tns.getUTMParameterValue('utm_term');var utm_content = window.tns.getUTMParameterValue('utm_content');if (utm_source) { $('input[name="utm_source"]').val(utm_source) }if (utm_medium) { $('input[name="utm_medium"]').val(utm_medium) }if (utm_campaign) { $('input[name="utm_campaign"]').val(utm_campaign) }if (utm_term) { $('input[name="utm_term"]').val(utm_term) }if (utm_content) { $('input[name="utm_content"]').val(utm_content) }if ( $('.airmeet-container[data-event-id]').length ) {var eventId = $('.airmeet-container[data-event-id]').data('event-id');$.get('/wp-json/airmeet/fetch-event', { event_id: eventId }).done(function(response) {// You can populate webinar title and meta here, for example:if(response && typeof response === 'object') {$('.airmeet-webinar-name').text(response.name);var date = new Date(response.start_time);var formatted = date.toLocaleString("en-US", {month: "long",day: "numeric",year: "numeric",hour: "2-digit",minute: "2-digit",hour12: true,//timeZone: "UTC"timeZoneName: "short"});$('.airmeet-webinar-time span').text(formatted);$('.airmeet-container').show().removeAttr('hidden');$(window).trigger('airmeet-webinar-loaded');}}).fail(function(xhr) {console.error('Failed to fetch Airmeet event', xhr);});}/** * Show Airmeet stage based on state * * 1 - webinar form (whether logged in/out) * 2 - thank you screen or video embed */function showAirmeetStage( stage ) {if ( stage == 1 ) {// Logged out.$('.airmeet-webinar-form').show().removeAttr('hidden');$('.airmeet-success, .airmeet-video').hide().attr('hidden', true);} else if ( stage == 2 ) {// Is there a video available?if ( $('.airmeet-video').length ) {// Video embed, prepare the iframe and show.$('.airmeet-webinar-form, .airmeet-success').hide().attr('hidden', true);$('.airmeet-video iframe').attr('src', $('.airmeet-video iframe').attr('data-src'));$('.airmeet-video').show().removeAttr('hidden');} else {// Thank you screen.$('.airmeet-webinar-form').hide().attr('hidden', true);$('.airmeet-success, .airmeet-video').show().removeAttr('hidden');}}// Reset immediate registration flag.window.shouldSubmitWebinarRegistration = false;}/** * Fetch Airmeet registration status for current user. * @param {string} eventId * @returns {Promise} resolves with registration status object or rejects with error. */function fetchRegistration(eventId) {return $.post('/wp-json/airmeet/registration-status', { event_id: eventId }).done(function(response) {if ( response.registered ) {// Already registered, don't resubmit.showAirmeetStage(2);} else {if ( window.shouldSubmitWebinarRegistration ) {submitRegistrationForm();} else {showAirmeetStage(1);}}}).fail(function(xhr) {// Just show form.showAirmeetStage(1);});}// Recheck login state after event is loaded$(window).on('airmeet-webinar-loaded', function() {fetchRegistration(eventId);});// Recheck login state during whichever of these lifecycle events happen first$(window).on('webinar-login-complete webinar-profile-updated webinar-confirmation', function() {if ( ! window.fetchRegistrationAttempted ) {fetchRegistration(eventId);}window.fetchRegistrationAttempted = true;});function submitRegistrationForm() {// Collate all hidden values in the registration form, excluding "questions" and submit with the AJAX request.var $form = $('.airmeet-registration-form');var data = {};$form.find('input[type="hidden"]').each(function() {var key = $(this).attr('name');var value = $(this).val();data[key] = value;});// Questions.data['questions'] = [];$form.find('[data-question]').each(function() {data['questions'].push({question: $(this).data('question'),answer: ($(this).is('select')) ? $(this).find('option:selected').val() : $(this).val()});});$form.find('button[type="submit"]').prop('disabled', true).text('Registering...');$.post('/wp-json/airmeet/register', data).done(function(response) {// Show success screen.showAirmeetStage(2);}).fail(function(xhr) {console.error('Failed to register for event', xhr);$form.find('button[type="submit"]').prop('disabled', false).text('Register');});};// Submit registration form.$('.airmeet-registration-form').on('submit', function(e) {e.preventDefault();/*const user = window.tns.getCookie('tns-user');if (user) {// Logged in.submitRegistrationForm();} else {window.shouldSubmitWebinarRegistration = true;//$('.masthead-login-button').trigger('click');loginForWebinarRegistration();}*/window.shouldSubmitWebinarRegistration = true;loginForWebinarRegistration();});function loginForWebinarRegistration() {// Resampling the login config, just changing the subscriptions to suit.window.imgjs.subscribe.config.onClose = function(user) {if (user) {window.tns.setCookie('tns-user-id', user.author_id, 8400)window.tns.setCookie('tns-user', JSON.stringify(user), 8400)/// Update the BlueConic profile with the email and Ory IDconst profile = window.blueConicClient.profile.getProfile()profile.setValue('email', user?.email)profile.setValue('ory_id', user?.author_id)window.blueConicClient.profile.updateProfile()$('.masthead-login-button').text("")/// Determine if it's a new subscription by testing/// if the createdAt date is today's dateif (window.imgjs.subscribe.isNewSubscription(user.createdAt)) {window.dataLayer.push({'event' : 'user_registration','url' : window.location.href,'channel': window.imgjs.subscribe.channel,'channel_id': window.imgjs.subscribe.channel_id})}window.dataLayer.push({'event' : 'webinar_registration','object_id' : '22828660','object_type' : 'webinar'});$(window).trigger('webinar-login-complete');} else {console.log('[IMG Subscribe] ERROR Failed to validate OTC')window.tns.setCookie('img-session-token', '', -1)window.tns.setCookie('tns-user-id', '', -1)window.tns.setCookie('tns-user', '', -1)$('.masthead-login-button').text("LOGIN")$(window).trigger('webinar-login-failed');}}var subscriptions = {mc : [],hs : ['688810681', /// TNS Weekly (PROD)'688810832' /// Events & Webinars (PROD)]}window.imgjs.subscribe.config.onProfileUpdate = function(data) {console.log("Set tns-user cookie with the following data:")console.log(data)if (data.user) {window.tns.setCookie('tns-user-id', data.user.author_id, 8400)window.tns.setCookie('tns-user', JSON.stringify(data.user), 8400)$(window).trigger('webinar-profile-updated');} else {console.error("[IMGJS] ERROR No user returned to onProfileUpdate")}}window.imgjs.subscribe.config.onConfirmation = function() {$(window).trigger('webinar-confirmation');};window.tns.user = window.tns.getCookie('tns-user')if (window.tns.user) window.tns.user = JSON.parse(window.tns.user)window.imgjs.subscribe.channel = 'webinar'window.imgjs.subscribe.channel_id = 'still-managing-separate-access-tools-for-humans-pipelines-and-ai-agents'//window.imgjs.subscribe.open(null, subscriptions, 'login');window.imgjs.subscribe.open(null, subscriptions, 'login', window.tns.user);}}); What you’ll learn:A clear model for extending your existing access controls to non-human identities without needing a separate tool for each identity typeArchitectural guidance on where identity-based networking, PAM, and AI agent policy fit togetherA practical starting point for teams that need to move fast without creating new security debtThe post What happens when your VPN meets 200 AI agents appeared first on The New Stack.