Agent Network

Keyless,
Identity-Aware Access
to Any AI.

NetBird replaces long-lived AI API keys with network-layer access tied to groups in your identity provider. Verified identity flows into LiteLLM, Cloudflare, and other gateways for audit, cost attribution, and policy enforcement.

Deploy NetBird Request a demo

Scroll

Reachability

Tunnel-only access.

NetBird wraps your AI gateway in a private WireGuard network with no public ingress — reachable only through policy-gated encrypted tunnels tied to your OIDC IdP (Okta, Entra, Google). Drop a user from the group or disable their policy, and access drops within seconds.

Engineering

384 Users

Marketing

66 Users

Agents

192 Agents

NetBird Proxy

https://ai.netbird

LiteLLM

AI Gateway

Identity

No shared API keys.

Every request carries the real caller's identity — email or agent name plus IdP group memberships — stamped by NetBird as headers for LiteLLM, Cloudflare, or any gateway. Audit logs name real people, costs attribute to the right team, and per-group limits enforce themselves, all driven by your IdP instead of a static API key.

~/.zshrc

diff

# Claude Code configuration

export ANTHROPIC_API_KEY="sk-ant-9xK4mP2nQ7rZ..."

export ANTHROPIC_BASE_URL="https://api.anthropic.com"

export ANTHROPIC_BASE_URL="https://ai.netbird"

No API key in the config. Identity is stamped by the NetBird proxy and forwarded to the gateway as headers or metadata.

Governance

Spend caps, rate limits, full audit.

No gateway, or want spend controls inside NetBird itself? Attach token and dollar caps to any policy, per group or individual. Every request hits the access log with identity, model, tokens, cost, latency, and status — attribute spend, catch runaway agents, and stream it all to your SIEM.

Engineering → Claude Code· Policy

Token Limit

Group: 100k · Individual: 10k · resets every 1d

Budget Limit

Group: $10000 · Individual: $500 · resets every 30d

Access LogStatus

Time

User / Agent

Model

Tokens

Cost

Status

14:32:08

sarah.chen@acme.io

User

gpt-5.5

1,240

$0.0124

200

sarah.chen@acme.io

User · 14:32:08

200

gpt-5.5

1,240 · $0.0124

14:32:01

data-extractor

Agent

claude-opus-4.7

8,512

$0.0851

200

data-extractor

Agent · 14:32:01

200

claude-opus-4.7

8,512 · $0.0851

14:31:54

marcus.lee@acme.io

User

gpt-5.5

2,104

$0.0421

200

marcus.lee@acme.io

User · 14:31:54

200

gpt-5.5

2,104 · $0.0421

14:31:47

crm-sync

Agent

gpt-5.5

—

429

↳ Budget exceeded

crm-sync

Agent · 14:31:47

429

gpt-5.5

— · —

↳ Budget exceeded

Beyond AI

Universal access plane.

The same overlay that fronts your AI gateway fronts everything else too — databases, internal servers, staging, any private resource. Agents and users connect directly over encrypted peer-to-peer WireGuard tunnels: one identity-aware network across cloud, on-prem, and hybrid, governed by your policies.

Engineering

384 Users

Agents

192 Agents

Marketing

66 Users

Database

Postgres

CRM

Internal

Engineering

384 Users

Agents

192 Agents

Marketing

66 Users

Database

Postgres

CRM

Internal

Set up your Agent Network in under 10 minutes.

Get Started Free

Keyless,Identity-Aware Accessto Any AI.

Tunnel-only access.

No shared API keys.

Spend caps, rate limits, full audit.

Universal access plane.

Set up your Agent Network in under 10 minutes.

Keyless,
Identity-Aware Access
to Any AI.