Behind the Winter Update was months of coordination, iteration, and cross-team execution.

This post is a shoutout to the folks who made the week possible. Read more on our blog

tailscale.com/blog/team-be...

#TailscaleWinterUpdate

Join us later today on Discord, as Avery and Travis recap the week's announcements, including Aperture, CI/CD workload connectivity updates, PAM, and more, plus an open AMA.

Kicks off at 4pm ET/1pm PT today! See you there! discord.gg/tailscale?ev...

#TailscaleWinterUpdate

Identity-based access is only half the story. You also need clear, queryable records of what actually happened.

Tailscale now adds identity-linked auditability across K8s, traffic, and SSH, without heavyweight PAM infrastructure.

tailscale.com/blog/auditab...

#TailscaleWinterUpdate

Workload identity federation is now GA in Tailscale.

CI, cloud, and Kubernetes workloads can authenticate using native OIDC identities instead of long-lived secrets, with API, Terraform, and tsnet support.

tailscale.com/blog/workloa...

#TailscaleWinterUpdate

Fleet device posture is now GA in Tailscale. 🎉 You can now use Fleet device state in Tailscale access policies, so enforcement says aligned as device state changes.💻

#TailscaleWinterUpdate

tailscale.com/blog/fleet-d...

Tailscale Services is now generally available.

Publish internal resources as named, identity-aware services instead of wiring clients to machines or IPs. Now app-aware with tsnet, Kubernetes support, and better observability.

tailscale.com/blog/service...

#TailscaleWinterUpdate

Log streaming now supports Google Cloud Storage (GCS).

Export audit/config logs and network flow logs (Enterprise) into your own GCS bucket for retention, investigation, and compliance, without breaking encryption.

tailscale.com/blog/gcs-log...

#TailscaleWinterUpdate

We’ve launched a new device posture integration with Huntress, now GA🎉

Huntress endpoint security signals can now be used directly in policies, so access updates automatically as device risk changes.

tailscale.com/blog/huntres...

#TailscaleWinterUpdate

Direct paths aren’t always possible in locked-down networks.

Peer Relays lets you run high-throughput relays on your own nodes, with static endpoints for restricted cloud environments and built-in observability. Now in GA 🎉

tailscale.com/blog/peer-re...

#TailscaleWinterUpdate

Winter Update Week is here ❄️

New Tailscale podcast episode with Alex + Avery, Kabir, and Harry covering what’s shipping this week and why it matters.

Watch ▶️ www.youtube.com/watch?v=jpFY...

#TailscaleWinterUpdate

API key sprawl + AI agents is a bad combo.

We are launching the Aperture by Tailscale open alpha: an AI gateway inside your tailnet that keeps provider keys centralized and ties AI usage to identity, with audit-ready logs.
tailscale.com/blog/apertur...

#TailscaleWinterUpdate

While the week is just getting started, there’s an exciting Discord Fireside chat with Avery (CEO), and Travis (VP, CX) on Friday to wrap things up!

Join us at 4pm ET/1pm PT on Friday February 20th. discord.gg/tailscale?ev...

#TailscaleWinterUpdate

Over the next week: what’s next for Tailscale as we expand from secure user connectivity into a platform for modern infrastructure access (AI workloads, services, cloud, Kubernetes, privileged access).

tailscale.com/blog/winter-...

#TailscaleWinterUpdate