初创公司尽调
English RSS
尽调报告 Cybersecurity Series C 2026-05-21

Tailscale

开发者驱动的安全网络平台,正从网状 VPN 扩展到 PAM 和 AI 治理

Tailscale 是一家技术差异化很强的安全网络公司,客户口碑真实,也有可信的品类外延;但缺少公开 ARR、利润率和留存披露时,April 2025 Series C 估值仍很难干净承销。

封面要素

最新公开估值 01
1450 USD M [CO012]
累计融资 02
275 USD M [CO013]
企业客户 03
10000 [CO016]
成立时间 04
2019 [CO001]
入门付费套餐 05
8 USD / user / month [CO037]

公司概况

Tailscale 是一家在 Toronto 注册、全远程运营的安全网络公司,由 Avery Pennarun、David Carney、David Crawshaw 和 Brad Fitzpatrick 于 2019 年创立。公司靠基于 WireGuard、身份优先的网状连接打出口碑:部署比传统 VPN 更轻,也更贴合多云、开发者和远程团队工作流。以公司年限看,公开牵引信号很强:截至 2025 年 1 月,企业客户超过 10,000 家;已出现具名 AI 和企业用户;2025 年 4 月完成 $160 million Series C 轮,估值约 $1.45 billion。产品范围正扩到特权访问管理(PAM)和 AI 治理工作流,但 ARR、利润率、留存和当前股权结构细节仍受私营公司不透明限制, 投资判断空间有限。

官网
tailscale.com
成立时间
2019-03-23
创始人
Avery Pennarun, David Carney, David Crawshaw, Brad Fitzpatrick
创立地点
Toronto, Canada
总部
Toronto, Canada
产品
Tailscale 销售基于 WireGuard 的身份优先安全连接,把加密网状网络、设备与用户策略、SSH 和 Kubernetes 访问、子网路由、 出口节点、日志,以及 PAM 和 AI 治理等新扩展打包在一起。
客户
开发者、IT、安全团队、分布式企业、AI 初创公司,以及拥有多云或混合基础设施、需要更简单安全访问的组织。
商业模式
免费增值和按用户计费的 SaaS 定价:个人免费、自助付费层,以及定制企业合同;企业包越来越多捆绑 PAM、AI 安全、CI/CD 连接和实施支持等相邻能力。
阶段
Series C
融资情况
最近一次披露融资是 2025-04-08 宣布的 $160 million Series C 轮,由 Accel 领投,CRV、Insight Partners、Heavybit 和 Uncork 参投;公开累计融资约 $275 million,投后估值约 $1.45 billion。
[CO001, CO002, CO004, CO005, CO011, CO012, CO013, CO016]

执行摘要

主要优势

  • Tailscale 的技术切口清楚:基于 WireGuard、身份优先的网状网络,比传统 VPN 或 ZTNA 堆栈更容易部署,也更能打动开发者和基础设施团队。
  • 作为一家年轻基础设施公司,Tailscale 的公开牵引力异常强:到 early 2025,企业客户超过 10,000 家,已披露 AI 和企业标杆客户,并拿到 $160 million Series C 投资人支持。
  • 产品外延切入 PAM 和 AI 治理,把变现空间从安全连接拓宽出去,同时仍贴着公司身份与访问控制的基础能力。

主要风险

  • 私企不透明是核心承销难点:公开来源没有披露 ARR、收入规模、毛利率、烧钱速度、现金跑道、留存或当前优先权堆叠。
  • 仅靠公开数据,2025 估值看起来偏高;尤其是投资人围绕 AI 基础设施客户的热情,可能跑在已披露财务基本面前面。
  • 打包企业套件、以检查为中心的安全堆栈和自托管替代方案都在施压;同时,已披露漏洞以及对协调平面的服务依赖,仍给 Tailscale 带来产品信任风险。

未决问题

  • 当前 ARR、收入增速、毛利率、自由现金流和净留存没有公开披露,仍是干净做估值的最大障碍。
  • 准确 2026 员工数、客户结构,以及免费或爱好者使用转化为持久企业支出的路径,公开证据只露出一部分。
  • 完整股权结构表、董事会权利、清算优先权,以及 Series C 后任何内部人或老股定价,都未公开。
  • 客户集中度和队列耐久性仍无法量化,尤其是 AI 初创客户与更广泛企业买家各占多大比例,现有公开证据没有给出答案。

目录

Chapter 01

01公司概况

1.1 身份、产品架构与公司足迹

Tailscale 作为私营基础设施厂商,公司叙事少见地清晰:它要让安全连接变得像不存在一样,服务的是需要安全连接、却不想背上传统 VPN 和网络覆盖层运维负担的用户。公司自有页面始终把产品定义为基于 WireGuard 的身份优先安全连接:端到端加密的网状数据平面、 轻量协调控制平面,以及外包给 SSO 或目录提供商的身份能力,而不是另建一套凭证系统。官方页面还显示,产品家族已从最初的企业 VPN 切入点扩到 PAM、CI/CD 连接、AI 治理、工作负载连接、边缘和 IoT 场景,以及面向开发者的远程访问。公司足迹证据略不如产品证据干净: 加拿大公司记录显示注册办公室在 Toronto,Osler 称公司总部在 Toronto,Tailscale 自己则称始终全远程。尽调上更清晰的读法是: Tailscale 在法律和声誉上锚定 Toronto,运营上则按设计分布式。公司叙事里还保留明显的开源和隐私姿态:节点软件公开在 GitHub,隐私政策反复强调加密网状连接是核心服务,客户故事显示产品用于云、笔记本、服务器和开发者工具,而不只是总部式远程访问。[CO001, CO002, CO003, CO004, CO005, CO006]

KPI 快照表
指标数值 / 状态日期 / 依据置信度缺口 / 注意事项
创立 / 注册2019 年注册;运营历史始于 2019 年2019-03-23 至 2022-05-04创始团队构成在媒体报道中比在单一官方创始人页面中记录得更清楚
注册地址 / 锚点100 King Street West, Suite 6200, Toronto ON(注册地址)2022-09-29 注册地址日期注册地址并不能证明分布式员工主要在哪里办公
运营足迹全远程公司当前远程运营模式并不抹去 Toronto 的法律和声誉锚点
现任 CEOAvery Pennarun当前CEO 之外的公开名单有限
董事会可见度Avery Pennarun、David Carney、Amit Kumar 被列在董事会名下;投资人伙伴另列当前公开董事 / 观察员名单看起来只是部分披露,并不完整
最近一次新股融资$160M Series C,由 Accel 领投2025-04-08除投资人和金额外,融资条款未公开
最新公开估值约 $1.45B 投后 / 约 $2B CAD2025-04-08未保留更新的新股融资或老股交易估值标记
累计融资~$275M2025-04-08种子轮和 Series A 细节比 Series B/C 更薄
商业客户截至 2025 年 1 月,10,000+2025-01-14公司后来称数量更高,但没有发布精确更新总数
员工数公开范围为 150 至 1772025-04-08两篇 2025 年 4 月报道对确切员工数有冲突
产品范围网状 VPN、零信任连接、PAM、CI/CD、AI 治理、工作负载和边缘连接当前部分较新的相邻方向仍处早期或刚刚推出
负面运营事项两个已披露的 2026 年安全漏洞;公开状态页和事故政策2026-01-15 至 2026-05-13未保留大规模利用的公开证据

各行结合官方公司材料、公司注册数据和可信媒体报道;数值冲突或仍属私密时,表格给出区间或注意事项,而不是点估计。

[CO001, CO003, CO004, CO007, CO008, CO009]
FO001: 公司快照逻辑

Tailscale 的身份优先网络、分布式运营模式、客户牵引和扩张押注如何互相强化。

[CO004, CO005, CO006, CO024, CO025, CO028]

1.2 领导层、治理与资本基础

领导层和所有权信号足以定向,但不足以完整判断治理风险。公司介绍页把 Avery Pennarun 放在 CEO 位置,David Carney 与他并列为首席战略官;同一页面把 Accel 的 Amit Kumar 列入董事会,并把 Uncork、Insight、CRV、Heavybit 的投资合伙人作为重要战略支持者呈现。外部报道补足创始历史:Pennarun、David Crawshaw、David Carney 和 Brad Fitzpatrick 反复被识别为创始阵容,Pennarun 在 2025 和 2026 年的融资、发布和收购报道中仍是可见的公开运营者。 资本形成披露远好于高管结构。Tailscale 自己的 Series B 和 Series C 文章,加上 Business Wire、BetaKit、BankInfoSecurity、Accel 和 Osler,支持这样一条路径:2022 年 $100 million Series B,2025 年 4 月 $160 million Series C,累计融资约 $275 million,投后估值约 $1.45 billion。 主要残余缺口不在轮次历史,而在私营股权结构:准确持股、投票权、清算优先权和当前董事会委员会并未公开。[CO002, CO008, CO009, CO010, CO011, CO012]

管理层与创始人表
人物当前公开角色 / 相关性背景或证据关键人物依赖
Avery PennarunCEO 兼联合创始人官方 About 页面加上融资和发布报道,使他成为最核心的公开运营者和发言人高——核心技术和战略声音
David Carney首席战略官;联合创始人官方 About 页面把他列在董事会名下,创始历史也把他纳入原始团队高——连接产品、战略和公司历史的重要桥梁
David Crawshaw联合创始人;技术创始人信号Series B 和外部资料持续把他识别为原始建设者,尽管他在公开高管页面上的可见度较低中——属于创始可信度的一部分,但在面向公众的治理中不那么核心
Brad Fitzpatrick外部历史记载的联合创始人外部融资报道反复把 Fitzpatrick 纳入创始团队中——即便没有日常公开角色细节,创始人品牌仍有意义
Amit KumarAccel 合伙人兼董事会人物官方 About 页面把他列在董事会名下;Accel 领投 2025 年 Series C中——资本市场和治理影响力
投资人伙伴群Uncork、Insight、CRV、Heavybit 代表以战略伙伴身份出现官方 About 页面和融资披露显示,他们仍在公司叙事中占据显著位置中——说明公司仍带有集中度较高的风险投资支持治理姿态

这是一份有代表性的公开名单,覆盖创始人、董事会和领投方影响力,不是每位高管、董事或观察员的法定清单。

[CO002, CO008, CO009, CO010, CO034]
利益相关方或投资人图谱
利益相关方角色控制权 / 经济重要性公开证据尽调问题
Avery PennarunCEO / 联合创始人现任运营者,且很可能持有有意义的普通股官方 About 页面;融资报道确认持股、投票权和留任激励
David Carney联合创始人 / CSO创始连续性和战略影响力About 页面;创始人历史确认当前持股和职能边界
AccelSeries A 和 Series C 领投方领投增长轮的支持方,并通过 Amit Kumar 影响董事会Series C 博客;Accel 说明;About 页面确认按比例认购权和任何控制条款
CRVSeries B 领投方独角兽阶段融资后的主要风险投资持有人Series B 博客;BetaKit;About 页面确认 Series C 后的当前持股
Insight PartnersSeries B 领投方大型软件成长投资人,并具董事会可见度Series B 材料;About 页面确认董事会、观察员或信息权
Heavybit早期基础设施投资人体现强开发者基础设施契合度Series B/C 披露;About 页面确认当前持股和跟投权
Uncork Capital早期投资人仍在当前融资轮中被点名的早期阶段支持方Series B/C 披露;About 页面确认当前持股和稀释历史
天使投资人群体George Kurtz、Anthony Casalena 和后续融资轮中的其他天使增加信号价值和人脉触达,但治理权重不清楚Series C 材料确认是否有天使持有特殊权利或董事会观察席位

公开证据能识别重要资本对手方,但不能给出完整股权结构表、清算堆叠或董事会观察员机制。

[CO011, CO012, CO013, CO014, CO015, CO034]
FO003: 快照 KPI

公开可见的规模和公司形态指标;关键不确定性直接标出,不做平滑处理。

估值和员工数是公开媒体数字,并非经审计披露;AI 客户和业务范围指标是方向性战略信号。

[CO007, CO012, CO013, CO016, CO019, CO021]

1.3 牵引、里程碑与风险提示

最强公开牵引信号不是收入披露,而是客户采用。Tailscale 宣布 2025 年 1 月企业客户突破 10,000 家,十个月前为 5,000 家;公司和投资人都强调,到 2025 年 4 月 Series C 结束时,这个数字又更高。具名引用强化了采用质量: 官方故事突出 Instacart、Hugging Face、Mercury 和 Cribl,融资报道指向 Perplexity、Mistral、 Cohere、Groq、SAP、Telus、Duolingo 和 Motorola 等企业或 AI 用户。Series C 之后,里程碑节奏也加快。 2026 年 2 月,Tailscale 发布面向 AI 治理的 Aperture;2026 年 3 月收购 Border0,把特权访问控制和会话可见性补到更靠近应用层的位置。 主要反向提示不是公开诉讼或监管行动,而是安全平台自身带来的安全与服务可运营性暴露:Tailscale 发布详细安全公告,披露了两个值得注意的 2026 年漏洞,并维护公开状态页和事故政策。公开员工数也不一致,2025 年 4 月报道同时引用 150 和 177 名员工, 因此规模只能方向性看待,不能精确建模。这个组合对尽调重要:公司正试图成为连接和授权的更广义控制平面,同时仍背着安全软件固有的问责负担。 产品故事扩张得比财务披露更快,所以运营信任和执行质量仍比标题估值本身更重要。[CO016, CO017, CO018, CO019, CO020, CO021]

里程碑表
日期事件类型金额 / 估值 / 状态参与方含义
2019-03-23Tailscale 在加拿大注册成立创立存续公司,注册地址在 TorontoTailscale Inc.建立法律公司壳和加拿大锚点
2020-03-20How Tailscale Works 发布产品说明 WireGuard mesh / 控制平面模型的架构Avery Pennarun;Tailscale早期确立技术身份和开源姿态
2022-05-04$100M Series B 公布融资$100M;CRV 和 Insight Partners 领投Tailscale;CRV;Insight;Accel;Heavybit;Uncork 等参与方推动公司进入独角兽阶段扩张模式
2025-01-1410,000 家商业客户里程碑规模10,000 家商业客户;十个月前为 5,000 家Tailscale证实强商业采用和更快的商业化速度
2025-04-08$160M Series C 公布融资$160M;约 $1.45B 投后估值Tailscale;Accel;CRV;Insight;Heavybit;Uncork 等参与方提供增长资本,并验证品类相关性
2025-04-08公开强调 AI 客户集中度规模Perplexity、Mistral、Cohere、Groq、Hugging Face 被点名Tailscale;AI 初创公司把公司与高增长客户群联系起来
2026-02-17Aperture 以开放 alpha 版发布产品与身份绑定的 AI 治理层Tailscale;Oso;Cerbos;Apollo Research;Cribl 等参与方把产品范围从纯网络扩展到 AI 治理
2026-03-17Border0 加入 Tailscale合作收购特权访问管理团队和产品Tailscale;Border0增加应用层访问控制和可审计性
2026-05-13ACL 绕过漏洞披露并修复负面在 1.98.0 版本修复Tailscale;受影响用户显示公司扩张时必须把安全产品运营做好

这条时间线强调尽调最相关的已披露拐点;未披露客户赢单、内部组织变化或非公开融资步骤必然缺席。

[CO001, CO005, CO011, CO014, CO016, CO021]
FO002: 公司里程碑时间线

从公司注册到 2026 年产品与安全节奏的部分公开里程碑。

时间线有意选择而非穷尽,聚焦对身份、规模、资本和信任最重要的里程碑。

[CO001, CO005, CO006, CO011, CO012, CO013]

1.4 展示要点

Chapter 02

02市场分析

2.1 市场边界、纳入支出与现状替代品

不应把 Tailscale 的市场口径算成「全部网络安全」,甚至也不应算成「全部 SASE」。公司自己的文档把它放在更窄但仍有意义的切口: 身份优先安全连接,替换传统 VPN 访问,延伸到 PAM 和工作负载访问,现在又触达 AI 基础设施和智能体治理。也就是说,纳入支出包括远程和第三方应用访问、 基础设施访问、用户与工作负载身份执行、开发者和 CI/CD 连接,以及让这些流在企业规模下可用的策略层。主要排除支出包括更广义的 Web 和邮件安全、完整 CASB 和 DLP 套件,以及整个 SD-WAN 或分支网络栈,除非这些预算正因零信任项目重新打开。因此,替代集合与标题品类标签同样重要。 传统 VPN 和自管 WireGuard 仍是很多团队的现状;ZeroTier 和 NetBird 是软件优先的覆盖网络替代品;Teleport 争夺 PAM 和工作负载身份预算;AWS、Microsoft、Cloudflare、Cisco、Zscaler 和 Palo Alto 都把重叠访问控制打包进更大的套件。 尽调时,真正有用的边界是这笔支出:以低运维摩擦把正确的人、设备或工作负载连到正确私有资源,而不是分析师营销里每一美元叫作 SASE 的预算。[CM001, CM003, CM004, CM005, CM006, CM007]

市场定义表
细分 / 类别纳入支出排除支出买方 / 付款方相关性
直接 ZTNA / 商业 VPN 替代远程用户访问、应用访问、承包商访问、最小权限策略、身份驱动的访问执行消费级 VPN 和通用互联网隐私工具IT、安全和技术团队预算Tailscale 明确瞄准的核心切入点
基础设施与工作负载访问SSH、数据库、Kubernetes、CI/CD、云到云、工作负载身份、临时 runner不改变访问策略的通用计算或可观测性支出平台工程、DevOps、安全高度契合的扩张区,Tailscale 在这里按用户加部分资源收费
AI 基础设施和智能体治理GPU、模型、数据、智能体身份和 AI 访问控制的私有连接模型训练支出本身、基础模型推理支出、宽泛 MLOps 工具平台工程、安全、AI 基础设施所有者2026 年重要相邻领域,拓宽 TAM,同时不要求完整替代 SASE
更广 SASE / SSE 相邻领域ZTNA 加 SWG、CASB、DLP、FWaaS;买方重开整套技术栈时,有时还包括 SD-WAN永远不会转化为 Tailscale 项目的分支网络或 Web 安全预算安全架构或网络转型预算所有者有用的 TAM 上限,但对直接 SAM 来说过宽
既有厂商捆绑替代品Microsoft Entra、AWS Verified Access、Cisco Secure Access、Cloudflare One、Zscaler、Prisma SASE 等套件N/A现有云、网络或身份合同所有者市场可能靠捆绑赢下,而不是靠最佳单品选择,这是主因
现状方案和低成本替代品传统 VPN、自管 WireGuard、ZeroTier、NetBird、堡垒机式或 PAM 工具N/A团队级工程或 IT 预算解释为什么采用门槛常常是“今天已经够用”,而不是完全没有方案

正确边界是身份优先的安全连接和访问控制,不是全部 SASE 支出。更宽的套件类别是相邻领域,并不自动等于直接 TAM。

[CM004, CM005, CM006, CM007, CM008, CM009]
FM001: 市场规模测算视角

市场范围从宽口径 SASE 邻近市场,收窄到 Tailscale 特有楔子:面向人员和工作负载的身份优先访问。

图中有意把市场品类估计与基于定价的 SAM 视角混在一起;核心就是用分层方法测算。

[CM004, CM013, CM019, CM020, CM021, CM032]

2.2 定量视角:狭义 ZTNA、广义 SASE 与 Tailscale 可触达 SAM

最重要的市场规模事实是,公开估算分歧很大,而且分歧有合理原因。狭义 ZTNA 来源指向当下低个位数十亿美元市场:Grand View 将 2025 年 ZTNA 估为 USD 1.97 billion,ORDR 的 2026 年汇编将 ZTNA 估为 USD 2.95 billion。广义 SASE 估算大得多,但内部也不一致:MarketsandMarkets 称 2026 年为 USD 19.19 billion,Mordor 称 2026 年为 USD 15.54 billion,Global Market Insights 称 2026 年为 USD 2.8 billion。这种跨度不是可以平均掉的噪声,而是市场定义驱动估值叙事的证据。对 Tailscale 来说,务实的定量方法是同时使用多个视角。 最宽的 TAM 是重新打开的零信任和 SASE 预算,买方在这里重新考虑 VPN、访问和网络安全架构。更直接的 SAM 是替换员工、承包商和工作负载的传统 VPN 或堡垒机流程的支出,尤其是团队想要身份原生控制、但不想买完整安全套件的场景。最受证据限制的 SOM 视角是变现:Tailscale 按用户收费,并对某些资源和临时工作负载另行计量,因此已部署席位和资源分钟数,比一句笼统的「SASE 份额」更重要。传统 AWS VPN 定价也说明,这可以是一条预算线,而不只是技术偏好。[CM014, CM015, CM016, CM017, CM018, CM019]

TAM / SAM / SOM 或规模测算视角表
视角发布方年份 / 期间地理范围数值CAGR方法置信度局限
狭义 ZTNA 市场Grand View Research2025 to 2033全球2025 年 USD 1.97B 至 2033 年 USD 11.03B24.2%纯 ZTNA 市场预测比 Tailscale 有时能触达的完整预算池更窄
狭义 ZTNA 市场ORDR2026 to 2032全球2026 年 USD 2.95B 至 2032 年 USD 14.74B21.8%聚焦 ZTNA 的第三方统计汇编汇编来源不如一手分析师报告权威
广义 SASE 市场Global Market Insights(发布方)2026 to 2035全球2026 年 USD 2.8B 至 2035 年 USD 27.5B28.9%2026 年基数较窄的 SASE 预测与其他 SASE 发布方冲突很大
广义 SASE 市场Mordor Intelligence2026 to 2031全球2026 年 USD 15.54B 至 2031 年 USD 39.14B20.29%带有详细细分拆分的 SASE 预测比 Tailscale 的直接 SAM 更宽
广义 SASE 市场MarketsandMarkets2026 至 2032全球2026 年 USD 19.19B 至 2032 年 USD 68.06B28.8%涵盖 SD-WAN 和 SSE 的 SASE 预测相邻市场上限,不是 Tailscale 直接市场
直接定价视角Tailscale当前全球标准版每用户每月 USD 8,Premium 每用户每月 USD 18,另按资源计量收费n/a用户和资源订阅的公开标价定价说明变现逻辑,不是直接市场规模数字
传统成本基线AWS当前美国东部示例一个 1.25 Gbps 站点到站点 VPN 示例每月 USD 523.80n/a云 VPN 成本示例示例价格不等同于典型 Tailscale 部署经济性

本表有意保留相互冲突的估计。尽调要做的是:把狭义 ZTNA 数据当成直接品类下限,把 SASE 数据当成相邻市场上限,再用公开定价搭出 Tailscale 专属 SAM 视角。

[CM014, CM015, CM016, CM017, CM018, CM019]
FM002: 市场估计区间

公开 2026 年品类估计差异很大,取决于纳入多少 SASE 或零信任邻近业务。

所有数值均为 USD 十亿美元,并有意保留相互冲突的公开估计,而不是把它们归一化。

[CM015, CM016, CM017, CM018, CM019]

2.3 买方、用户、付款方分层与采用路径

Tailscale 的市场更像现代基础设施软件:初始用户往往不是最终付款方。最清晰的用户队列是开发者、平台工程师、DevOps 团队、IT 管理员和安全运营人员;他们需要快速、低摩擦地访问跨云、办公室、笔记本、CI runner 和承包商环境中的私有资源。付款方一开始常是团队经理或工程预算, 但公开包装和企业材料显示,只要身份集成、可审计性、姿态、支持和合规变重要,支出就会集中。因此买方、用户和付款方会按阶段分离。 小团队里,买方、用户和付款方可能都是同一个技术负责人。大公司里,用户可能是工程或 MLOps,预算所有者则在 IT 或安全运营。 Tailscale 近期 AI 信息进一步扩展了用户集合:AI 构建者需要在用户、GPU、模型、数据、CI pipeline 和自主智能体之间建立安全连接, WorkOS 访谈显示 Tailscale 正试图把智能体身份做成原生网络控制问题。因此,采用路径通常是开发者主导的价值验证,随后接入身份提供商并强化策略, 再进入更广泛的企业标准化,或向 AI 治理、工作负载访问、类 PAM 控制邻近增购。这个路径有吸引力,因为它缩短首次使用时间;但它也意味着公司必须同时赢得自下而上的产品喜爱和后期安全审查。[CM002, CM020, CM021, CM026, CM027, CM028]

细分市场 / 买方地图
细分市场买方用户付款方工作流预算负责人采用触发点
开发者主导的 SMB 团队工程负责人或创始人开发者同一团队预算安装客户端 -> 连接笔记本电脑和服务器 -> 共享私有资源工程比传统 VPN 或手搓 WireGuard 上线更快
中央 IT / 安全团队IT 或安全主管员工和承包商中央 IT 或安全预算身份集成 -> 推出终端姿态和策略 -> 审计和支持安全 / IT 运维需要合规、最小权限和一致的入职接入
平台和基础设施工程平台负责人SRE、平台工程师、DB 管理员基础设施预算,随后转为共享中央预算不开放端口即可访问私有集群、数据库和云资源平台工程,安全团队签字多云复杂性或别扭的堡垒机流程
DevOps 和 CI/CD 负责人平台或 DevOps 经理构建运行器和运维人员工程平台预算保护运行器和临时资源 -> 将访问写成代码 -> 扩展到工作负载平台工程希望避免静态凭证和网络蔓延
AI 平台 / MLOps 团队平台、AI 基础设施或安全负责人研究人员、工程师、智能体、流水线共享平台和安全预算连接用户、模型、GPU、数据和智能体 -> 增加策略和身份控制AI 基础设施加安全需要治理 AI 工作流并避免 API 密钥蔓延
第三方和承包商访问安全、IT 或应用负责人供应商和外部协作者项目预算或中央安全预算授予应用或资源级访问 -> 集中记录日志并撤销安全或应用负责人需要最小权限和可审计的下线
企业级扩张路径安全架构或 CIO 办公室多个内部团队中央平台、安全或基础设施预算自助起步 -> 集成 IdP/SCIM -> 标准化策略 -> 购买企业支持中央 IT 或安全领导层希望减少蔓延,同时保住良好的技术用户体验

早期使用中,买方、用户和付款方可能收在同一个技术团队里。部署成熟后,付款方通常集中到 IT 或安全,日常用户仍是工程或运维。

[CM002, CM020, CM021, CM026, CM027, CM028]
FM003: 从团队试点到企业采购的买方旅程

图中强调逐阶段购买旅程,而不是表格里的静态细分分类。

[CM026, CM027, CM028, CM029, CM030, CM031]
FM004: 采用漏斗或价值链地图

运营痛点驱动采用,合规塑造采购,最终由既有厂商的套件压力检验。

[CM030, CM031, CM043, CM046, CM047, CM049]

2.4 增长驱动、采用约束与估值相关性

品类确有动能,但不是无摩擦。增长驱动因素已有充分记录:云和 SaaS 迁移、身份中心安全、第三方访问、合规压力、混合办公,以及如今 AI 驱动的治理需求,都在把买方从旧边界模型推开。Grand View、MarketsandMarkets 和 Global Market Insights 都指向这些力量的某种组合,Mordor 还加入托管服务渠道和主权云要求,作为新的预算打开点。这些因素对 Tailscale 尤其相关,因为产品适配多云和 AI 密集环境;在这些环境里,网络复杂度上升快于安全团队人数。约束同样重要,尤其影响估值。MarketsandMarkets 和 Global Market Insights 都标记了遗留基础设施、切换成本、供应商锁定和多云复杂度;Mordor 还加入延迟、出口流量费用和 SASE 架构师稀缺。更战略性地看,最大的市场风险是在位厂商打包。Zscaler、Palo Alto 和 Cisco 都营销低复杂度的平台整合, AWS 和 Microsoft 也能把身份优先私有访问塞进更广泛的云或身份合同。这意味着 Tailscale 的上行空间不只取决于品类增长, 还取决于它能否保持足够差异化,让买方不默认选择更大在位厂商包里的「够用」访问。乐观情景是一块面向人员和工作负载的快速增长控制平面;悲观情景是一个有价值功能被更大平台逐步吸收。[CM040, CM041, CM042, CM043, CM044, CM045]

增长驱动因素和约束表
驱动因素 / 约束方向时点含义尽调追问
混合办公和第三方访问正向当前即使纯远程办公叙事成熟,面向具体应用的访问需求仍会持续衡量新增 ARR 中还有多少始于员工访问,而不是工作负载访问
多云和分布式基础设施复杂性正向当前利好能避免流量回传并简化跨环境连接的产品追问 Tailscale 的具体赢点是否来自云、集群和承包商分散在多个环境。
AI 基础设施和智能体治理正向当前围绕机器人、CI、GPU 和模型访问的身份能力,打开新的增长切口验证管线中有多少由 AI 基础设施驱动,而不是一般平台工程
合规和数据驻留压力正向当前把身份、日志和最小权限推成预算优先项梳理哪些受监管行业转化最快、哪些证明点最有力
既有 VPN、防火墙和身份投入负向当前提高切换成本,使分阶段推出比硬替换更可能量化大单中的替换周期和共存要求
延迟、出站流量费和稀缺 SASE 人才负向当前可能拖慢部署,或把买方推向打包托管服务追问哪些工作负载无法通过性能测试,或需要专业服务
现有套件捆绑负向当前大平台厂商可能用「够用」的访问功能吃掉预算重点复盘与 Microsoft、Cisco、Cloudflare、Zscaler 和 Palo Alto 的胜负数据
供应商锁定和标准不明负向中期让买方警惕:别用一组依赖替换成另一组依赖要求证明 Tailscale 足够互通,不会变成另一个难退出的技术栈

市场有吸引力,因为多项驱动因素属于结构性变化;但约束并非表面噪音。定价权取决于能否证明自身相对现有厂商捆绑替代方案和低成本现状替代品具备运营差异化。

[CM040, CM041, CM042, CM043, CM044, CM045]

2.5 展示要点

Chapter 03

03竞争格局

3.1 竞争版图:为什么短名单会按买方类型分裂

Tailscale 实际上不是在打一组单一竞争对手。短名单会按买方最先要解决的问题分裂。如果任务是「快速替换传统 VPN 摩擦,而不是重做整个安全栈」, Tailscale、NetBird、ZeroTier 以及较弱程度上的 Nebula 是自然对照,因为它们都承诺以比传统 VPN 资产更轻的运维负担实现覆盖网络连接。 如果任务是「在更大安全转型里标准化私有访问」,Cloudflare One、Zscaler Private Access、Prisma Access 和 Cisco Secure Access 会排到前面,因为这些平台把 ZTNA 与更广泛的流量检查、SaaS 控制、浏览器隔离、防火墙和企业分发打包。 Teleport 在评估从特权基础设施访问、而不是员工网络连接开始时发生重叠。战略转折在于,Tailscale 已不只是企业 VPN 替代品: 它的定价现在覆盖带标签和临时资源,企业叙事围绕身份、策略和自动化,2026 年新闻显示它正扩到 AI 治理和更完整的 PAM。 这扩大了上行空间,也把 Tailscale 拉进与套件厂商更直接的竞争;后者能用广度、渠道力量和采购捆绑,对冲 Tailscale 的简单性叙事。[CP001, CP002, CP004, CP005, CP006, CP008]

竞争对手画像表
竞争对手类别规模 / 立足点目标细分市场差异化局限
Tailscale直接网状网络 / 身份优先的安全连接私有成长阶段厂商;2026 年扩展到 PAM 和 AI 治理开发者、IT、安全、平台团队,以及多云和 AI 密集环境点对点网状网络、快速推出、简单用户体验、资源感知定价在内联检查和合规重控制方面,覆盖面不如完整 SSE/SASE 套件
Cloudflare One / Access现有统一 SASE / ZTNA 套件大型上市连接和安全平台希望在一个控制平面上标准化的安全和网络团队全球网络、无限连接器、设备姿态、SWG/CASB/DLP/FWaaS/RBI 覆盖面套件销售动作更重,少了 Tailscale 那种「连上就行」的简单性
Zscaler Private Access现有零信任私有应用平台大型上市安全平台优先保护和检查私有应用的企业Layer-7 代理架构、内联检查、DLP、浏览器隔离公开定价更难与 Tailscale 归一比较,架构也更偏代理中心
Prisma Access / Prisma SASE现有网络安全套件大型上市安全平台,有已部署 NGFW 基础已在购买 Palo Alto 安全和网络控制的大企业ZTNA 加 SWG、CASB、云原生网络安全,以及来自既有 NGFW 的连接器杠杆运营覆盖更宽,可能比聚焦连接的推出更重
Cisco Secure Access / Duo现有身份加网络访问捆绑大型上市网络厂商,加上强 IAM/MFA 渠道已标准化 Cisco 身份、网络或安全合同的企业客户端和无客户端访问、VPNaaS 扩展、MFA/SSO、大渠道触达产品故事更宽,但不如 Tailscale 贴近开发者网络原生
ZeroTier相邻叠加网络替代方案独立叠加网络厂商,公开以设备为中心的套餐矩阵希望获得叠加网络、但不买完整安全套件的团队简单虚拟 LAN 模型,以及覆盖多档设备数的公开套餐矩阵身份、治理和企业工作流深度弱于访问优先的安全平台
NetBird直接开源和自托管替代方案开源厂商,提供托管和自托管产品想替换 VPN,同时希望对托管方式或 IdP 选择有更多控制权的团队基于 WireGuard 的叠加网络、SSO/MFA、SCIM、审计日志、自托管相比 Tailscale SaaS,仍要求买方承担更多部署细节
Nebula开源现状 / 内部自建替代开源项目,仓库之外有托管选项熟悉 PKI 和 lighthouse 节点运维的专家型基础设施团队点对点设计、防火墙式规则、打洞、性能导向运维负担高,开箱即用的身份 / 管理体验更弱
Teleport相邻特权访问和工作负载访问工具商业平台,提供社区版和自托管部署优先审计服务器、Kubernetes、数据库和工作负载访问的基础设施安全团队短期证书、审计轨迹、会话录制、自托管和云模式对通用网状网络连接的适配更窄,预算负责人通常也不同
传统 VPN / 内部自建现状和替代品已部署的安装基础或内部人力只想解决狭窄访问问题、不购买新平台软件的组织可见增量支出低,流程熟悉瓶颈、身份姿态更弱、手工运维更多、开发者体验更差

画像行总结有证据支撑的竞争立足点,而不是归一化市场份额排名;「规模 / 立足点」有意混合上市公司体量、开源姿态和风险投资阶段成熟度,因为不是每一行的确切融资都公开。

[CP001, CP002, CP008, CP013, CP015, CP019]
FP001: 竞争定位:部署简洁度 vs 安全套件广度

序数评分由证据支撑,而非基准测试得出:简洁度越高,部署摩擦越低;广度越高,捆绑安全和策略面越大。

分数是基于公开产品、文档和定价页面综合出的证据支撑序数判断;不是基准测试结果,也不是市场份额指标。

[CP002, CP006, CP008, CP010, CP013, CP014]

3.2 架构、交付模型与控制平面取舍

架构核心分野在于,安全访问首先是直接覆盖网络问题,还是代理与检查问题。Tailscale 自己的对比材料仍最偏向第一种:集中协调但点对点连接, 减少瓶颈、压低延迟,也更贴合开发者、基础设施和多云工作负载。Cloudflare、Zscaler、Prisma Access 和 Cisco 则强调托管连接器、客户端和云端执行点,因为它们除了可达性,还在销售检查、姿态和策略汇聚。买方体验因此明显不同。套件厂商可以可信地主张更深的 inline 控制、浏览器隔离、DLP、安全 Web 网关执行和更正式的私有应用保护,但它们也插入更多平台、更多策略表面,且往往让架构更依赖供应商云边缘。 第二个分野是自托管和开源。NetBird 明确支持带反向代理和 IdP 选择的自托管部署,Nebula 要求团队管理 PKI 和 lighthouse,Teleport 提供社区版以及围绕证书颁发机构、代理和审计服务的自托管部署模式。这些替代方案重要,因为它们说明 Tailscale 干净的托管体验是一项优势,而不是不可挑战的技术垄断。[CP002, CP003, CP006, CP010, CP011, CP012]

功能 / 能力矩阵
采购标准TailscaleCloudflare OneZscaler Private AccessPrisma AccessCisco Secure Access / DuoZeroTierNetBirdNebulaTeleport
直接连接路径带中央协调的点对点网状网络通过 Cloudflare 边缘网络的连接器 / 客户端通过云原生代理访问私有应用云安全边缘加连接器客户端或无客户端访问,加上 VPNaaS 覆盖叠加网络 / 虚拟 LAN 风格P2P 加密叠加网络带 lighthouse 节点的点对点 SDN身份感知代理加安全隧道
身份集成SSO、组、SCIM、ACL多 IdP、通用 SAML/OIDC、OTP 兜底身份感知私有应用访问;公开细节多停留在产品层面更宽 Palo 控制平面内的企业策略深度Duo MFA/SSO 加 Cisco 策略上下文套餐矩阵披露 SSO 和访问控制社交 SSO/MFA、企业 IdP、SCIM证书和组模型,不是 SaaS IdP 优先体验SSO、短期证书、RBAC
内联安全 / 检查聚焦连接和策略;不是完整 SWG/CASB/DLP 套件广泛 SWG/CASB/DLP/FWaaS/RBI/DEM完整内联检查、DLP、浏览器隔离ZTNA 加 SWG、CASB、网络安全SaaS 和互联网保护,加上 AI/智能体检查主张不是广泛检查套件不是广泛检查套件不是广泛检查套件审计丰富的访问控制,但不是完整 SSE 套件
设备姿态 / 终端检查按套餐提供基础和自定义姿态通过 Cloudflare One Client 提供强姿态能力强调安全姿态,细节主要在套件层面上下文策略和更宽平台控制Duo 设备信任和 Secure Access 策略上下文不是公开页面上的主要差异点高阶套餐包含 MDM 和 EDR 设备控制通过证书和防火墙规则由运营方管理访问控制和证书姿态;终端安全覆盖更窄
特权会话深度正在提升;Border0 增加协议感知控制和会话可见性短期证书和审计日志支持的基础设施访问私有应用保护强于传统 VPN,但这里的公开会话治理细节有限企业零信任和网络控制,但 PAM 叙事不够清晰身份加安全访问,但 PAM 深度取决于相邻 Cisco 技术栈不是 PAM 优先工具NetBird SSH 和审计事件,但不是完整 PAM 套件按仓库证据看,没有原生 PAM 工作流本组中最强的审计会话和短期证书叙事
自托管 / 开源托管优先;本证据集显示开源客户端,但非自托管控制平面托管云服务托管云服务托管云服务托管服务 / 企业技术栈托管服务,套餐以设备为中心托管或自托管开源部署开源,由运营方运行云或自托管;有社区版
AI / 工作负载相关性对带标签资源和临时资源有明确定价和定位,并扩展 AI 治理AI 智能体和 SaaS 治理嵌入 SASE 故事工作负载和 OT 纳入私有访问范围AI 驱动的 SASE 和宽网络安全故事Secure Access 页面上的 AI/智能体访问和检查信息通用网络平台,不是 AI 优先现代 VPN 替代;有一定工作负载相关性通用安全叠加网络,不针对 AI明确定价机器和工作负载身份
最佳适配买方想以最小摩擦立即获得安全连接的团队整合网络和安全控制的套件买方安全主导的私有应用和检查买方在 Palo 网络安全上标准化的大企业Cisco 身份 / 网络客户叠加网络团队对控制敏感的现代 VPN 替代买方熟悉 PKI 的专家型运营方特权基础设施访问负责人

单元格是有证据支撑的摘要,不是实验室基准分数。公开页面不足以支撑更强结论时,使用「未知」或更窄表述。

[CP002, CP003, CP006, CP010, CP011, CP012]
FP002: 按竞争者划分的能力集中度

矩阵是压缩后的战略视图,不能替代详表;用途是显示能力在哪里集中、稀疏,或依赖运营者。

各单元格把公开证据转译为低 / 中 / 高集中度,不主张精确基准一致。

[CP006, CP012, CP016, CP021, CP023, CP024]

3.3 定价、包装与分发力量

公开定价是 Tailscale 最清楚的差异化方式之一。Tailscale 披露免费增值入口、两个公开按用户计费层、定制企业包装,以及带标签和临时资源的单独定价概念。 NetBird 和 Duo 也相对透明;Teleport 即使商业报价定制,也披露计费指标。相比之下,Cloudflare 的公开套餐页面更清楚地呈现包装哲学, 而不是可一一对比的访问定价;Zscaler 的公开定价页比 ZPA 更宽;Prisma Access 要求买方联系专家; Cisco Secure Access 没有发布清晰的等效标价清单。这点重要,因为买方很少只按单一「每席价格」比较这些工具。Tailscale 常以易购买的点解决方案落地;套件厂商通过把私有访问藏进更广泛的安全或网络合同守住侧翼;开源或自托管工具则在低端施压,让基础设施人力而不是标价成为主要成本变量。 实践中,定价放大了架构里同样的模式:Tailscale 最容易试用和解释,但如果预算所有者优化的是整套套件整合,而不是首次部署速度,在位厂商仍能赢。[CP004, CP005, CP009, CP017, CP018, CP026]

定价 / 包装比较
厂商公开包装信号计量口径 / 单位公开标价信号含义
Tailscale免费增值、Premium 和 Enterprise用户、带标签资源、临时资源分钟数公开:最多 6 名用户免费,之后每用户 / 月 $8 和 $18,企业版定制试用门槛很低;买方能看见以工作负载为主的使用何时开始变得重要
Cloudflare One零信任 / SASE 方案页面,加联系销售式套餐用户自助导向的 SASE 套餐,连接器经济性藏在平台里公开页面更强调套餐思路和专家联系,而不是可直接对比的访问价格捆绑杠杆强,但很难用单席位指标与 Tailscale 直接对比
Zscaler Private Access有公开定价,但页面覆盖范围比 ZPA 更宽按套件 / 模块组织留存公开页面没有给出清晰的 ZPA 单品标价安全主导的买家往往把它放进更大的平台评估,而不是当作简单 VPN 替代品
Prisma Access / Prisma SASE专家销售主导的企业套餐以报价为主的套件 / 连接器 / 平台经济性留存页面没有清晰公开标价Palo Alto 可以用产品宽度和装机基础抵消定价不透明
Cisco Secure Access / DuoSecure Access 以报价为主;Duo 公开分层Secure Access 套件加 Duo 按用户分层Duo 显示 $0 / $3 / $6 / $9 / 用户 / 月;Secure Access 页面公开,但没有标价Cisco 可以公开身份层级,同时让更宽的访问套件价格留在谈判桌上
ZeroTier面向设备和网络的公开方案矩阵按设备 / 网络组织定价页公开,但具体方案机制更偏设备,不是席位对覆盖网络买家有用,但不是访问套件采购的干净替代品
NetBird透明的现代 VPN 套餐按用户计费,机器超额另算公开:最多 5 个用户免费;Team $5 / 用户 / 月;Business $10在现代托管覆盖网络中,NetBird 对 Tailscale 的低端定价压力最直接
Nebula开源运营模式基础设施人力、PKI、lighthouse 托管仓库证据中没有软件标价;托管选项不在留存仓库证据内许可证成本低,但除非团队本来就想自运维,否则运营时间很贵
Teleport按明确计量项定制报价MAU、机器 / 工作负载身份、受保护资源商业定价为定制,但计费单位公开;较小公司可免费使用社区版更接近治理与可审计访问平台,而不是简单的按席位 VPN 替代品

关键尽调点不是每个既有厂商的准确标价,而是计费模型与 Tailscale 的可比性。许多套件厂商公开套餐信号,同时把买家推向谈判合同。

[CP004, CP005, CP009, CP017, CP018, CP026]

3.4 耐久性、替代风险与真实取舍

Tailscale 最强的乐观情景在于,买方准备购买完整 SASE 项目前,往往已经需要采购安全连接。这就是公司持续靠简单性、直接性能和开发者亲和力赢单的原因: 产品从团队最先感受到的运维痛点切入。问题是,同样这些优势也最容易商品化。NetBird、Nebula、ZeroTier、Teleport Community Edition 和普通内部自建都显示,安全覆盖网络可以用更多人力或更低打磨度重建。在高端,Cloudflare、Zscaler、 Palo Alto 和 Cisco 展示了相反风险:私有访问可以被吸收到更大的检查与合规套件里,让 Tailscale 看起来像优秀功能,而不是完整平台。 Tailscale 2026 年进入 Aperture 和 Border0 支持的 PAM,缩小了部分差距,但也抬高了公司在策略深度、可审计性、审批和企业控制上的达标线。 干净的尽调结论不是 Tailscale 没有差异化;它显然有。结论是,它的护城河更偏执行和体验,而不是结构性:更快上线、更强产品喜爱、 更好的连接任务性能可以赢,但前提是公司上行到企业级的速度,要快过套件简化,也快过开源替代品模仿基础能力。[CP013, CP017, CP022, CP027, CP035, CP038]

护城河耐久性 / 竞争风险台账
护城河或优势威胁严重程度为何重要缓释方式 / 尽调问题
快速上线和直接性能重代理套件足够简化后,“够用”会替代最佳单品如果套件一边降低部署痛点,一边保留检查覆盖面,Tailscale 会失去最容易切入的楔子按买家类型索取近期与 Cloudflare、Zscaler、Palo Alto、Cisco 对阵的赢单 / 输单数据
开发者喜爱和自下而上采用开源和自托管覆盖网络复制了基础 mesh 访问任务NetBird、Nebula、ZeroTier、Teleport Community 以及内部自建,会在小客户和重视控制的账户中压低价格衡量开发者主导试点相对免费或自托管替代方案的付费转化和扩张
身份优先的连接叙事既有厂商把连接打包进更宽的身份、SWG、CASB、DLP 套件预算负责人可能优先优化整合度和合规姿态,而不是纯连接体验测试交易需要设备姿态、日志和受监管工作流时,Tailscale 附加率是否上升
向 PAM 和 AI 治理扩张上移栈位会在功能对等完全跑通前,就增加与 Teleport 和套件厂商的重叠Aperture 和 Border0 抬高上行空间,也抬高了在审批、会话可见性、审计控制上的举证门槛索取在生产环境使用 Border0 衍生工作流和 Aperture 的客户证言,而不是 alpha 阶段
基础设施无关定位云和身份既有厂商仍可把相邻访问功能吸进更大的合同即使直接竞争者技术路径不同,预算科目仍可能并入更大的平台续约核查 Tailscale 作为独立预算项销售的频率,而不是被纳入更宽安全标准的频率
简单定价和易试用企业定价仍很难与谈判后的套件折扣对比没有真实采购对比时,公开标价透明度可能高估经济优势收集现有竞争交易中的真实客户报价、折扣水平和替换成本

严重程度反映的是对 Tailscale 差异化的竞争风险,不是生存概率。该台账有意同时覆盖自下而上的开源压力和自上而下的既有厂商捆绑。

[CP013, CP022, CP035, CP043, CP044, CP045]
FP003: 护城河 / 就绪度 KPI

竞争叙事压缩到少数杠杆时最强:Tailscale 究竟会成为平台赢家、点状方案赢家,还是被更大技术栈吸收的功能,取决于这些杠杆。

这些 KPI 是基于保留证据集综合得出的判断,不是财务指标。

[CP013, CP022, CP035, CP044, CP045, CP047]

3.5 展示要点

Chapter 04

04财务情况

4.1 定价模型、收入形态与牵引信号

Tailscale 的公开变现表面比财务报表清楚。定价页显示经常性 SaaS 结构:免费个人层、付费 Standard 和 Premium 席位许可证,以及定制企业层;同时,它通过带标签资源和临时资源分钟数增加第二条变现轴。这点重要,因为收入不只是纯用户席位故事;工作负载、 CI/CD runner、出口节点和其他非人类资源也能拉动付费使用。公司自己关于突破 5,000 付费客户的回顾,描述了明确的自下而上自助服务动作, 后来扩展到企业部署,其中一个客户从 100 席扩到 1,000 席,再到 10,000 多席。公开牵引披露强化了这个模式: BetaKit 报道称,到 2025 年 1 月,Tailscale 拥有 10,000 家付费企业客户,此后客户数又增加 20%; Tailscale 的业务团队文章则称,整体上超过 30,000 家公司使用产品。由此读出的需求和扩张机制是有利的,但已实现经济性仍受限制。 企业定价定制、折扣未披露,官方来源不发布 ARR 或 GAAP 收入,因此标价表面最好被视为变现架构,而不是收入质量证明。[CI001, CI002, CI003, CI004, CI005, CI006]

收入来源表
收入流机制公开价格 / 单位公开牵引 / 状态收入质量判断尽调问题
Personal面向个人和小型个人网络的免费漏斗最多 6 个用户 $0公司回顾称,个人月活用户达数十万有用的获客渠道,但不是直接收入按来源 cohort 和域名类型拆分的免费转付费转化
Standard 席位面向企业用户的经常性席位订阅$8 / 用户 / 月核心付费方案,用户设备不限量经常性标价清晰,但实际折扣未知席位占用率、每账户平均席位数和超额收费兑现
Premium 席位价值更高的席位订阅,包含更多策略、日志和平台功能$18 / 用户 / 月包含更丰富的控制和企业相邻功能支撑向上销售路径,但实际企业落地组合未公开按客户分群拆分的层级组合,以及按方案拆分的附加率
标记资源对出口节点等基础设施资源按月加购变现含 50 个;之后 $1 / 资源 / 月单独变现非人类节点有利于席位之外的工作负载扩张经济性每个付费客户的平均标记资源数
临时资源面向 CI/CD runners 和短生命周期工作负载的按用量分钟数Standard 含 1,000 分钟;Premium 含 10,000 分钟为短生命周期计算设置明确的工作负载计量创造与开发者和 AI 工作流绑定的消耗型上行空间按工作负载拆分的平均月用量、超额定价和毛利率
Enterprise / 平台扩展定制合同、发票账单,以及高级支持 / 扩展打包定制Series C 和 Border0 相关表述暗示更宽的平台向上销售可能是 ACV 最高的收入流,但公开透明度最低ACV 区间、合同期限、折扣政策和扩展附加率

本表把透明标价与隐含的企业变现路径拆开;不是已实现收入报表。

[CI001, CI002, CI003, CI004, CI005, CI006]
定价 / 变现表
方案 / 杠杆公开标价计费单位包含容量 / 信号仍未知的内容来源
Personal$0按账户 / 最多 6 个用户免费个人使用让漏斗保持宽口径向付费企业 tailnets 的转化率Tailscale 定价
Standard$8按用户 / 月基础付费席位方案折扣或年度条款后的有效混合实收价格Tailscale 定价
Premium$18按用户 / 月比 Standard 更丰富的控制、日志和扩展有多少企业买家仍停留在 Premium,而不是定制方案Tailscale 定价
标记资源超出包含额度后 $1按标记资源 / 月把基础设施资源变成可计费单位资源超额收入占比Tailscale 定价
临时分钟数仅公开包含额度每月分钟数变现 CI/CD 和短生命周期工作负载超额条款和每分钟毛利Tailscale 定价
Enterprise定制合同暗示包含发票账单、支持、SLA、扩展,以及 PAM / AI 相邻能力折扣、ramp 条款、最低消费和期限定价页加 Series C / Border0 报道

标价公开,但已实现企业经济性不公开。“未知”指截至 2026-05-21,公开记录未披露该项。

[CI001, CI002, CI003, CI004, CI005, CI006]
FI001: 收入模型桥接

Tailscale 变现靠透明的席位核心、按量计费的资源使用,以及不透明的企业增购,而不是单一固定 VPN 授权。

[CI001, CI004, CI006, CI007, CI008, CI009]

4.2 效率替代指标与成本结构线索

公开效率证据好于公开利润率证据。Tailscale 的安全和文档页面反复描述一个点对点数据平面:协调服务交换密钥和元数据,实际流量端到端加密, 只有直接连接失败时才回退到 DERP 中继。新的 peer relay 文档把这个逻辑推进一步,允许客户用自己的 tailnet 设备承载高吞吐中继流量;这在方向上支持一种比完全代理式访问产品更轻的集中带宽成本结构。客户故事也匹配低摩擦运营模型: Instacart 称工程师每天在传统 VPN 工作流上损失最多 20 分钟,后来把支持工单从每周 10 张降到近乎为零; Positron 称 Tailscale 为每个已引导试用的潜在客户节省约一小时,并帮助支撑先试后买的推理服务。最强数字 ROI 证据仍由公司赞助:Tailscale 2026 年 TEI 摘要基于委托 Forrester 模型,声称 213% ROI、不到六个月回本,并为一个 3,000 名员工的复合客户量化了基础设施和生产力节省。这个证据方向上有用,但不同于披露 CAC、回本周期、毛利率或留存数据。[CI013, CI014, CI015, CI034, CI035, CI036]

单位经济表
指标 / 代理变量公开数值 / 状态置信度为何重要证据基础尽调问题
官方 ARR / 收入未公开披露没有披露顶线收入,很难校准估值或回本周期官方来源保持沉默;BetaKit 指出 ARR 未披露包含 ARR、GAAP 收入、递延收入和月度收入桥的董事会材料
第三方收入估计GetLatka 估计:2025 年约 $45.2M只是规模的粗略外部锚点未经交叉验证的数据库估计经审计或管理层确认的收入历史
流量交付成本结构默认点对点;DERP 兜底;高吞吐场景用对等中继暗示集中带宽负担比全代理架构更轻安全页面和对等中继文档按月拆分的云 / 中继支出,以及按流量组合拆分的毛利率
支持负担代理变量Instacart 工单从每周 10 个降到近乎为零支持负载下降可改善服务毛利和客户成功杠杆官方客户案例和一线文章支持团队人数、工单量,以及每客户全负荷支持成本
客户生产力代理变量切换前 Instacart 每天最多损失 20 分钟;Positron 估计每个完成接入的潜在客户可省 1 小时快速兑现价值可提升销售效率和扩张官方客户案例按分群拆分的平均部署时间、POC 转付费转化和销售周期
赞助 ROI 代理变量Forrester 综合模型显示 213% ROI,回本期不到 6 个月方向性证明有用,但赞助方偏差不可忽视公司赞助的 TEI 摘要关于 CAC、回本期和实际扩张的独立客户 cohort 数据

本表使用公开代理变量,因为 CAC、回本期、毛利率和留存没有直接披露。凡存在赞助方偏差,均明确标注。

[CI013, CI014, CI015, CI030, CI034, CI035]
FI002: 单位经济模型桥接

公开的单位经济模型叙事来自架构和客户效率代理指标,不来自已披露的 CAC、回本周期或毛利率。

[CI008, CI013, CI014, CI015, CI034, CI035]

4.3 资本充足性、融资依赖与招聘强度

资本形成公开,资本充足性只部分公开。Tailscale 2022 年 Series B 和 2025 年 Series C 记录充分, 后者以约 $1.45-1.5 billion 估值融资 $160 million,把累计披露融资推到约 $275 million。官方 Series C 文章的看点不只是轮次规模,更是管理层姿态:Tailscale 称自己已有很长现金跑道,之所以融资,是因为机会正在加速, 尤其围绕 AI 基础设施、更广泛市场扩张、免费支持承诺和平台耐久性。BetaKit 进一步报道称,管理层认为公司无需追加融资也能实现现金流转正, 后来又称其商业模式高效、现金跑道很长。招聘证据支持公司仍在投入。2026-05-21,careers 和 Greenhouse 页面仍显示约二十多个开放岗位,覆盖工程、安全、产品、支持、营销、采购和销售;Border0 收购又在自然招聘之外增加了 PAM 团队和集成路线图。缺失的是实际现金模型。保留公开来源没有披露在手现金、月度烧钱速度、现金跑道月份、债务工具或营运资本需求, 因此投资判断依赖管理层可信度和已募股权缓冲,而不是一张可发布的现金桥。[CI016, CI017, CI018, CI019, CI022, CI023]

资本充足性表
项目公开数值 / 状态证据基础承销含义尽调问题
最近一级股权轮2025 年 4 月 $160M Series C官方博客和多家媒体报道为软件规模的运营开支提供了有意义的新股权缓冲股权结构表、轮次文件和清算优先权堆栈
披露融资总额~$275MBetaKit 和 Tracxn如果烧钱受控,已披露的股权历史足以支撑多年运营资金跑道逐轮资金用途和当前现金余额
最新公开估值投后约 $1.45B 至 $1.5BBetaKit 和 Proactive要求公司保持强劲增长,并最终交出高质量利润率内部计划与估值假设对照
在手现金未披露留存公开来源没有发布现金余额外部无法建模资金跑道逐月现金余额和最低运营现金政策
月度烧钱未披露留存公开来源没有发布净现金消耗无法测试通往现金流收支平衡的路径现金消耗桥和情景敏感性
资金跑道叙事管理层称资金跑道很长,并可选择走向现金流转正官方 Series C 文章和 BetaKit 采访有参考价值,但仍是管理层表述,不是现金桥月度烧钱、招聘计划和下行情景资金跑道
当前支出信号约 25 个开放岗位,加上 Border0 整合Greenhouse 招聘看板和 PYMNTS 收购报道表明融资后投入仍在继续,而不是冻结招聘预算、收购整合预算和招聘优先级阶梯
债务 / 项目融资留存来源未发现公开债务或项目融资义务留存公开来源聚焦股权融资软件业务看起来资本较轻,但未发现不等于不存在债务明细、租赁承诺,以及任何风险债务或应收账款融资
控制权 / 备案规范性联邦备案有效;2026 年度备案标记为已提交;未列出重大控制个人Corporations Canada 备案说明基础备案规范,但不揭示经济条款或治理权利完整股东名册、投票权和董事会观察员权利

公开资本历史远比公开现金数据清晰。等同空缺的行表示截至 2026-05-21,留存公开来源未找到该信息。

[CI016, CI017, CI018, CI019, CI023, CI026]
FI003: 公开测算区间

能用于投资测算的公开数字边界只有估值、客户数、员工数和累计融资;收入仍只能估算。

客户和员工数区间混合了不同公开来源和时期;它们是投资测算锚点,不是经审计的当前指标。

[CI019, CI020, CI021, CI022, CI029, CI030]
FI004: 资本强度与现金流地图

公开证据显示其资本强度接近软件公司,但可见现金用途现在包括招聘、支持承诺、收购整合和安全修复。

[CI017, CI018, CI032, CI039, CI042, CI045]

4.4 反向视角与尽调阻断点

反向财务视角更多是不透明,而不是可见困境。官方和媒体来源让一家私营基础设施公司的定价、客户 logo、融资轮次和增长叙事异常清晰, 但核心尽调指标仍是私有信息:没有官方 ARR、收入、毛利率、烧钱速度、现金跑道、递延收入、NRR 或折扣披露。第三方数据库试图填补缺口, 却带来噪声而不是确定性。GetLatka 估算 2025 年收入约 $45.2 million、员工约 250 人;BetaKit 则报道 Series C 后立即有 150 名员工。方向上这与增长一致,但不足以精确建模。公司还背负销售信任基础设施的信任负担。 Tailscale 披露了两个值得注意的 2026 年安全公告,并保持公开状态和事故披露姿态;这是良好治理,也提醒投资人: 修复、支持和声誉成本都是商业模式的一部分。因此,财务结论受限但仍可用:收入质量可能受益于经常性席位和扩张用量,资本强度看起来像软件而非重资产, 融资依赖度中等;但严肃投资者在把当前估值视为已被充分支撑前,仍需要客户队列、实际成交价和现金烧钱数据。[CI030, CI031, CI039, CI040, CI041, CI042]

公开财务缺口表
缺失指标 / 文件公开状态为何重要当前代理变量精确尽调路径
ARR 和 GAAP 收入官方未披露缺少它,就无法校准估值、增长质量和扩张效率低置信度 GetLatka 估计,加客户数量里程碑管理层收入历史、ARR bridge、递延收入和 cohort 收入瀑布
毛利率和 COGS未公开披露需要它来验证软件式经济性和流量成本假设点对点设计和 DERP 兜底提供的架构线索按产品线拆分的毛利率,加云 / 中继 / 支持成本明细
现金、烧钱和资金跑道模型未公开披露需要它来测试融资依赖和下行韧性只有管理层关于长资金跑道的表述月度现金桥、现金消耗预测和董事会批准的经营计划
已实现企业定价和折扣未公开披露标价不揭示 ACV、期限或利润率质量公开席位价格和定制企业版表述Top 20 合同样本,包含 ACV、期限、折扣和续约画像
NRR、流失和席位扩张留存未找到公开证据这是承销经常性收入质量和估值耐久性的关键先落地再扩张的轶事和客户数增长按 cohort 拆分的 logo 流失、席位流失、总美元留存和净美元留存
客户集中度未找到公开证据大客户集中度会扭曲增长和风险具名 logo 和一个 10,000 席位案例按客户拆分的收入集中度、top-10 logo 敞口和合同最低额
收购整合成本未找到公开成本披露Border0 可能扩大 TAM,同时也会增加整合费用PYMNTS 摘要加管理层战略评论整合预算、留任方案和预期收入贡献时间表

本表有意记录证据缺口,而不是猜测。每一行都列出补齐缺口所需的精确尽调请求。

[CI030, CI043, CI045, CI047, CI048, CI051]

4.5 展示要点

Chapter 05

05产品与技术

5.1 产品定义与 Tailscale 实际服务的客户任务

Tailscale 的公开产品表面从一个比多数传统 VPN 或 SSE 栈更简单的承诺出发:先用身份和加密,把正确用户、设备或工作负载连到正确资源; 只有需要时,再加路由或治理功能。文档把核心单元定义为 tailnet,即由用户、设备和资源组成的私有网络;产品页把同一模型延展到远程员工访问、 多云和本地基础设施、CI/CD runner、边缘设备和 AI 工作负载。这个框架重要,因为它解释了为什么 Tailscale 会同时像好几个产品。 一个部署里,它是集中式远程访问 VPN 的直接替代;另一个部署里,它是安全 SSH 和 Kubernetes 访问;再一个部署里,它是私有服务共享层, 或 AI 模型访问网关。当前商业包装强化了这种广度:定价页现在把点对点连接、子网路由器、出口节点、SSH、Kubernetes、 Funnel、设备姿态、日志和 Aperture 视为一个平台的组成部分,而不是互不相连的附加件。乐观读法是,公司在不放弃同一个身份优先网络核心的前提下, 不断扩展可解决的任务数量。更审慎的读法是,它本质上仍是连接平台,因此想要完整 inline 流量检查、DLP 或浏览器隔离控制的买方,仍需要互补工具。[CE001, CE002, CE006, CE007, CE011, CE019]

产品模块 / 资产矩阵
模块主要用户 / 任务状态 / 成熟度技术基础差异化局限 / 尽调缺口
核心 tailnet 连接IT、安全、DevOps、开发者GA / 成熟WireGuard 网状网络、协调服务、NAT 穿透、DERP 回退通常让用户数据平面不经过供应商云,并能跨异构网络运行Tailscale 未公开直连与中继流量占比
tailnet 策略、ACL 和 grants网络和安全管理员GA;grants 是后续主线HuJSON 策略文件,包含组、标签、IP 集、设备态势、自动批准器和测试集中式默认拒绝策略可覆盖网络层和应用层仍不能替代完整内联 SWG/CASB/DLP 控制
Tailscale SSH基础设施和平台团队GA22 端口拦截、节点密钥、check 模式、会话录制保持基于身份访问的同时,省掉大部分 SSH 密钥分发苦活平台限制和既有 SSH 专属漏洞意味着买方仍需严格补丁纪律
Kubernetes Operator平台工程GAAPI 代理、入口 / 出口代理、Connector CRD、S3 兼容会话录制不暴露公开 API、也无需单独集群凭证,就能私有访问 Kubernetes部分代理模式的 HA 扩展仍在推进中
子网路由器IT 和网络运维GA路由通告、审批流程、默认 SNAT、HA 模式将非托管设备以及整个 VPC/LAN 纳入同一身份模型相比直连客户端,网关管理和路由治理会增加复杂度
出口节点远程员工和安全团队GA默认路由通告、客户端选择加入、审批流程、高阶套餐目的地日志让 Tailscale 能承接传统全隧道 VPN 和按地域出站的任务增加出站延迟,并把流量压到客户自管的中继设备上
Serve / Funnel开发者和平台团队Serve 已成熟;Funnel 在文档中仍为 betaHTTPS 证书自动化、身份标头、Funnel 公共中继和 TCP 代理基于同一 tailnet 身份层,快速做私有或公开共享公开暴露仍需管好端口、带宽和生命周期
设备态势 + 日志安全和合规团队GA,付费套餐权益更丰富设备态势属性、流日志、审计日志、SIEM 流式输出把持续验证和可审计性纳入连接决策高级态势信号和目的地日志受套餐限制
Aperture AI 治理平台、安全和 AI 团队Pre-GA / 实验性身份认证网关、集中式服务商凭证、钩子 / 护栏把 API 密钥从笔记本、CI 和智能体运行时移到可控网关文档和发布文章仍将其定位为 pre-GA,而非已在生产中验证
Border0 支撑的 PAM 扩展基础设施和安全团队集成阶段协议感知控制、会话可见性、审批、录制、DB/K8s/RDP/VNC 工作流将 Tailscale 从网络层可达性扩展到应用层特权访问官方信息仍把更深原生集成放在路线图里,而不是已完成产品

状态基于截至 2026-05-21 的公开证据;当 Tailscale 自身表述未达到完整 GA 声称时,使用「pre-GA」和「集成阶段」。

[CE001, CE010, CE012, CE014, CE015, CE016]
工作流 / 使用场景表
用户任务传统 / 现有工作流Tailscale 方案声称收益主要局限 / 权衡
从任何地方访问内部应用和服务器流量绕回集中式 VPN 集中器直连 tailnet;需要全隧道时用出口节点直连路径可用时,延迟更低、瓶颈更少单独来看不是完整内联检查栈
暴露非托管子网或云 VPC搭建对等连接、堡垒机,或到处安装客户端子网路由器向 tailnet 通告路由将基于身份的访问扩展到遗留或非托管网络路由审批、SNAT 选择和 HA 设计都变成管理员工作
为差旅或合规保护全部公共互联网流量传统全隧道 VPN出口节点把默认流量经由指定设备转发满足 VPN 式出站和地域要求集中出站会增加延迟和节点运维负担
管理主机和集群SSH 密钥、公开 API 端点、单独 kubeconfig 密钥Tailscale SSH 和 Kubernetes API 代理基于身份的访问、录制选项和私有 API 可达性仍需要严谨的策略设计,并保持客户端版本最新
快速共享内部或面向公网的服务临时反向代理或公网隧道工具Serve 用于仅限 tailnet 的访问;Funnel 用于面向互联网的访问在私有路径上带身份上下文的快速 HTTPS 共享Funnel 仍为 beta,公开暴露有固定带宽和端口限制
控制 AI 模型访问,避免密钥蔓延API 密钥被复制到本地 env 文件、CI 和智能体运行时Aperture 网关集中管理密钥,并将请求绑定到 Tailscale 身份在网关集中做审计、支出控制和护栏公开证据仍显示部署基础偏实验性,而非广泛验证

本表比较的是 Tailscale 取代既有工作流的运行方式,而不是对标某个单一竞品 SKU。

[CE006, CE007, CE012, CE015, CE017, CE019]
FE002: 客户工作流 / 运营流程

典型 Tailscale 工作流先认证身份、下发策略和密钥,再优先尝试直连路径,最后调用具体功能访问层。

[CE002, CE005, CE008, CE011, CE021, CE031]

5.2 网络实际如何运行:WireGuard、协调、NAT 穿透、DERP 与策略

技术核心是加密数据平面与托管协调平面的分工。Tailscale 称,设备间流量用 WireGuard 加密,协调服务交换公钥、peer 信息和 DERP map,让节点能够找到彼此。因此,产品会先尝试直连路径:设备认证,接收策略和 peer 元数据,尝试 NAT 穿透,然后在网络允许时点对点通信。 DERP 用于困难场景。DERP 文档非常明确:中继服务器主要帮助协商连接,只有在直接路径和 peer relay 不可用时才承载加密 WireGuard 数据包。这个架构是 Tailscale 与传统集中式 VPN 拉开差异的核心原因:多数用户平面流量不会经由供应商瓶颈折返, 因此直连成功时延迟和吞吐可以更好,常驻瓶颈也更少。不过控制平面仍重要。Tailscale 文档说明,现有点对点连接可以在协调服务中断时继续存活, 但管理变更、新 peer 发现和部分 relay 优化仍依赖控制平面的正确性。策略同样集中化,尽管流量通常不是。tailnet policy file 承载 ACL、grant、设备姿态规则、SSH 规则、auto-approver、tag 和 DERP map 定制,让访问控制可审计、可编程; 但这也意味着策略错误或过宽 grant 会带来真实影响半径。[CE003, CE004, CE005, CE008, CE009, CE010]

技术 / 运营架构表
层 / 组件作用平面关键依赖主要风险 / 权衡
身份提供商验证用户,并把 MFA / 上下文带入 tailnet 登录控制外部 IdP 可用性和策略治理Tailscale 继承 IdP 的强度,也继承其宕机风险
协调服务分发公钥、peer 信息、DERP 地图和由策略生成的发现数据控制Tailscale 托管后端没有它,既有会话仍可持续;但管理变更和新发现都依赖它
tailnet 策略文件定义 ACL、grants、态势、SSH 规则、标签、测试和路由审批控制管理员配置正确性和评审流程grants 范围设错或策略测试过期,会扩大爆炸半径
WireGuard 对等节点加密并承载设备到设备流量数据客户端健康、密钥管理、端点可达性安全被推到端点后,特定平台客户端 bug 仍然重要
NAT 穿透后的直连 UDP 路径大多数流量的首选路径数据公共互联网状况和本地防火墙行为未披露公开口径下的直连成功率
对等节点中继在回退到 DERP 前,使用 tailnet 设备中继流量数据客户配置的可中继节点需要有意规划配置和容量
DERP 中继网络协商路径;直连失败时中继加密流量数据回退Tailscale 托管的全球中继覆盖Hard-NAT 流量依赖中继健康度和距离
扩展服务SSH、Kubernetes、Serve/Funnel、日志、Aperture 和 PAM 扩展复用同一身份基础混合各功能专属服务和产品成熟度覆盖面变宽,版本、权益和集成复杂度也增加

该架构区分了 Tailscale 通常放在控制平面的内容,以及实际在数据平面承载客户流量的内容。

[CE003, CE008, CE009, CE010, CE031, CE032]
FE001: 产品架构图

Tailscale 在主要直连的 WireGuard 数据平面之上叠加身份、策略、协调和扩展,并提供中继兜底。

[CE003, CE008, CE009, CE021, CE027, CE030]
FE003: 关键依赖地图

Tailscale 最大的收益来自 WireGuard 直连,但仍依赖外部身份、托管协调、公共网络可达性和功能专属扩展。

依赖地图聚焦会改变产品行为或风险的公开依赖,不试图枚举 Tailscale 托管后端背后的每一项内部服务。

[CE031, CE032, CE034, CE035, CE046, CE047]

5.3 模块范围与超越原始企业 VPN 切口的平台扩张

模块地图显示,公司正稳步从安全连接上行到相邻控制面。Tailscale SSH 是最清晰的例子:管理员不必手动分发和撤销 SSH key,可以依赖 tailnet 身份、check-mode 重新认证和录制策略;Tailscale 会拦截来自 tailnet 的 22 端口 SSH。Kubernetes Operator 进一步拓宽平台,把 Tailscale 身份转成私有 Kubernetes API 访问、 内部应用发布,以及面向子网路由器、出口节点、app connector 和 SSH recorder node 的集群内连接器资源。 子网路由器和出口节点处理纯网状网络无法覆盖的经典桥接场景:把访问延伸到未托管网络,并在工作流仍需要 full-tunnel 行为时,强制所有流量走选定出口点。Serve 和 Funnel 随后暴露应用共享层:Serve 保持 tailnet 内私有,Funnel 则使用公有中继基础设施面向互联网暴露。设备姿态、流日志、配置审计日志 和 Tailnet Lock 补上企业围绕谁能连接、变更如何追踪所期待的控制。2026 年扩展路径更宽。Aperture 试图让 Tailscale 成为 AI 使用的身份和控制网关;Border0 则给公司一条进入更具协议感知能力的特权访问管理路径。机会很明显: 在更多安全任务上复用同一身份和连接基础。风险也很明显:Tailscale 越从连接延展到 AI 治理或 PAM,买方越会拿它同更深的在位套件比较, 而不只是同传统 VPN 比较。[CE012, CE013, CE014, CE015, CE016, CE017]

路线图 / 发布 / 开发阶段表
日期 / 阶段功能或里程碑公开状态变化含义
2026-05-18客户端版本 v1.98.2已发布GitHub 发布记录显示,截至 2026 年 5 月中旬,发布节奏仍活跃平台发版足够频繁,运营上必须盯住版本新旧
2026-051.98.0+ 中修复 TS-2026-002已发布安全修复修复影响出口节点和子网路由设置的 Web 界面 grant 绕过问题管理远程节点的管理员需使用当前版本客户端,避免策略绕过风险
2026-04定价 v4已上线Business 套餐转向更清晰的按席位打包,并加入更多自助功能产品广度更可见,也更容易在无需销售介入下购买
2026-04Aperture 自助开通Pre-GA / 实验性AI 网关开放自助使用,并以早期 alpha 定位,主打集中密钥控制AI 治理具备战略重要性,但成熟度仍早
2026-03Border0 加入 Tailscale已宣布 / 集成进行中Tailscale 收购 Border0,以加深 PAM 和应用层访问控制特权访问野心是真实的,但集成风险仍在
2026-02Aperture 与合作伙伴的发布报道开放 alpha 报道独立报道重点提到 Oso、Cerbos、Apollo Research、Cribl 等合作伙伴,以及 coding-agent 支持显示 Tailscale 目标已越过连接,进入 AI 控制和生态系统钩子
GA 里程碑配置审计日志GA审计日志功能已在管理控制台和 API 中可用,并默认开启核心企业治理正从附加功能变成基本门槛
GA 里程碑Kubernetes OperatorGAOperator 从 beta 成熟为面向生产的访问和连接层对 Tailscale 来说,Kubernetes 现在是主流工作负载入口,而不再是实验性场景

本发布表将 2026 年有日期的里程碑与仍有解释力的 GA 里程碑放在一起,用来说明 2026-05-21 时的当前产品成熟度。

[CE014, CE023, CE028, CE036, CE039, CE042]
FE004: 产品成熟度 / 能力地图

公开证据显示连接核心已成熟,AI 治理和原生 PAM 更早期、证据更少。

成熟度标签反映公开证据质量和 Tailscale 自己的阶段表述,不代表内部路线图确定性。

[CE014, CE019, CE021, CE022, CE036, CE037]

5.4 信任模型、运营成熟度与买方仍需承担的技术风险

Tailscale 的信任故事明显强于纯营销表面,但并非无风险。安全页和日志文档在基本原则上很强:端到端 WireGuard 加密、 私钥留在节点、Tailnet Lock 降低对协调服务的信任、公开安全政策、SOC 2 Type II、不包含流量内容的 流日志,以及默认开启的配置审计日志。这是真实的控制姿态。公司愿意发布详细公告和清晰事故披露政策,同样如此。但 2026 年 安全通告也说明产品可能在哪里失效。TS-2026-002 涉及本地 Web 界面,可能让已授权但权限不足的 peer 清除 exit-node 或 subnet-route 设置;TS-2026-001 影响 macOS AlwaysOn MDM helper service, 并允许在窄部署切片中提升命令执行权限。FreeBSD Tailscale SSH 权限漏洞等更早记录显示,平台特定边缘案例确实会发生。 可靠性也有类似双重性。Tailscale 的点对点设计降低了对中心流量枢纽的依赖,DERP 区域也会故障转移; 但 hard-NAT 场景仍依赖中继基础设施,运营状态页仍然存在,因为托管协调和中继系统可能失败。 最大的战略取舍是功能广度。Tailscale 通常不解密或检查流量,因此保留隐私和性能;但它不是许多大型 SSE 或 SASE 项目所购买的检查密集控制的完整替代品。产品在任务是安全可达性加身份感知策略时最强;当任务是集中内容检查、深度 inline 治理,或不需要路线图补充就成熟可用的 PAM 工作流时,它更弱。[CE027, CE029, CE030, CE032, CE034, CE046]

信任 / 质量 / 合规表
控制 / 信号公开状态范围运营价值剩余缺口 / 风险
端到端 WireGuard 加密已有文档对等节点流量和 DERP 中继流量让 Tailscale 不进入明文数据路径无法做内联内容检查,信任也被推到端点
Tailnet Lock已有文档节点密钥信任模型降低对等节点密钥分发对协调服务器的信任要求需要正确处理本地状态,并保持版本治理
SSO / MFA 继承已有文档用户认证团队可复用既有 IdP 控制,而不是再建一套凭证孤岛IdP 宕机或上游策略薄弱仍会传导
SOC 2 Type II已有文档服务控制为安全性、可用性和机密性提供外部合规信号认证不等于每个模块都已达到功能级成熟
安全公告 + 事件政策已有文档客户端和托管后端明确修复预期和披露阈值要求客户跟踪版本,并在公告发布后快速行动
配置审计日志GA,默认开启tailnet 配置变更改善变更追踪和审计员可见性不能替代每个工作流更深层的协议 / 会话审计
网络流日志 / 日志流式输出付费套餐可用连接元数据,不含流量内容不传包负载,也能支持 SIEM 摄取和事件取证如果买方需要内联检查或内容 DLP 证据,价值有限
设备态势已有文档,按套餐分层基于设备状态的访问条件加入持续验证和条件访问更丰富信号需要付费权益和外部集成
公开状态 / 故障可见性公开状态页加第三方聚合托管服务运营事件期间提升运维人员感知Hard-NAT 场景和控制平面依赖仍会带来托管服务风险
通过 Border0 获得 PAM 会话可见性已宣布 / 集成阶段SSH、Kubernetes、DB、远程管理工作流有望补强特权访问审计轨迹在公开的 Tailscale 部署中,仍未完全原生,也未充分验证

行项区分已以 GA 形态存在的控制,以及仍属路线图或套餐门槛的扩展。

[CE027, CE028, CE029, CE030, CE046, CE047]

5.5 展示要点

Chapter 06

06客户情况

6.1 客户基数规模与导入路径

公开证据支持一个广泛但仍部分不透明的客户基础。BetaKit 称,Tailscale 在十个月内从 5,000 家翻倍后突破 10,000 家付费企业客户,同时仍有数十万个人用户;University of Waterloo 另行报告 10,000 多家客户、 自 1 月以来企业客户增长 20%,以及收入同比增长超过 100%。官方定价和项目页面解释了漏斗顶部为何能保持宽:面向最多六名用户的免费 Personal 层、按席位付费的商业层、企业销售动作,以及为入选公司提供一年商业套餐访问权益的创业公司计划。 结合 bring-to-work 页面,这看起来像典型自下而上动作:工程师和小团队可以先采用,之后才触发更广泛的公司铺开。 公开来源仍未揭示的是,个人或创业公司使用转成耐久付费团队部署的转化组合。[CU001, CU002, CU003, CU004, CU005, CU006]

客户分层表
客群买方 / 用户 / 付款方代表性证明主要待完成任务战略价值关键缺口
AI / 模型平台团队DevOps 或安全负责人推动;开发者和研究员使用;公司付费Hugging Face,以及 BetaKit 和 Waterloo 提到的 AI 公司保护多云 ML 工具、CI/CD 和最小权限访问独立报道将增长与 AI 需求相连,因此具备战略重要性AI 收入占比和 AI 专属留存未披露
数字原生电商和市场平台平台或基础设施工程负责人推动;工程师和 QA 使用;工程或 IT 预算付费Instacart 和 Mercari取代蔓延的 VPN,支持多云访问,并打通 QA 或生产排障显示其适配工程密集型大型消费者平台单账户支出和续约历史未知
安全、遥测和合规供应商安全或 IT 负责人推动;广泛员工使用;安全预算付费Cribl、Vanta 和 Netcraft降低访问摩擦,同时保留 SSO、ACL 和开发者工作流支持与重视安全的技术买方高度契合相比主流企业,可能过度代表工程主导型客户
金融科技和受监管买方信息安全或 IT 负责人推动;员工使用;公司安全或运营预算付费Mercury 和 VersaBank用更易管理的 ACL、SSO 和纯软件维护来保护内部访问可作为受监管环境的有用证明未披露合同条款、审计结果或续约指标
机构和非营利用户安全或核心项目负责人推动;员工、教职人员或开发者使用;机构付费Abilene Christian University 和 Linux Foundation为校园或项目基础设施提供更简单的远程访问显示采纳范围不止于风投支持的软件公司机构证明强于真正政府机构证明
公共部门邻近的航天航空IT 负责人推动;员工使用;公司付费Loft Orbital为支持政府和机构客户的分布式运营提供可靠混合访问显示其适配任务关键型分布式运营最终买方是商业航天航空公司,不是具名政府机构
现场、IoT 和远程支持运营产品或支持负责人推动;技术人员使用;运营预算付费DEEL Media无需复杂防火墙配置,即可按需访问远程标牌设备证明办公室网络之外的边缘支持场景只有一个公开案例,不是广泛客群样本
开发者支持和现场工程支持或售后工程负责人发起;工程师使用;工程预算买单Yugabyte共享调试和演示环境,用于复现客户问题证明价值不止替换通用员工 VPN,而是贴近开发者工作流公开部署规模只限一个具名案例

代表性证据来自截至 2026-05-21 可获得的公开具名参考,不应视为完整客户群普查。

[CU002, CU005, CU009, CU010, CU012, CU014]
客户增长 / 采用轨迹表
指标数值日期 / 期间来源置信度启示缺失分母
付费商业客户5,0002024-03 里程碑BetaKit CEO 访谈在最近一轮加速前给出已披露基数未给出细分构成或流失衔接
付费商业客户10,000达到 5,000 里程碑后十个月BetaKit CEO 访谈显示付费商业账户扩张很快未按企业、初创公司或 SMB 拆分
个人用户数十万与 10,000 个付费账户一同披露BetaKit CEO 访谈说明付费基数之外,自助 / 个人漏斗规模可观未披露准确活跃用户数和付费转化
商业客户增长率1 月以来 +20%,收入同比增长 100%+2026 年报道University of Waterloo 文章显示 10,000 客户披露后仍在加速未给出收入基数或队列衔接
初创公司激励入选初创公司免费使用一年商业版套餐截至 2026-05-21 有效Tailscale for Startups 页面显示 Tailscale 在初创公司成长为规模化团队前有意播种账户未披露项目通过率和后续付费转化
定价阶梯Personal 最多 6 名用户免费;Standard $8/user/month;Premium $18/user/month;Enterprise 定制截至 2026-05-21 有效Tailscale 定价页面支撑从自下而上到企业级扩张的商业打法未披露套餐结构、ARPU 或席位扩张数据

由于公开客户时间序列披露稀疏,本表合并呈现已披露客户数里程碑与当前商业入口。

[CU001, CU004, CU006, CU007, CU008, CU034]
FU001: 客户旅程地图

公开客户证据集中在一条可复制路径:工程主导发现、低摩擦试用、策略加固,再扩展到更广工作流。

这些旅程阶段综合自公开案例研究和部署页面,不来自 Tailscale 披露的漏斗转化报告。

[CU001, CU003, CU030, CU031, CU032, CU034]

6.2 横跨 AI、企业、受监管和开发者中心买方的具名客户证据

具名客户证据在用例和运营者引述上强得多,在合同经济性上弱得多。当前公开样本横跨 AI 和开源(Hugging Face)、 数字商务和交易平台买方(Instacart、Mercari)、安全、遥测和合规供应商(Cribl、Vanta、Netcraft)、 金融科技和受监管买方(Mercury、VersaBank)、机构和非营利用户(Abilene Christian University、 Linux Foundation)、接近公共部门的航天运营(Loft Orbital)、现场和 IoT 支持(DEEL Media),以及开发者基础设施团队(Yugabyte)。 几乎每个案例都有具体待办任务:替换 VPN 蔓延、降低远程故障排查摩擦、简化零信任控制,或支持跨云、本地和现场设备的分布式工程与支持人员。 限制在于证据质量。多数证据来自 Tailscale 发布的案例研究和客户自我描述,而不是监管文件、采购记录或第三方部署审计。 这足以显示产品在多类买方中真实生产使用,但不足以衡量支出、续约行为或采购耐久性。[CU009, CU010, CU011, CU012, CU013, CU014]

具名客户证据表
客户细分领域部署 / 用例生产部署 vs. 试点结果 / 影响局限
Hugging FaceAI / 开源面向 ML 工具和 CI/CD 的通用安全远程访问,配合 Okta、SCIM 和基于 ACL 的分段生产客户案例称,部署每月节省数十小时,并简化了最小权限访问公开证据来自 Tailscale 案例研究,而非独立文件或采购记录
Instacart大型商业平台多云内部访问、生产故障排查、受 HIPAA 限制的工作流、split DNS 和子网路由器生产从 8 套独立 VPN 迁出,不到一天就跑通多环境配置未公开披露席位数或年度支出
Cribl安全 / 遥测供应商面向远程优先团队的安全远程办公和身份优先访问生产案例研究把 Tailscale 采用与员工数从约 18 人增至约 550 人联系起来除运营更顺手外,未披露经济成效
Mercury金融科技 / 银行软件全公司 tailnet、子网路由器,以及对 NixOS 友好的内部访问生产在员工数从 240 人扩至 1,000+ 人期间,几天内搭起全公司 tailnet未披露合同期限或续约数据
Abilene Christian University高等教育机构教职员工访问 ERP 和校园系统,并配套细粒度端口级控制生产说明 Tailscale 不只服务初创公司,也能支撑机构级工作负载机构案例不等于具名政府机构采购
Linux Foundation非营利 / 开源基础设施在项目托管和开发者社区运营中替代 OpenVPN生产公开引述称,ACL 和密钥管理大幅简化除该引述外,未披露支出或推广范围
VersaBank受监管银行纯软件远程访问,ACL 更易用,支持 2FA 和远程控制工具生产证明适配受监管、无网点银行成效证据聚焦可维护性,而非量化成本节省
Loft Orbital航天 / 邻近公共部门业务为分布式航天基础设施团队提供可靠访问生产公开引述称,团队达到 300 人时,Tailscale 帮助消除断连和支持工单拖累展示的是服务政府项目的商业运营商,不是具名机构部署
Vanta合规 / 安全软件开发者通过 GitHub Codespaces 访问预发布和云环境生产公开引述称,早期 VPN 工具使用耗时大约多 50%未见关于账户规模或续约的公开证据
Netcraft网络安全服务员工构成从工程师扩展后,统一远程联网和入职流程生产案例研究说明,员工构成变多后,更简单的入职流程为何重要未量化节省时间或减少工单
Mercari市场平台 / 消费者应用QA、工程团队和 GitHub Actions 访问内部环境生产公开故事称,切换前日常 VPN 故障排查已经成为拖累未量化切换前后的支出数据
DEEL Media现场 IoT / 数字标牌按需访问全球设备群中的屏幕和远程设备生产案例研究称,Tailscale 借助集中管理身份,提供即插即用的设备支持该细分领域只有一个公开案例
Yugabyte开发者基础设施 / 数据库支持用于支持、演示和问题复现的共享 Tailscale 环境生产清楚证明价值不止替换通用员工 VPN,而是贴近开发者工作流公开案例研究覆盖一个团队,而非整家公司

表中行覆盖截至 2026-05-21 找到的最强公开具名参考;它们证明多个细分领域存在生产使用,但没有枚举完整客户群。

[CU010, CU011, CU012, CU013, CU014, CU015]
FU003: 客户证据矩阵

公开证据集在生产确认和具名运营方上最强,但独立经济验证和留存可见性较弱。

最后一列记录公开来源是否对持续扩张或续约给出有意义信息,并不代表公司披露了真实留存指标。

[CU011, CU013, CU017, CU019, CU020, CU023]

6.3 买方、用户和付款方模式说明团队为何采用 Tailscale

在样本中,初始推动者通常是 DevOps 工程师、资深工程师、安全负责人或 IT 管理员,他们直接承受传统 VPN 工具的痛点。日常用户更宽:工程师、教师、远程员工、支持技术员、现场工程师,或只需要可靠访问内部资源的普通员工。 经济审批人通常是公司的 IT、安全或工程预算所有者,而不是业务线经理。这个模式解释了 Tailscale 为什么能赢。客户故事反复描述同一组痛点: VPN 太多、证书或用户管理负担、性能差、MFA 笨重、非技术用户导入困难,或无法连接 Codespaces、 CI/CD、QA 设备、远程屏幕等现代工作流。因此,产品吸引力不在抽象零信任理念,而在为真实团队降低摩擦,同时在组织准备好时补上 SSO、ACL、子网路由器、split DNS 或基于身份的分段。[CU030, CU031, CU032, CU033, CU042]

买方 / 用户 / 付款方模式表
细分领域初始推动者日常用户经济审批人 / 付款方Tailscale 胜出原因扩张信号仍可见的摩擦
AI / DevOps 团队DevOps 工程师或安全负责人开发者、研究员、CI/CD 操作人员工程、平台或安全预算负责人借助现有 IdP 快速搭建网络,提供零信任远程访问SCIM、ACL、CI/CD 和最小权限扩张未披露 AI 席位经济性或续约
大型商业和市场平台团队资深工程师或平台工程师工程师、QA、值班响应人员工程或中央 ITVPN 更少、干扰更少、多云访问更快子网路由器、split DNS 和生产调试工作流公开来源未用美元量化支持节省
安全 / 合规供应商安全总监或 IT 负责人技术与非技术员工混合安全或 IT 预算入职流程比旧 VPN 更简单,同时不牺牲控制深度Codespaces、更广的公司 tailnet,或策略分层可能反映买方本就偏好基础设施工具
金融科技 / 受监管买方信息安全或基础设施负责人访问敏感系统的员工和管理员安全、基础设施或 CIO 预算纯软件访问层,ACL 更易用,并支持 SSO子网路由器、NixOS 和远程管理工作流未公开采购时间线或合同细节
机构 / 非营利团队信息安全或核心项目负责人教职员工或项目运营人员机构 IT 预算证书和用户管理负担低于 OpenVPN更广的校园或社区分段仍缺少政府采购证据
现场 / IoT 运营产品或支持负责人技术人员和支持人员运营或产品预算以最少网络改造按需访问远程设备更多设备和更多现场地点公开证据集中在一个具名案例
开发者支持 / 售后工程支持或现场工程师支持工程师和演示团队工程预算无需定制 VPN 工作,快速创建共享调试环境更多团队或演示接入同一个 tailnet未披露团队级留存或支出数据

本表综合多个具名案例研究中的重复模式,而不是每个单元格都引用单一来源;它是对截至 2026-05-21 公开证据集的结构化解读。

[CU030, CU031, CU032, CU033, CU042]
FU002: 采用 / 部署流程

Tailscale 采用通常从技术上可信的试点开始;相邻工作流接入同一个 tailnet 后,再扩展为更广泛的业务标准。

该流程是定性判断,来自具名案例研究里的重复模式,不来自已披露客户漏斗仪表盘。

[CU013, CU017, CU025, CU030, CU031, CU032]

6.4 耐久性、扩张和满意度有定性可见度,但缺少数字

留存和扩张证据显然是公开客户故事中最弱的一环。好消息是,定性信号真实存在:员工数和运营复杂度上升后,Cribl、Mercury 和 Loft Orbital 都描述了更大范围铺开,评论网站也仍强调易用、设置快、支持负担更低。评论信号并不完美。PeerSpot 投诉提到 Mac 上的多账户登录问题,以及在 tailnet 之间切换时的摩擦;Trustpilot 至少包含一条认为文档缺少细节的投诉。 即便如此,负面信号指向的是可用性边缘,而不是大规模部署失败。投资者需要判断耐久性的关键数据仍然缺失:NRR、GRR、流失、 平均合同期限、续约率和分部门扩张曲线。公开案例研究显示,账户可以从一个工作流落地,并扩到路由、身份、CI/CD 或边缘支持, 但并未显示这种扩张发生的频率,也没有显示创造了多少收入扩张。[CU032, CU034, CU035, CU036, CU037, CU038]

留存 / 重复使用 / 满意度表
指标数值 / 状态细分领域置信度来源 / 依据尽调请求
NRR / GRR / logo 流失未公开披露整体本轮审阅来源均未披露这些指标请求按获客批次拆分的 NRR、GRR、logo 流失和扩张
续约率 / 合同期限未公开披露付费商业账户案例研究聚焦部署成效,而非商业条款请求按细分领域拆分平均合同期限、续约节奏和自动续约行为
PeerSpot 评价信号易用性、配置、免费层和支持反馈正面;多账户登录和 tailnet 切换反馈负面开发者 / SMB 和混合团队PeerSpot 用户评价聚合要求支持团队提供按问题类别拆分的企业工单量
Trustpilot 评价信号14 条评价给出 4.3 / 5,多数对免费层和可用性反馈正面,且至少有一条文档投诉自助 / 普通用户Trustpilot 评价页面核查企业用户是否也提到同样的文档缺口
扩张代理指标仅定性中端市场和企业Cribl、Mercury、Loft Orbital 等案例描述,团队复杂度上升后推广范围扩大请求随时间变化的席位增长和模块挂载率
留存可见度结论虽然定性匹配强,但公开可见度弱整体公开来源提供案例研究和评价,但没有队列数据请求续约、流失和净席位扩张看板

这里类似 null 的条目表示,截至 2026-05-21 留存来源未公开披露该指标,不代表指标为零或不重要。

[CU032, CU035, CU036, CU037, CU038, CU040]

6.5 集中度风险、AI 组合与公开证据缺口仍需尽调

Tailscale 的客户故事带着三类商业风险。第一,AI 需求显然在推着增长走——独立报道把公司与 Mistral、Hugging Face、Perplexity 和 Cohere 联系在一起——但公司没有披露 AI 初创公司相对于更广客户 底盘贡献了多少收入、带来了多少增量客户。第二,证据集偏向技术前沿、工程驱动型组织;这对产品市场契合度是好信号, 但也可能高估了行动更慢、采购更重的买方采用率。第三,公共部门证据仍然薄弱。本轮看到的具名机构证据,最强的在高等教育、 非营利基础设施和邻近公共部门的航空航天,而不是已披露的政府机构部署。这并不意味着公司没有公共部门牵引力,只是公开证据 还没有跟上。再叠加缺少头部客户集中度数据,这一章的结论是:生产使用已经被充分证明,但客户质量背后的经济性仍披露不足。[CU039, CU041, CU042, CU043]

扩张与集中度风险表
扩张驱动因素或风险当前公开证据解读潜在影响尽调路径
AI 初创公司需求明显有利于增长和心智份额,但收入依赖度未披露如果 AI 支出放缓,增长减速可能快于公开叙事暗示请求 AI 与非 AI 账户的收入、客户数和流失拆分
个人到工作场景和初创公司漏斗官方页面证明这一打法存在,但从免费或补贴使用转为付费团队部署的转化未知可能是强劲 CAC 优势,也可能只是噪声很大的漏斗顶部请求个人到商业套餐、初创公司项目到付费续约的漏斗指标
技术导向客户案例偏斜具名证据最集中在工程主导的软件、安全和基础设施买方可能夸大采购较重行业的采用度请求按垂直领域、公司规模和交易渠道拆分的现有客户构成
头部客户集中度公开来源披露 10,000+ 付费商业客户,但未披露头部账户敞口少数超大账户仍可能对 ARR 有实质影响请求前 10 大客户 ARR 占比、最大账户规模,以及按细分领域拆分的 logo 集中度
公共部门证据深度有机构证据,但本轮公开来源未核实具名政府机构证据如果机构证据弱于营销暗示,采购较重的扩张叙事可能放慢请求具名参考、合同工具和当前政府管线
客户投诉公开投诉集中在账户切换、文档和边缘可用性,而非灾难性故障在技能水平混杂的组织中,可用性摩擦仍会拖慢更广推广请求支持工单趋势、客户成功升级事项和企业部署阻碍

风险行区分公开证据已经证明的内容和仍需管理层披露的内容;没有公开指标,不应误读为没有风险。

[CU034, CU036, CU037, CU039, CU041, CU042]
Chapter 07

07风险

7.1 竞争挤压与边界风险

Tailscale 最强的产品优点,也是它的核心战略风险:客户只想买安全连接时,它最容易成交;但同样的聚焦让它在市场两端都暴露。 公开定价页用免费、标准、高级和企业版把初始购买动作压得很简单,但产品页也显示,公司已经伸向标签资源、临时资源、 邻近 PAM 的功能和 AI 治理。更宽的产品面能抬高单账户平均收入,却也把 Tailscale 推进 Cloudflare、Zscaler、 Palo Alto Networks 和 Cisco 的预算通道;这些厂商靠把私有访问与 DLP、SWG、CASB、浏览器隔离、AI 控制和更宽的策略控制台捆在一起, 卖出更大的预算。往下看,NetBird、ZeroTier 和 Teleport 仍在证明,买方可以用产品打磨度换自托管、开源杠杆或更窄的特权访问专精。 净结果不是 Tailscale 没有差异化,而是这种差异化更多来自体验和架构,不是完全结构性的壁垒。如果套件厂商变得更简单,或开放 / 自托管工具变得更易用, Tailscale 可能被压缩成一个功能、一个补充项,或采购上的折中,而不是整个平台采购。[CR015, CR016, CR017, CR018, CR019, CR020]

7.2 架构、安全与运营依赖风险

这套架构仍然是在拿掉一类风险的同时引入另一类风险。Tailscale 的安全页面罕见地明确说明,它无法检查客户流量,既有点对点连接也能在协调平面宕机时继续存活; 这有利于隐私、成本结构,也提升了抵御集中式数据平面瓶颈的韧性。但同一批资料也说得很清楚:入门配置、密钥交换、策略分发、管理员变更和部分恢复路径, 仍然依赖协调服务正确运行。DERP 只是兜底,但 DERP 文档说,重度依赖中继通常意味着性能更差;运行自定义 DERP 是一项高级、持续的运营负担, 不是轻松的逃生通道。已披露的安全记录同样重要。2026 年公告覆盖了一个 Web 界面 ACL 绕过和一个 macOS AlwaysOn helper 漏洞; 更早的公告以及 NVD/CVE 记录显示,SSH 和 Tailnet Lock 的边缘案例曾跨不同平台和部署模式出现。独立宕机追踪又补了一层提醒: 公开事故历史包含多次协调、管理控制台、证书、日志、计费和 Funnel 降级。单看这些都不会推翻产品逻辑,但它们说明 Tailscale 仍是一家真实的软件和运营公司, 不是魔法。[CR001, CR002, CR003, CR004, CR005, CR006]

运营 / 质量 / 安全风险清单
失效模式可能性严重性缓释成熟度残余暴露未解决缺口
协调服务或管理控制台降级,会拖慢入职、策略变更、API 操作和部分登录流程既有对等路径可以存活,但新会话和管理操作仍会很快感知中断没有按工作流拆分、且有 SLA 支撑的协调依赖公开说明
在限制性 NAT 或难以建立对等连接的环境里,DERP 回退会变成性能瓶颈全球 DERP 和对等中继已经存在,但文档仍把频繁使用 DERP 描述为性能较差的信号没有公开披露直接连接与 DERP 的流量结构,或区域级依赖情况
Tailnet Lock 不是默认项,历史上也曾在部分守护进程配置错误的部署中失效Tailnet Lock 已存在,相关缺陷也已修复;但启用和运营仍需要签名节点和安全的密钥处理没有公开披露大型或受监管客户中的 Tailnet Lock 采用率
客户端暴露面漏洞要求网页 UI、MDM 辅助组件、SSH 和共享子网路由器路径快速打补丁Tailscale 会披露问题并发布修复,但买方安全取决于混合终端能否有纪律地升级没有公开披露中位补丁窗口或终端群版本分布
2026 年 Funnel、证书、日志、计费和协调服务反复出事故;若频率延续,信任会被侵蚀状态可见性较好,已报告案例中的事件也很快解决公开事件历史未披露受影响用户比例或收入损失影响

严重性按买方或投资者视角排序,而不是按 CVSS 评分。残余暴露仍然有意义,因为 Tailscale 的架构降低了一些中心化瓶颈,但仍依赖软件正确性、中继条件和补丁执行。

[CR002, CR005, CR006, CR007, CR008, CR009]
合作伙伴 / 依赖风险清单
依赖项交易对手 / 系统角色集中度失效场景严重性缓释措施残余暴露
身份认证与 MFA客户身份提供商主要用户认证、SSO、MFA 上下文单个客户内高IdP 中断或配置错误会阻断或削弱访问决策借助既有企业 IdP 和 MFA,而不是另造目录Tailscale 不拥有 IdP,无法消除这项依赖
控制平面Tailscale 协调服务密钥分发、策略状态、节点准入、管理变更平台级控制平面状态错误或不可用,会损害入职、信任和管理Tailnet Lock 降低部分信任假设,既有对等连接也可持续管理和恢复路径仍依赖该服务
中继与互联网路径DERP 区域加公共网络条件直接对等连接失败时提供回退可达性困难路径流量共用重度依赖中继的客户在区域或路径退化时会感到延迟或可用性压力对等中继、多个 DERP 区域,以及可选的自定义 DERP自定义 DERP 属于高级配置,不是开箱即用的修复
数据处理与合规栈分处理方和跨境服务地点存储、处理和服务交付分处理方或地点变更会给客户采购或监管合规带来摩擦已披露 DPA、通知机制和反对权客户仍需跟踪每次变更是否可接受
PAM 扩张Border0 团队和产品整合会话可见性、审批、RDP/VNC/DB/K8s 工作流新功能领域高整合滑坡或客户理解混乱,会拖慢新版特权访问叙事的采用常见问题说明称 Border0 在逐步整合期间仍会获得支持原生终局仍是路线图,不是已完成的公开产品

本依赖清单同时纳入外部交易对手和架构系统,因为两者都可能把失效传导到客户信任和收入。排序依据是该依赖会多直接地中断访问、采购或平台扩张。

[CR003, CR004, CR005, CR006, CR008, CR033]
FR003: 依赖关系图

最关键的依赖并不在加密数据平面内,而在身份、协调、中继条件、合规伙伴,以及仍在成形的特权访问扩张栈。

这张依赖图有意排除所有内部微服务,只聚焦最可能改变客户信任、采购摩擦或经济价值的外部系统 / 架构依赖。

[CR003, CR005, CR006, CR008, CR015, CR033]

7.3 商业执行与客户质量风险

Tailscale 的商业化故事强到值得投资,但还没有透明到低风险。公开报道显示,Tailscale 已有超过 10,000 家付费商业客户,仍在增长; Mistral、Hugging Face、Perplexity、Cohere 和 Groq 等 AI 名字被反复强调为重要用户。这是一个真实信号:多云 AI 基础设施是身份优先 mesh 产品的有力切入点。 这也是集中度警报。公开记录没有说明 AI 相关客户贡献了多少 ARR、毛利率或支持负担,免费增值底盘转化多少,或者第一个技术团队落地后,使用量是否能持久扩张。 定价面也不再像纯按座席计费的 VPN 替代品那么简单,因为标签资源和临时资源现在很重要。与此同时,管理层评论和独立访谈显示,公司被拉向更大、 更多域的企业和 PAM 等相邻工作流。产品驱动增长最容易在这个阶段放慢,进入更长、更定制的企业周期。如果 Tailscale 不能在支持大客户的同时守住低摩擦部署, 它可能两头都落空:既没有干净的 SMB 简单性,也拿不到完整企业钱包份额。[CR015, CR016, CR027, CR028, CR029, CR030]

商业 / 客户风险清单
风险主题公开证据可能性严重性当前缓释措施残余暴露尽调路径
AI 客户集中度多个官方和独立来源都把领先 AI 公司列为代表性客户AI 是真实顺风,也很适配产品收入占比和头部客户集中度未披露索取按垂直行业拆分的 ARR、前 10 大客户,以及 AI 与非 AI 新业务结构
免费转付费不透明免费增值定价公开,但转化率不公开低摩擦的产品驱动采用,让漏斗顶部保持宽公开证据尚未证明免费基数的单位经济性询问免费转付费队列转化,以及免费账户带来的支持成本负荷
留存与扩张不透明没有公开披露 NRR、GRR、流失、合同长度或续约情况具名客户增长故事显示了定性扩张耐久性仍缺少定量证明获取按细分拆分的队列留存、NRR、GRR 和扩张瀑布
高端企业销售拖累管理层评论称,更大客户正把路线图拉向更复杂的方向新资本和运营招聘支撑扩张更长周期和定制需求会压缩速度和毛利率审查企业销售周期长度、概念验证负荷和实施人员配置
打包复杂度席位定价现在混入了带标签和短生命周期资源计量,并叠加企业定制打包已披露标价仍保留核心席位的自助清晰度更大客户或重工作负载客户可能更难归一化预算,也需要更多谈判索取按席位与资源拆分的计费分布,以及企业定价模型样例

本表隔离客户质量和变现风险,而不是单纯市场竞争。排序依据是各问题会多快削弱对收入耐久性的信心。

[CR015, CR016, CR027, CR028, CR029, CR030]
FR002: 风险传导图

Tailscale 的主要风险通过少数渠道传导到估值:企业胜率、留存质量、支持成本,以及市场是否相信公司能扩张而不变成更重的套件。

这张图展示因果传导路径,而不是量化弹性;目的是说明哪些可观察事件会最快改变估值信心。

[CR002, CR013, CR026, CR029, CR032, CR036]

7.4 治理、法律与融资风险

剩下的风险簇,重点不在 Tailscale 能不能卖软件,而在新投资人到底能从公开证据中承保多少。2025 年 Series C 明显重设了预期: 公司融资 $160M,独立报道给出的投后估值接近 $1.45B USD;这意味着后续投资人买的是高增长溢价叙事,不是隐藏便宜货。但公司仍不披露当前 ARR、 利润率、留存和客户集中度,甚至公开员工数在可信报道之间也不一致。官方 About 页面继续强调全远程、小团队运营模式,并在技术身份和外部叙事中高度围绕 Avery Pennarun。这可以是优势,但随着公司增加企业销售、全球覆盖和更宽的产品地图,也会抬高关键人物和执行梯队风险。法律上,Tailscale 的条款、隐私政策、 DPA 和 DORA 附录显示了相当成熟的合同栈,但也把大量合规适配推给客户,依赖跨境处理和分包处理方,并把特殊审计、退出和事故响应机制留给受监管买方。 在保留的直接来源中,没有强公开诉讼或执法记录;更合适的处理方式是把它视为一个开放尽调项,而不是无风险证明。[CR035, CR036, CR037, CR038, CR039, CR040]

监管 / 法律风险登记表
规则 / 义务司法辖区状态可能性严重性缓释措施剩余敞口尽调路径
隐私、处理方和跨境数据传输义务美国 / 欧盟 / 英国 / 加拿大通过隐私政策和 DPA 生效已发布隐私政策、DPA、SCC 框架、子处理方流程和 72 小时泄露通知承诺客户仍需负责合法使用、通知和行业适配;跨境处理仍是买方尽调项请求当前子处理方清单、数据区域承诺,以及按细分领域拆分的客户特定安全 / 法务红线
DORA 和受监管金融客户义务欧盟 / 英国金融实体已提供附录DORA 附录提供审计、配合、事件协助、业务连续性条款和退出机制Tailscale 明确表示,其不是关键 ICT 第三方,默认不承担关键功能,因此买方解读很重要获取受监管客户参考,以及金融实体实际签署的协商附录
泄露和公权力响应义务多司法辖区已披露合同承诺DPA 承诺不无故拖延、且在 72 小时内通知;公权力机关请求也有异议和透明度条款执行质量仍取决于分处理方、内部检测能力,以及面向具体客户的响应流程审查事件处置手册、泄露通知样例,以及近期监管机构或企业客户升级处理案例
客户自负的行业场景合规适配取决于行业风险部分转给客户条款和 DPA 清楚说明共担责任,也限定 Tailscale 会替客户评估什么医疗、教育、银行或主权场景买方可能到采购后期才发现额外控制缺口先把产品控制项对照 HIPAA、FERPA、银行和主权要求,再假设 Tailscale 可以直接替换接入
消费者 / 自助式争议条款与企业采购惯例的落差主要是自助式客户已披露仲裁和集体诉讼豁免条款企业买方可通过 MSA 和附录谈判,不必只接受自助式条款默认条款仍更像轻量 SaaS 合同,而不是上市公司级别的信息披露深度确认哪些客户仍使用自助式条款、哪些签了谈判文件,并审查任何重大例外条款

本清单覆盖截至 2026-05-21 可获得的、最强的直接公开法律和监管暴露面;它只是公开样本的一部分,不能替代由律师牵头的诉讼、制裁、出口管制或监管数据库审查。

[CR009, CR011, CR012, CR040, CR041, CR042]
人员 / 执行风险清单
角色 / 职能依赖或缺口可能性严重性缓释措施尽调路径
创始人 / CEO 领导力Avery Pennarun 仍是公开层面最主导的技术和战略声音已有董事会、战略和技术顾问梯队,也补充了运营高管询问继任深度、决策权分配,以及创始人层之下的梯队强度
远程运营模式全远程、小团队哲学可能拉扯管理一致性和全天候覆盖远程文化很明确,公司也在扩大国际覆盖按职能和地域审查组织设计、支持覆盖和流失数据
企业商业化扩张更大客户正把产品推向多域和更定制化的需求新资本和运营招聘支撑扩张索取企业销售周期数据、赢单 / 输单原因,以及实施资源需求
产品范围协同AI 治理加上 Border0 支撑的 PAM 扩张,会增加跨团队复杂度管理层称不会推出彼此割裂的业务线,而是追求一体化整合检查路线图纪律、正式发布(GA)标准和新模块附加率

执行风险的排序核心,是当前团队能否在不丢掉简洁性的前提下放大一款深受喜爱的产品,而不是公司能不能招人。公开证据在理念上最强,在内部运营指标上最弱。

[CR031, CR032, CR033, CR034, CR038, CR039]
缓释措施与终止标准表
风险可监控触发器阈值 / 事件行动含义
控制平面可靠性公开事件频率单季出现多起协调或管理平面事件,且恢复速度慢于当前历史视为投资逻辑恶化,因为 Tailscale 的价值依赖买方相信它能以低运营负担运行
客户端暴露面安全严重漏洞模式反复出现再次出现高影响本地网页、认证或特权访问缺陷,且缺少快速补丁采纳指引要求补丁合规证据,并下调承销信心
企业范围蔓延路线图扩张速度持续快于正式发布(GA)整合质量PAM、AI 治理和企业管理功能扩张,但仍难以部署或解释假设支持成本上升、企业转化放慢
商业集中度AI 结构或头部客户依赖被证明过大管理层尽调显示,一小批 AI 客户贡献了不成比例的新 ARR对估值要求集中度折价,并收紧下行情景
披露不透明财务透明度没有实质改善私募轮或老股交易标记继续出现,但 ARR、留存和利润率证据仍不披露除非尽调打开账本,否则把估值视为偏高
竞争压缩相比套件或自托管工具,胜率或价格压力恶化大客户越来越需要配套购买 SSE,或靠大幅折扣才能成交将护城河从平台候选重估为功能丰富的点状解决方案

这些触发器设计为 2026-05-21 之后可监控。它们不是预测,而是会最直接改变投资判断或可接受入场价格的阈值事件。

[CR035, CR036, CR037, CR041, CR046, CR047]
FR001: 风险热力图

最高的剩余风险不是单纯技术故障;而是上方套件厂商的战略挤压、披露不透明,以及从最初 VPN 替代切入口向外扩张所需的协同能力。

这张热力图是基于公开直接证据搭出的综合视角,不是统计损失模型。标签按投资人截至 2026-05-21 对剩余暴露的判断分级。

[CR017, CR018, CR019, CR020, CR021, CR026]

7.5 图表与证据

Chapter 08

08估值

8.1 2025 年 4 月这轮融资抬高了门槛,但公开经济性仍落后于叙事

Tailscale 2025 年 4 月的 Series C 很容易被误读,因为融资标题比背后的公开经济披露更强。独立报道在关键事实上一致: 公司融资 $160M,投后估值约 $1.45B,付费商业客户超过 10,000 家,并且到 2025 年春季仍在快速复合增长客户新增和收入。这是真实的商业拉力证据, 但不等于一个可以完整承保的估值。同一批报道也说,ARR 未披露,公司只是方向性描述高速增长,管理层把业务描述为在需要时有足够现金跑道走向盈利。 这种组合通常意味着投资人在为轨迹付费,而不是为已披露的财务质量付费。因此,从 2022 年 Series B 到 2025 年 Series C 的融资推进很重要, 但主要证明市场对 Tailscale 的预期大幅上台阶。没有公开留存、利润率、烧钱速度或集中度数据,这轮融资更应该被看作一次雄心很高的价格发现事件, 而不是干净的公允价值锚。[CV001, CV002, CV003, CV004, CV005, CV006]

可比估值表
可比对象状态 / 规模倍数 / 估值状态相关性为何不能直接类比对 Tailscale 的启示
Cloudflare上市公司;市值约 $75.16B,TTM 收入 $2.16B市值 / 收入约 34.8x;Multiples.vc 显示 EV/LTM 收入约 30.5x显示投资人愿意为高速增长的云基础设施叠加零信任邻近业务支付多少。边缘、网络和 SASE 平台宽得多,且有上市公司披露。只能作上限护栏;不能直接套用为 Tailscale 的倍数。
Zscaler上市公司;市值约 $27.49B,TTM 收入 $3.00B市值 / 收入约 9.2x;Multiples.vc 显示 EV/LTM 收入约 8.3x可用作零信任与安全访问基准,企业级检测深度更强。平台以检测为重,企业规模也大于 Tailscale 当前范围。更适合作为已披露访问 / 安全厂商的中低位护栏。
Palo Alto Networks上市公司;市值约 $205.11B,TTM 收入 $9.89B市值 / 收入约 20.7x;Multiples.vc 显示 EV/LTM 收入约 18.0x显示市场如何给已有规模、ARR 韧性强的安全平台定价。产品套件宽得多,ARR 达数十亿美元,分销引擎也更成熟。说明高端估值需要市场奖励怎样的业务范围和披露水平。
Cisco上市公司;市值约 $465.87B,TTM 收入 $59.05B市值 / 收入约 7.9x可作广泛但增长较慢的既有厂商下限参照。集团规模、硬件收入混合和渠道力量让其结构上不同。说明增长放慢时,宽平台倍数可以低到什么水平。
Finro 上市网络安全公司平均值覆盖 28 家上市网络安全公司的独立数据集平均收入倍数约 7.8x可锚定公开市场估值重心。数据集横跨多个细分赛道,并不专门针对连接优先厂商。支持保守折价,而不是假设顶十分位溢价。
Finro 私营与 M&A 基准覆盖 161 家私营公司和 61 笔 M&A 可比交易的独立数据集私营公司平均收入倍数约 15.2x,M&A 约 16.3x;云安全平均约 21.7x说明私营轮和收购定价可以高于公开市场平均。基准混合了不同细分、阶段和交易动机。解释了为什么 Tailscale 或许能完成溢价融资,但相对上市可比公司仍显偏贵。

公司倍数基于 2026-05-21 CompaniesMarketCap 的市值和收入快照估算;可取得时用 Multiples.vc 交叉校验上市可比公司。表格是一组代表性护栏,不是完整可比公司池。

[CV002, CV017, CV018, CV020, CV022, CV023]
FV001: 投资建议逻辑

只有在强劲市场拉力和客户增长能够匹配 ARR、留存和利润率的私有证据时,估值判断才会改善。

这条流程是分析性决策路径,不是统计模型。

[CV002, CV004, CV005, CV013, CV045, CV046]

8.2 公开可比公司是有用护栏,但也说明顶端倍数很危险

使用公开可比公司的保守方式,是把它们当护栏,而不是直接套公式。Cloudflare、Zscaler、Palo Alto Networks 和 Cisco 都提供了有用的估值参照点, 但每家公司在关键层面都比 Tailscale 更宽。Cloudflare 混合了网络、边缘和 SASE 宽度;Zscaler 围绕大规模检查和零信任交换架构搭建; Palo Alto 销售 AI 驱动的安全平台,下一代 ARR 达数十亿美元;Cisco 拥有巨大规模、渠道触达和宽基础设施经济性。即便如此,公开样本仍有价值, 因为它显示了投资人已经愿意为具备可见收入和披露节奏的安全资产支付的估值区间。按公开市值和收入信号,选定区间大约在 8x 到 35x 收入之间; Multiples.vc 和 Finro 都指向一个结论:上市网络安全公司的平均倍数远低于私募融资或头部 M&A。也就是说,Tailscale 不能只因为有 AI 客户和强用户喜爱, 就自动借用 Cloudflare 式或云安全溢价倍数。如果唯一可见的 ARR 估计即便只是方向正确,2025 年 4 月这轮融资也已经偏向公开可比公司可支撑范围的高端。[CV011, CV012, CV017, CV018, CV019, CV020]

投资逻辑 / 反向逻辑表
视角投资逻辑为何成立反向逻辑为何仍重要判断更新触发器
产品市场契合10,000+ 付费企业客户和持续客户增长显示真实需求。采用证据强于变现证据。留存、扩张和合同规模披露。
商业模式席位定价加资源概念,意味着变现空间可能不止是简单 VPN 替代品。复杂定价并不证明企业规模上的付费意愿。付费席位增长和资源附加率的队列数据。
资本效率叙事管理层称公司有现金跑道,并可在需要时转为盈利。叙事上的效率不等于已披露的毛利率或烧钱质量。实际烧钱倍数、毛利率和现金余额。
AI 与企业拉力AI 公司名单和更大企业似乎在把路线图往上拉。AI 热度可能过度抬高私有估值,并遮住集中度风险。按 AI 队列拆分的收入占比、NRR 和集中度。
公开可比公司上限云和零信任同行证明,市场愿意为安全资产支付溢价倍数。这些同行本身更宽、披露更多,且往往比 Tailscale 更赚钱。证明 Tailscale 配得上小众溢价倍数,而不是平均公开市场倍数。
退出可选性管理层把公司描述为独立公司,并可能走 IPO 路径。在披露质量和上市公司准备度改善前,IPO 表述仍偏愿景。审计准备度、治理深度和持续的上市公司规模指标。

每一行都把最强的公开多头信号与最重要的公开反向证据并列;本表刻意保持平衡,而不是说服读者。

[CV004, CV005, CV006, CV011, CV012, CV013]
FV004: 投资 KPI

记分卡在市场拉力和产品验证上很强,但披露质量和安全边际偏弱。

这些 KPI 是综合投资判断,不是经审计的运营指标。

[CV004, CV005, CV013, CV045, CV046, CV047]

8.3 基准情景接近上一轮,但前提是私下尽调补上缺失的质量指标

由此得出的投资观点,既不是看空否定,也不是放绿灯加价买入。最强投资逻辑是,Tailscale 已经证明了一件少见的事:在一个痛点明确的品类里实现了真实产品市场契合, 看得见 AI 和企业拉力,并且管理层称这套商业模式不靠紧急融资也能走向盈利。反向逻辑是,这些证明来自选择性叙事披露,而不是可审计的运营数据。 因此,保守基准情景只有在管理层能私下证明 ARR、毛利率、留存和账户质量强于公开证据时,才会落在上一轮附近。乐观情景要求的不只是持续客户增长, 还要范围拓宽、大客户内部持久扩张,并有足够经济质量去拿到高于上市网络安全平均倍数的溢价。悲观情景更简单:如果增长质量比故事更薄, 或者 AI 热情和私募市场稀缺性在 2025 年定价中出力最多,这轮估值很快会显得过度拉伸。基于这些公开证据,合适的建议是继续研究,置信度中等, 风险评级高,估值立场偏高。[CV045, CV046, CV047, CV048, CV049, CV050]

建议摘要表
维度当前判断原因决策含义什么会改变判断
建议继续研究公司质量看起来真实,但公开经济数据太薄,难以支撑激进入场。不要只凭叙事追价。经审计或尽调支撑的 ARR、留存和利润率证据。
信心市场、客户和产品信号都强,但估值论证依赖缺失的私有事实。采用保守承销,并拉宽情景区间。与增长故事一致的私有数据包。
风险评级估值支撑对留存、集中度和资本效率数据高度敏感,而这些数据仍是私有信息。把下行触发器当成准入门槛,不是脚注。持续扩张且集中度低的证据。
估值立场偏高2025 年轮次已经计入强 AI 和企业动能,但公开披露仍滞后。要么要求价格纪律,要么要求更深的尽调支撑。低于上一轮价格入场,或证明经济质量超过当前公开线索。
组合含义有纪律地跟踪Tailscale 看起来值得投资,但对新资金而言还没有明显错配定价。持续关注信息更充分的老股或未来轮次机会。一套已披露、能缩小不透明折价的运营数据包。

本表只是把留存下来的公开证据转化为截至 2026-05-21 的投资判断;不能替代管理层尽调或股权结构表审查。

[CV045, CV049, CV055, CV056, CV057, CV058]
乐观 / 基准 / 悲观情景表
情景核心假设估计估值区间(USD)概率信号回报逻辑关键触发器
乐观AI 和企业动能转化为持久扩张,ARR 明显高于公开估计,效率保持强劲。$1.7B-$2.3B只有私有尽调明显好于公开证据集时才成立。支撑高于 2025 年轮次的上行空间,但仍需要优质指标。高 NRR、低集中度,以及可信的多年企业扩张。
基准产品市场契合真实,ARR 和留存扎实但不算出众,公司相对平均公开网络安全可比公司应有适度溢价。$1.2B-$1.6B最符合对公开证据的保守解读。价值接近上一轮,对新投资者安全边际有限。管理层数据包大体匹配增长叙事,但没有重大正面惊喜。
悲观ARR 或留存弱于暗示,AI 结构集中,或公开市场纪律压缩私募市场胃口。$0.8B-$1.1B若私有尽调令人失望,下行空间显著。让 2025 年轮次跌破水面,也让新资本缺乏吸引力。ARR 规模不足、利润率较弱,或客户集中度高。

估值区间是估算性护栏,综合融资推进、上市可比公司区间、行业基准区间、当前客户增长势能, 以及唯一的外部 ARR 估计得出;这些区间刻意保守,不应读成点估值。

[CV014, CV016, CV040, CV041, CV042, CV049]
FV002: 估值敏感性

估值案例最敏感的不是已经可见的市场故事,而是非公开经济性证据。

条形图按投资人视角用 1-5 分衡量相对估值敏感性,不代表测得的弹性。

[CV042, CV047, CV049, CV051, CV057, CV061]
FV003: 估值 / 回报区间

根据私有尽调结果,保守的公开证据区间把 Tailscale 放在低于、接近或高于 2025 年融资轮的位置。

所有数值均为以十亿美元计的估算值,反映保守的公开证据护栏,不代表按市价计量的精确值。

[CV049, CV050, CV051, CV058, CV059, CV060]

8.4 入场纪律取决于私下尽调揭示的集中度、留存和股权结构

最终判断关乎纪律,而不是欣赏。Tailscale 看起来是一家强公司;问题是新投资人在 2025 年 4 月价格或更高价格上,还能不能获得回报。 答案取决于一小组公开证据回答不了的私下事实。第一,投资人需要 ARR 桥接,以及毛利率、烧钱速度和现金效率的清晰视图,才能判断估值是偏高但合理, 还是单纯偏高。第二,需要留存和集中度数据,尤其公开报道强调 AI 需求和更大企业采用,却没有量化业务对二者的依赖。第三,需要股权结构表机制, 判断未来融资轮或退出是否真的能从这个入场点交付风险投资回报。这些尽调问题不是内务清单。它们决定该把这轮融资称为大致公允,还是过于激进。 在这些缺口关闭前,正确姿态是密切跟踪公司,避免英雄假设,并把下行触发器视为高度可行动,而不是理论风险。[CV059, CV060, CV061, CV062]

投资逻辑失效与止损触发项表
触发项阈值 / 信号为何重要行动含义监控路径
ARR 真实性核验失败私营 ARR 明显低于约 $60M,或增长已经拐头。2025 年融资估值相对上市可比区间开始显得偏贵。不要按上一轮或高于上一轮承销。索取月度 ARR 桥表和队列增长。
利润率和烧钱表现偏弱毛利率或烧钱曲线显示软件杠杆不足。相对上市同业,溢价估值更难站住。要求价格保护,或放弃。复核经审计毛利率、烧钱倍数和现金跑道。
客户集中度高头部客户或 AI 队列贡献了过高 ARR 份额。一旦某个队列降温,叙事强度可能很快回落。提高折现率,或避免进入。取得前 10 大客户和行业集中度表。
留存只是普通水平NRR 或 GRR 看不出强劲的落地后扩张行为。公司可能只配得上上市网络安全公司的平均倍数。下调基准情景。索取 NRR、GRR、logo 流失和扩张桥表。
平台扩张停滞企业级路线图和邻近产品扩大了成本,却没有提高客户钱包份额。Tailscale 可能停留在受欢迎但更窄的访问工具。下调终局倍数假设。跟踪企业功能和新产品模块的附加采用率。

阈值是估算性的尽调触发项,不是公开事实;刻意保持简单,因为公开证据集缺少做更精细校准所需的公司数据。

[CV047, CV049, CV051, CV057, CV058, CV059]
最终尽调问题表
主题缺失证据为何重要可能负责人决策用途
ARR 桥表2024 至 2026 年的月度 ARR 和新增 ARR 桥表。判断 2025 年估值倍数是偏贵但有支撑,还是单纯偏贵。CFO / 财务重建可比公司和情景区间。
毛利率和烧钱GAAP 或管理口径毛利率、烧钱倍数和现金跑道表。区分高效软件增长和高成本增长。CFO / 财务验证基准情景倍数和下行地板。
留存质量按细分给出的 NRR、GRR、logo 流失和队列扩张。判断客户质量能否支撑溢价估值。收入运营确认或否定乐观情景的扩张逻辑。
客户集中度按 ARR 拆分的前 10 大客户、AI 客户和企业客户组合。测试 AI 和企业叙事是分散支撑还是脆弱依赖。财务 / 销售领导层调整下行概率和折价。
股权结构表和条款优先股堆叠、清算权、期权池和老股交易历史。进入回报取决于实际分配机制,不只取决于名义估值。财务 / 法务测算真实稀释和退出所得。
上市公司准备度审计状态、董事会搭建和 IPO 准备里程碑。只有治理和报告能力撑得住,IPO 路径主张才有意义。CEO / 法务 / 董事会评估退出选择权和时点现实性。

这些是最低限度的尽调问题;只有拿到这些,本章才能从公开证据判断转为可投资的承销备忘录。

[CV007, CV013, CV043, CV055, CV056, CV061]

8.5 图表与证据

免责声明

本尽调报告由 AI 研究代理基于截至 2026-05-21 的公开来源生成,不构成投资建议,也不构成买卖任何证券的要约或招揽。Tailscale 是私人公司,许多重要财务和治理细节仍未披露;因此,估值和运营质量判断依赖不完整的公开证据,任何投资决策前都应直接用管理层材料验证。

证据索引

结论
编号陈述可信度来源
CO001 Tailscale Inc. was incorporated in Canada on 2019-03-23 and retained a Toronto registered-office trail in public corporate-directory data. SO026
CO002 Public funding histories consistently identify Avery Pennarun, David Carney, and David Crawshaw as original founders, with some external coverage also naming Brad Fitzpatrick in the founding group. SO019, SO020, SO004
CO003 Public evidence supports reading Tailscale as Toronto-anchored legally and reputationally but operationally distributed rather than office-centric. SO001, SO018, SO026
CO004 Tailscale’s current product positioning is secure connectivity for AI, IoT, and multi-cloud environments rather than a narrow legacy-VPN point solution. SO002
CO005 Tailscale’s architecture uses WireGuard as the encrypted data plane and a separate coordination server for key exchange and policy metadata. SO003, SO013
CO006 Tailscale routes authentication through external identity providers such as OAuth2, OIDC, or SAML providers instead of maintaining a separate username-password system. SO003
CO007 Tailscale says it has always been a fully remote company with flexible working hours. SO001
CO008 The current about page places Avery Pennarun in the CEO role and David Carney in the chief strategy officer role. SO001
CO009 The about page publicly associates Amit Kumar of Accel with the board and separately lists investor partners from Uncork, Insight, CRV, and Heavybit. SO001
CO010 Tailscale publicly names Jason Donenfeld, Abel Mathew, and Joe Beda on a technical advisory board. SO001
CO011 Tailscale announced a $160 million Series C on 2025-04-08 led by Accel with participation from CRV, Insight Partners, Heavybit, and Uncork Capital, plus named angels George Kurtz and Anthony Casalena. SO004
CO012 High-reputation April 2025 coverage placed Tailscale’s post-money valuation at roughly $1.45 billion. SO016, SO017
CO013 Public Series C materials support total capital raised of roughly $275 million by April 2025. SO004, SO016, SO017
CO014 Tailscale’s prior major financing was a $100 million Series B announced on 2022-05-04 and led by CRV and Insight Partners. SO021, SO022, SO019
CO015 Earlier public funding coverage names Accel, Heavybit, and Uncork as recurring investors and reports that seed backing came from Inovia Capital and Panache Ventures. SO019, SO016
CO016 Tailscale said it had surpassed 10,000 business customers by 2025-01-14 after being at 5,000 ten months earlier. SO005
CO017 BetaKit reported that Tailscale had seen another 20% increase in paid business clients since the January 2025 10,000-customer milestone and had 150 employees after the Series C. SO016
CO018 BankInfoSecurity reported that Tailscale employed 177 people at the time of the April 2025 Series C. SO017
CO019 Public April 2025 headcount signals conflict, with reputable reports citing both 150 and 177 employees. SO016, SO017
CO020 Official customer pages show Tailscale has named deployments at Instacart, Hugging Face, Mercury, and Cribl. SO009, SO010, SO011, SO012
CO021 Tailscale’s 2025 financing and growth materials explicitly name Perplexity, Mistral, Cohere, Groq, and Hugging Face among AI-company users. SO004, SO005, SO016
CO022 The Series C post says millions of people rely on Tailscale every day and that thousands of businesses have already adopted it. SO004
CO023 Tailscale’s current public product menu extends beyond business VPN into PAM, CI/CD connectivity, secure access to AI, workload connectivity, and edge or IoT use cases. SO001, SO002
CO024 The Border0 acquisition adds privileged-access workflows such as SSH, Kubernetes, remote admin, and database access controls on top of Tailscale’s connectivity layer. SO006, SO023
CO025 Aperture expands Tailscale into AI governance with centralized provider-key custody, identity-linked policy controls, and audit-ready session histories. SO024, SO025
CO026 Accel says demand from AI startups has surged because they use Tailscale to manage networking across multiple cloud providers. SO027
CO027 Series C proceeds were earmarked for global expansion and additional engineering, product, and sales hiring rather than a defensive balance-sheet raise. SO004, SO016, SO018
CO028 Tailscale’s security page says its DERP relay network is globally distributed with no shared state between regions, allowing failover if one relay region has an outage. SO007
CO029 Tailscale disclosed two notable 2026 vulnerabilities: a May 2026 ACL capability bypass in the web interface fixed in 1.98.0 and a January 2026 macOS tssentineld command-execution issue fixed in 1.94.0. SO008
CO030 Tailscale publicly operates a security-bulletin program and incident-disclosure policy, which signals transparency but also underlines that product trust is a core diligence issue. SO007, SO008
CO031 Tailscale maintains a public status page for service health and incidents. SO015
CO032 Series B coverage positioned Tailscale as a simpler alternative to traditional enterprise VPNs by combining zero-trust security with easier deployment on top of WireGuard. SO020, SO021
CO033 Business Wire said Tailscale had experienced 1,200% year-over-year growth and 20% quarter-over-quarter active monthly user growth by the time of the Series B. SO021
CO034 The visible investor base centers on Accel, CRV, Insight Partners, Heavybit, and Uncork, with Amit Kumar the clearest publicly named board-linked investor. SO001, SO004, SO019, SO027
CO035 Official customer stories support a bottom-up adoption pattern in which developers and infrastructure teams adopt Tailscale first to replace painful VPN or remote-access tooling. SO009, SO010, SO011, SO012, SO019
CO036 Tailscale monetizes through freemium and per-user business plans that scale from free personal use to Standard, Premium, and Enterprise tiers. SO002
CO037 The current pricing page prices Standard at $8 per user per month and Premium at $18 per user per month, with Enterprise sold on custom terms. SO002
CO038 Enterprise positioning now explicitly bundles PAM, AI security, CI/CD, Edge and IoT, and Kubernetes connectivity into the broader platform pitch. SO002
CO039 Pennarun told BetaKit after the Series C that Tailscale intended to remain independent and was on a likely IPO track, albeit several years away. SO016
CO040 Tailscale did not publicly disclose ARR in the retained 2025 funding coverage even while describing rapid revenue acceleration and growth above 100% year over year. SO016, SO017
CO041 Instacart said internal support requests related to remote access dropped from 10 per week to nearly zero after switching to Tailscale. SO009
CO042 Hugging Face said Tailscale helped it standardize zero-trust networking across remote employees, multi-cloud infrastructure, and CI/CD workflows. SO010
CO043 Mercury framed Tailscale as a scalable zero-trust replacement for a traditional VPN and linked it to privacy-led security operations as its headcount grew from 240 to more than 1,000. SO011
CO044 Cribl said it grew from about 18 employees to about 550 while keeping Tailscale manageable without a dedicated networking team. SO012
CO045 Tailscale says it works with Latacora for regular security audits alongside code review, static analysis, and dependency scanning. SO007
CO046 The privacy policy describes Tailscale as a simple mesh VPN service in which every connection is encrypted. SO014
CO047 The public GitHub repository reinforces that Tailscale keeps core node software open source and ties its pitch directly to WireGuard and 2FA. SO013
CO048 The Border0 transaction brought founder Andree Toonk into Tailscale as director of engineering. SO006, SO023
CO049 Accel said the customer count was already higher than 10,000 by the April 2025 financing announcement even though no exact updated total was disclosed. SO027
CO050 The cleanest public footprint framing is Toronto-registered and Toronto-described by third parties, but fully remote in day-to-day operating model. SO001, SO018, SO026
CM001 Tailscale describes itself as a zero-trust identity-based connectivity platform that replaces legacy VPN, SASE, and PAM while connecting remote teams, multi-cloud environments, CI/CD pipelines, edge and IoT devices, and AI workloads. SM001
CM002 Tailscale says the platform is ideal for DevOps, IT, and Security teams. SM001
CM003 Tailscale's enterprise page says organizations of all sizes use it to connect employees, devices, and workloads across globally distributed infrastructure with identity-based controls. SM003
CM004 The direct market boundary for Tailscale is identity-first secure connectivity for users, devices, workloads, and infrastructure access; it is narrower than all SASE spending and broader than consumer VPN. SM001, SM003, SM020
CM005 Cloudflare One defines SASE as a cloud security platform that unifies networking with zero-trust security and bundles Access, Tunnel, SWG, RBI, CASB, DLP, and email security. SM020
CM006 MarketsandMarkets defines SASE as SD-WAN plus SSE components including ZTNA, CASB, SWG, and FWaaS, which is broader than a pure identity-first network-access product. SM009
CM007 AWS Verified Access provides secure access to corporate applications and resources without a VPN using user identity and device security posture. SM018
CM008 Microsoft Entra Private Access is sold as part of the broader Entra Suite, illustrating how large incumbents can bundle least-privilege private access into a wider identity contract. SM019
CM009 WireGuard is a fast and simple VPN, but its documentation says key distribution and pushed configurations are out of scope. SM015
CM010 ZeroTier prices an overlay network from home use to enterprise scale and advertises SSO, access control, audit logs, and support for large device counts. SM013
CM011 NetBird sells secure remote access as a legacy-VPN replacement with enterprise SSO, audit logging, device posture, and on-prem deployment options. SM014
CM012 Teleport prices zero-trust access, machine and workload identity, and protected resources separately, making it a PAM and infrastructure-identity substitute rather than a simple VPN alternative. SM016
CM013 Tailscale's enterprise materials emphasize SCIM, ACLs as code, tailnet lock, subnet routers, and SSH, showing that the company competes for identity, policy, and migration-tooling budgets as well as encrypted transport. SM001, SM003
CM014 Grand View Research estimates the global ZTNA market at USD 1.97 billion in 2025 and USD 11.03 billion in 2033, a 24.2% CAGR from 2026 to 2033. SM008
CM015 ORDR's 2026 statistics compilation cites ZTNA at USD 2.95 billion in 2026 and USD 14.74 billion in 2032, a 21.8% CAGR. SM012
CM016 MarketsandMarkets estimates broader SASE at USD 19.19 billion in 2026 and USD 68.06 billion in 2032, a 28.8% CAGR. SM009
CM017 Mordor Intelligence estimates SASE at USD 15.54 billion in 2026 and USD 39.14 billion in 2031, a 20.29% CAGR. SM010
CM018 Global Market Insights estimates SASE at USD 2.8 billion in 2026 and USD 27.5 billion in 2035, a 28.9% CAGR. SM011
CM019 Published 2026 market estimates conflict sharply because narrow ZTNA, narrow SASE, and broader converged-network-security definitions are all reported under similar market labels. SM009, SM010, SM011, SM012
CM020 Tailscale's public pricing uses per-user subscriptions with standard at USD 8 per user per month and premium at USD 18 per user per month, plus custom enterprise pricing. SM002
CM021 Tailscale also meters tagged resources and ephemeral resources, so workload and CI/CD usage create a second monetization lens beyond employee seats. SM002, SM004, SM005
CM022 AWS VPN pricing examples show legacy VPN architectures can stack connection, attachment, accelerator, and egress charges, giving Tailscale a credible ROI narrative against infrastructure-heavy designs. SM017
CM023 MarketsandMarkets says large enterprises account for 58.9% of SASE market share in 2026. SM009
CM024 Mordor says large enterprises contributed 63.14% of 2025 SASE revenue while SMEs are the faster-growth cohort through 2031. SM010
CM025 Grand View says large enterprises held the largest ZTNA revenue share in 2025 while SMEs are the fastest-growing segment. SM008
CM026 Tailscale's packaging and docs show the primary user segments are engineers, IT admins, security teams, and platform operators rather than mass-market end users. SM001, SM002, SM004
CM027 Tailscale's AI and DevOps pages show the user is often an engineer or operator, while the payer becomes a central IT or security buyer when posture, auditability, and support matter more. SM004, SM005, SM003
CM028 Identity-provider integration, SCIM provisioning, access policies, and compliance features imply that budget ownership often shifts from team-level experimentation to security and IT operations once deployments scale. SM001, SM002, SM003
CM029 AWS Verified Access and Cisco Secure Access both place administrators and app owners at the center of policy management, supporting a shared-budget model across security, network, and application teams. SM018, SM023
CM030 Tailscale's plan ladder supports a land-and-expand path from free or self-serve usage into paid team plans and then enterprise contracts. SM002, SM005
CM031 Tailscale docs and enterprise materials emphasize incremental adoption via existing identity providers and subnet routers, which lowers switching friction compared with a full network rip-and-replace. SM001, SM003
CM032 Tailscale's AI page frames AI infrastructure as a first-class use case involving users, LLMs, data, GPUs, and multi-cloud connectivity. SM005
CM033 WorkOS reports that Tailscale's AI gateway differentiates humans, CI bots, and autonomous agents by tailnet identity and tags, making AI-agent governance a concrete product adjacency. SM024
CM034 Remote employees, contractors, and distributed applications remain core to the category because Tailscale docs, AWS Verified Access, and Cisco Secure Access all frame secure access around dispersed users and external collaborators. SM001, SM018, SM023
CM035 Cisco says VPNaaS extends coverage to non-ZTNA-enabled apps, which implies that hybrid workforce use cases still include environments not yet fully redesigned around application-specific zero trust. SM023
CM036 BetaKit reports that Tailscale deliberately pursued a bottom-up go-to-market motion by targeting developers first instead of selling only from the C-suite downward. SM026
CM037 FeaturedCustomers aggregates 24 testimonials, 18 case studies, and a 4.8 out of 5 score across 1,204 ratings for Tailscale, offering broad but vendor-curated public proof of user satisfaction. SM025
CM038 BetaKit says Tailscale had 10,000 paid business customers by January 2025 and that strong demand from AI companies helped fuel that growth. SM026
CM039 The exact share of Tailscale demand attributable to AI or DevOps workloads versus conventional workforce access is not publicly disclosed.
CM040 Grand View attributes ZTNA growth to cloud and SaaS migration, identity-centric security, improved user experience versus traditional VPNs, compliance requirements, third-party access, and convergence with broader SASE architectures. SM008
CM041 MarketsandMarkets says increasing reliance on cloud applications and zero-trust implementation are current SASE demand drivers. SM009
CM042 Global Market Insights says vendor-sprawl reduction, AI-driven threat detection, remote and hybrid work, and continuous authentication are current SASE tailwinds. SM011
CM043 Mordor says sovereign-cloud and data-residency mandates, remote and mobile users, and managed-service packaging accelerate spend, but also highlights latency, scarce architects, egress fees, and proprietary policy languages as real constraints. SM010
CM044 MarketsandMarkets says existing VPN and firewall investments, implementation cost, lack of standardization, and multi-cloud complexity slow adoption. SM009
CM045 Global Market Insights says legacy integration, data privacy concerns, and vendor lock-in remain key SASE adoption frictions. SM011
CM046 Zscaler and Palo Alto both market broader zero-trust or SASE platforms as lower-cost, lower-complexity replacements for multiple point solutions. SM021, SM022
CM047 Cisco integrates SSE with Meraki SD-WAN, VPNaaS, and AI protection, showing how networking incumbents can bundle Tailscale-like access use cases into a wider contract. SM023
CM048 Mordor says managed SASE services and telecom or operator bundles lower adoption friction for mid-market buyers, which can help or hurt standalone vendors depending on channel access. SM010
CM049 The adverse market risk is not lack of demand but that broader-platform incumbents may win the budget by bundling ZTNA, SWG, CASB, SD-WAN, and AI controls into a single contract. SM009, SM021, SM022, SM023
CM050 Another adverse outcome is that some buyers stay on cheaper status-quo substitutes such as self-managed WireGuard, existing AWS VPN, or incumbent-bundled access because Tailscale's control plane is not yet mission-critical for them. SM015, SM017, SM019
CP001 Tailscale positions itself as a secure private identity-based network with flexible topology and streamlined setup rather than as a full SASE suite. SP001
CP002 Tailscale says its peer-to-peer mesh network lets machines connect directly with central coordination, reducing bottlenecks and improving speed and reliability. SP001
CP003 Tailscale says its zero-trust model uses SSO and user-group-based security policies. SP001, SP003
CP004 Tailscale publicly lists a free tier for up to 6 users, paid tiers at $8 and $18 per user per month, and custom enterprise packaging. SP002
CP005 Tailscale also meters tagged resources and ephemeral resource minutes, which makes the pricing model relevant to workload-heavy and CI or AI use cases rather than only named employees. SP002
CP006 Tailscale’s enterprise page centers on SSO, SCIM, provisioning, granular policy, and ACL management as code. SP003
CP007 Tailscale’s strongest differentiation remains executional: a managed identity-first mesh that reduces operational friction for teams that want secure connectivity before they want a whole security-suite redesign. SP001, SP002, SP003
CP008 Cloudflare One describes itself as a unified SASE platform with a single control plane, data plane, and infrastructure layer. SP004
CP009 Cloudflare’s plans and product pages emphasize global-network access, unlimited connectors, and SASE packaging rather than a simple published private-access seat price. SP004, SP008
CP010 Cloudflare Tunnel uses outbound-only connections from customer infrastructure into Cloudflare’s global network and can attach multiple connectors to the same tunnel object. SP005
CP011 Cloudflare One supports multiple identity providers simultaneously and can integrate with generic SAML and OIDC providers, with OTP fallback as another login path. SP006
CP012 The Cloudflare One Client reports device health, enables posture checks, and is also required for Access for Infrastructure with short-lived certificates and detailed audit logging. SP007
CP013 Cloudflare is materially stronger than Tailscale on bundled inline security breadth because its public product and client pages combine ZTNA with SWG, CASB, FWaaS, DLP, RBI, posture, and infrastructure audit features. SP004, SP006, SP007, SP008
CP014 Cloudflare’s delivery model is edge- and connector-centric rather than peer-to-peer mesh-centric, which changes both latency profile and deployment ergonomics versus Tailscale. SP001, SP005, SP007
CP015 Zscaler Private Access is marketed as unified secure access for private apps, workloads, and OT. SP009
CP016 Zscaler says ZPA provides full inline inspection of private app traffic, Layer 7 inspection, DLP, and browser isolation within a cloud-native proxy architecture. SP009
CP017 Zscaler fits buyers prioritizing inspection and private-app protection over minimal network abstraction, but its public packaging is harder to map directly onto Tailscale’s simple seat model. SP009, SP011
CP018 Zscaler’s retained public pricing page exposes broader module plans rather than a clean ZPA-only list price. SP011
CP019 Prisma Access and Prisma SASE publicly combine ZTNA with SWG, CASB, and broader cloud-native network-security controls. SP012, SP013
CP020 Prisma Access docs frame the service as globally delivered security for remote networks and mobile users so customers do not have to size and deploy branch firewalls or collocation appliances themselves. SP014
CP021 Prisma Access docs also show connector-led extension into the rest of the Palo stack, including NGFW Connector and ZTNA Connector support. SP014
CP022 Palo Alto is strongest where buyers already trust the wider Palo network-security platform and want broad data and threat controls, not just easier connectivity. SP012, SP013, SP014
CP023 Cisco Secure Access markets multiple ZTNA traffic-routing and policy-enforcement options, including client and clientless methods plus VPNaaS for apps that are not ZTNA-enabled. SP015
CP024 Cisco Secure Access also extends beyond private access into SaaS and internet protection and advertises inline runtime monitoring and semantic inspection for agent interactions. SP015
CP025 Duo’s product story is centered on phishing-resistant MFA, SSO, and broad integration with existing enterprise identity environments. SP016, SP018
CP026 Duo publishes public tiers at $0, $3, $6, and $9 per user per month, with higher plans adding passwordless access, identity intelligence, and deeper device-trust controls. SP017
CP027 Cisco and Duo are strongest when the buying center is already committed to Cisco identity or networking, but they are less clearly optimized than Tailscale for developer-led network-access rollout. SP015, SP016, SP017
CP028 ZeroTier’s public pricing page uses a device- and network-oriented matrix rather than a classic per-user SaaS access contract and exposes features such as SSO, access control, ReBAC, audit logs, and local logging across plans. SP019
CP029 ZeroTier documentation frames the product as a LAN-like network that can connect devices anywhere in the world. SP020
CP030 ZeroTier is a credible overlay substitute for network reachability, but its public pricing and packaging are not as naturally aligned to identity-first secure-access procurement as Tailscale’s. SP019, SP020
CP031 NetBird publicly prices a free tier up to 5 users, a Team tier at $5 per user per month, and a Business tier at $10 per user per month, while adding enterprise IdP, SCIM, and audit logging in paid tiers. SP021
CP032 NetBird documentation says the product is open source and can be self-hosted on customer servers with a public domain, a VM, and reverse-proxy options. SP022, SP023
CP033 NetBird’s advanced documentation supports integrating existing IdPs or self-hosted IdPs and describes the operational details required to run the platform yourself. SP023, SP024
CP034 NetBird’s GitHub repository describes a WireGuard-based overlay with SSO, MFA, granular access controls, IdP integrations, and activity logging. SP025
CP035 NetBird is the most direct low-end and self-hosted competitive threat to Tailscale because it promises much of the same modern-VPN story while leaving buyers more control over hosting and identity plumbing. SP021, SP022, SP023, SP025
CP036 Nebula’s repository describes a mutually authenticated peer-to-peer software-defined network based on the Noise Protocol Framework, with certificates, groups, and UDP hole punching. SP026
CP037 Nebula expects operators to manage PKI and lighthouses unless they purchase a managed option elsewhere, which makes it credible but operationally heavy versus Tailscale SaaS. SP026
CP038 Nebula is a real substitute for expert infrastructure teams that value control and performance, but it is materially less turnkey and less identity-native than Tailscale. SP026
CP039 Teleport’s pricing page says the commercial platform is billed on monthly active users, machine or workload identities, and protected resources, and supports cloud, on-premises, hybrid, edge, and other deployment modes. SP027
CP040 Teleport says Community Edition is open source and free of charge for smaller companies below stated employee and revenue thresholds. SP027
CP041 Teleport’s docs and community deployment guide emphasize an auth service acting as certificate authority, a proxy service, session recording, audit events, SSO integration, and structured audit export. SP028, SP029
CP042 Teleport’s GitHub repository describes an identity-aware access proxy that issues short-lived certificates and provides audited access across SSH, Kubernetes, databases, and other infrastructure. SP031
CP043 Teleport is stronger than Tailscale on privileged-session governance and audited infrastructure access, but it is narrower than Tailscale as a general mesh-connectivity product. SP027, SP028, SP029, SP031
CP044 SiliconANGLE reported that Tailscale launched Aperture in open alpha in 2026 to add centralized policy control and auditability for AI agents and hosted or self-hosted AI endpoints. SP032
CP045 BetaKit reported that Border0 adds deeper application-layer access and authorization, protocol-aware controls, session visibility, and approval workflows to Tailscale’s existing foundation. SP033
CP046 Tailscale’s 2026 Aperture and Border0 moves reduce two visible adjacency gaps—AI governance and PAM—but also move the company into more direct competition with Teleport and larger suite vendors. SP032, SP033, SP004, SP015, SP031
CP047 Buyers with strong inspection, compliance, or consolidation requirements can still prefer Cloudflare, Zscaler, Palo Alto, or Cisco over Tailscale today. SP004, SP009, SP012, SP015
CP048 Buyers prioritizing fast rollout, lower bottleneck risk, and developer-friendly connectivity are more likely to prefer Tailscale than the proxy-heavy suite vendors. SP001, SP002, SP003, SP004, SP009, SP012, SP015
CP049 Self-hosted and open-source alternatives such as NetBird, Nebula, Teleport Community, and ZeroTier keep basic secure-connectivity features from becoming a structurally protected moat for Tailscale. SP019, SP021, SP022, SP026, SP027, SP029
CP050 Traditional VPN or internal-build approaches remain credible substitutes for narrow access problems, which limits how much of Tailscale’s value is inherently proprietary. SP001, SP020, SP022, SP026
CP051 Switching costs favor incumbents when private access is bundled into larger identity, network, or data-security contracts rather than bought as a standalone tool. SP004, SP012, SP015, SP016
CP052 Cloudflare’s product pages explicitly promise one-price global access and unlimited connectors, which helps it compete on total-platform economics rather than only on access features. SP004, SP008
CP053 Cisco’s public packaging shows that Duo is list-priced while Secure Access is not, reinforcing the idea that the broader Cisco access story is sold through account control and negotiated bundle structure. SP015, SP017
CP054 The competitor landscape is best understood as a layered field of direct overlays, suite incumbents, adjacent PAM tools, and status-quo substitutes rather than as one homogeneous “ZTNA market.” SP001, SP004, SP009, SP012, SP015, SP021, SP026, SP031
CP055 Tailscale’s moat is currently more experiential than structural: it depends on staying simpler and faster than suites while staying more polished and commercially complete than open-source substitutes. SP001, SP003, SP021, SP026, SP031, SP032, SP033
CI001 Tailscale's Personal plan is free for up to six users. SI001
CI002 Tailscale's Standard plan lists at $8 per user per month. SI001
CI003 Tailscale's Premium plan lists at $18 per user per month. SI001
CI004 Standard accounts include 50 tagged resources and additional tagged resources cost $1 per month each. SI001
CI005 Standard plans include 1,000 ephemeral-resource minutes per month while Premium includes 10,000. SI001
CI006 Tailscale's Enterprise tier is custom-priced rather than publicly listed. SI001
CI007 Tailscale explicitly frames its pricing as seat-based while also metering certain non-human resources. SI001
CI008 Tailscale said it built a bottom-up self-service payment motion in 2020 after initially taking annual invoices from its earliest customers. SI005
CI009 Tailscale described one early enterprise rollout that started at 100 seats, expanded to 1,000, and then scaled past 10,000 seats. SI005
CI010 Tailscale said it passed 5,000 paying customers by 2024 and that more than half were added in the preceding 12 months. SI005
CI011 Tailscale said over 30,000 companies use the product. SI006
CI012 Tailscale's official customer surfaces and field posts show enterprise use across companies such as Instacart, Airbus, and Cribl. SI006, SI007, SI010
CI013 Instacart said engineers had been losing up to 20 minutes per day to legacy VPN friction before switching to Tailscale. SI006, SI012
CI014 Instacart said internal support requests fell from 10 per week to nearly zero after adopting Tailscale. SI006, SI012
CI015 Positron said Tailscale saves about an hour per onboarded prospect and helps power a try-before-you-buy managed inference offer. SI011
CI016 Tailscale raised a $160 million Series C in April 2025 led by Accel with CRV, Insight Partners, Heavybit, and Uncork participating. SI002, SI017, SI019
CI017 Management said the Series C was raised despite already having a long runway because opportunity was accelerating. SI002, SI017
CI018 Tailscale said the 2025 funding would grow engineering and product teams, open more markets, and fund free-support and backward-compatibility commitments. SI002, SI019
CI019 BetaKit and Proactive both reported a post-money valuation around $1.45-1.5 billion for the Series C. SI017, SI020
CI020 BetaKit reported that Tailscale hit 10,000 paid business clients by January 2025 after doubling in 10 months. SI017, SI019
CI021 BetaKit reported that paid business clients increased another 20% after January 2025. SI017
CI022 BetaKit reported that Tailscale had 150 employees after the Series C. SI017
CI023 Tailscale raised a $100 million Series B in May 2022 led by CRV and Insight Partners, with Accel, Heavybit, and Uncork also participating. SI003, SI018
CI024 The Series B announcement claimed 1,200% year-over-year growth and 20% quarter-over-quarter active-user growth at that time. SI018
CI025 The Series B announcement said the capital would scale product-led growth, go-to-market, and partner initiatives. SI018
CI026 Corporations Canada lists Tailscale as a non-distributing corporation with 50 or fewer shareholders and shows the 2026 annual filing as filed. SI025
CI027 Corporations Canada said there were no individuals with significant control disclosed as of 2026-04-15. SI025
CI028 Corporations Canada lists Tailscale's registered office at First Canadian Place in Toronto. SI025
CI029 Tracxn says Tailscale has raised about $275 million over four rounds, with the latest $160 million Series C on 2025-04-08. SI023
CI030 GetLatka estimates that Tailscale reached roughly $45.2 million of 2025 revenue, but the company itself has not publicly confirmed that number. SI022
CI031 GetLatka's estimate of about 250 employees by late 2025 or 2026 conflicts with BetaKit's 150-employee figure from April 2025. SI017, SI022
CI032 The Greenhouse board showed at least 25 open roles across support, product, engineering, security, marketing, sales, and procurement on 2026-05-21. SI024
CI033 Tailscale's careers surfaces describe a fully remote team in the United States, Canada, and the United Kingdom, plus active roles in Singapore and hybrid offices in Denver, Vancouver, and Toronto. SI004, SI024
CI034 Tailscale says its coordination service exchanges keys and metadata while user traffic stays end-to-end encrypted and point-to-point. SI014
CI035 Tailscale says the network can remain available even if the coordination server is unavailable and that DERP regions fail over independently. SI014
CI036 Tailscale's peer-relay documentation says peer relays are tried before DERP and are meant to deliver lower latency and higher throughput for heavy traffic. SI014, SI015
CI037 Tailscale's 2026 TEI summary, based on a commissioned Forrester model, claimed 213% ROI with payback in under six months for a 3,000-employee composite enterprise. SI008, SI009
CI038 The same TEI summary claimed $1.2 million of present-value savings from retiring legacy access infrastructure, plus $282 thousand of IT-efficiency benefits and $734 thousand of productivity benefits. SI008
CI039 Tailscale publicly disclosed two notable 2026 vulnerabilities: TS-2026-001 and TS-2026-002. SI013
CI040 TS-2026-001 affected certain managed macOS deployments and allowed arbitrary command execution with elevated privileges before version 1.94.0. SI013
CI041 TS-2026-002 allowed a malicious tailnet node to clear exit-node and route settings on affected nodes before version 1.98.0. SI013
CI042 Tailscale maintains a public status page and an incident-disclosure posture, which improves trust but also makes support and remediation visible operating obligations. SI013, SI016
CI043 No retained official source publicly disclosed ARR, revenue, gross margin, cash on hand, burn, runway months, or NRR, and BetaKit explicitly said ARR was undisclosed. SI001, SI002, SI008, SI017
CI044 BetaKit reported management's view that Tailscale could become cash-flow positive without additional financing and later described the business model as efficient with long runway. SI017
CI045 PYMNTS reported that Tailscale acquired Border0 in March 2026 to add privileged access management and session-visibility capabilities. SI021
CI046 The Border0 team joined Tailscale, including former Border0 CEO Andree Toonk as director of engineering. SI021
CI047 Tailscale's monetization architecture is transparent at list-price level but opaque on enterprise realization, discounts, and contract mix. SI001, SI005, SI017
CI048 Public evidence supports strong product-led demand and expansion potential, but absent margin, burn, and retention data still prevents a fully underwritten financial model. SI005, SI006, SI017, SI022
CI049 Tailscale said hundreds of thousands of monthly active users still use its free personal offering. SI005
CI050 Tailscale's field posts frame common adoption triggers as unhappy VPN users, compliance audits, scaling events, migrations, and new launches, which is consistent with a horizontal PLG-to-enterprise motion. SI006, SI007
CI051 No retained public source disclosed debt facilities, project finance, or inventory financing, and the public capital discussion centers on equity rounds plus software-team expansion. SI002, SI017, SI021, SI025
CE001 Tailscale's docs describe the company as an identity-based connectivity platform for remote teams, multi-cloud environments, CI/CD pipelines, edge and IoT devices, and AI workloads. SE001
CE002 Tailscale defines a tailnet as a private, secure collection of users, devices, and resources that is inaccessible from the public internet. SE004
CE003 Tailscale says its device-to-device connections use WireGuard for end-to-end encryption. SE001, SE002, SE021
CE004 WireGuard's protocol uses the Noise_IK handshake over UDP and rotates session keys to provide forward secrecy. SE031
CE005 Tailscale says authenticated devices can usually connect across NAT and firewalls without manual port forwarding or complex firewall rules. SE001
CE006 Tailscale positions direct peer-to-peer paths as lower-latency and less bottleneck-prone than centralized VPN gateways. SE001
CE007 Tailscale can emulate a traditional full-tunnel VPN by routing traffic through an exit node. SE001, SE010
CE008 Tailscale says its coordination service exchanges public keys and metadata while private keys remain on the local device. SE003, SE021
CE009 The tailnet policy file centrally manages ACLs, grants, tags, groups, IP sets, posture rules, SSH rules, auto-approvers, and DERP-map settings. SE005
CE010 Tailscale says grants are deny-by-default like ACLs but extend policy to application-layer capabilities, while ACLs remain network-layer only and are no longer the path for new features. SE006
CE011 Tailnets assign devices Tailscale IP addresses in the CGNAT range and DNS names used for features such as MagicDNS and HTTPS. SE004
CE012 Tailscale SSH intercepts tailnet-originated port 22 traffic and uses Tailscale identities and node keys instead of distributing user-managed SSH keys. SE007
CE013 Tailscale SSH supports check-mode reauthentication, session recording, and policy-based revocation, but its server component is limited to Linux and the open-source macOS variant. SE007
CE014 Tailscale's Kubernetes Operator is generally available, and the GA announcement says thousands of organizations have already adopted it, including in production. SE027
CE015 Tailscale says its Kubernetes API server proxy routes cluster access over private Tailscale connectivity without requiring a public API endpoint or separate cluster credentials. SE008, SE027
CE016 The Kubernetes Connector CRD can host subnet routers, exit nodes, app connectors, and SSH session recorder nodes inside a cluster. SE008, SE027
CE017 Subnet routers extend a tailnet to devices and networks that cannot run the Tailscale client, but Tailscale says direct client installation still provides the best security and performance. SE009
CE018 Subnet routers use route advertisement and approval, default to source NAT, and support high-availability patterns, which adds gateway-management overhead absent from direct mesh peers. SE009
CE019 Exit nodes route default internet traffic through a selected device, making Tailscale behave like a typical VPN for public traffic rather than only overlay traffic. SE010
CE020 Exit node destination logging is only available on Premium and Enterprise plans and requires log streaming, while Android exit nodes are described as userspace and not performant for most cases. SE010, SE014
CE021 Serve keeps services private to the tailnet and can inject identity and app-capability headers, whereas Funnel exposes a local service to the public internet through relay servers and a TCP proxy. SE011, SE012
CE022 Funnel docs still label the feature beta and note TLS-only operation, fixed ports, and non-configurable bandwidth limits. SE011
CE023 Tailscale's April 2026 pricing update moved self-serve business plans from usage-based billing to predictable seat-based pricing and added more self-serve features such as SCIM, device posture, user-management APIs, and webhooks. SE019, SE020
CE024 The pricing page lists Personal free up to six users, Standard at $8 per user per month, Premium at $18 per user per month, enterprise custom pricing, and separate tagged-resource and ephemeral-resource allowances. SE020
CE025 The pricing page shows Tailscale's current platform surface extending beyond VPN replacement into SSH, Kubernetes ingress and egress, Funnel, Aperture, device posture, logging, CI/CD, and workload connectivity. SE020
CE026 Device posture combines default host and Tailscale-version attributes with optional geolocation, custom attributes, and third-party MDM or EDR integrations to gate access. SE013, SE005
CE027 Tailscale documents central log collection for agents, network flow logs without traffic contents, configuration audit logs, and SIEM log streaming. SE014, SE026
CE028 Configuration audit logs are generally available, enabled by default, and exposed in both the admin console and the API. SE014, SE026
CE029 Tailscale's security page says the service offers SSO and MFA inheritance, directional default-deny ACLs, multiple admin roles, Tailnet Lock, and SOC 2 Type II certification. SE021
CE030 Tailnet Lock is designed to reduce trust in the coordination service by requiring node keys to be signed by trusted nodes before peers accept them. SE021, SE022
CE031 Tailscale says DERP servers negotiate connections and then relay traffic only when direct paths and peer relays are unavailable. SE003
CE032 Tailscale says DERP relays blindly forward already encrypted WireGuard packets and cannot decrypt customer traffic. SE003, SE021
CE033 Tailscale publishes DERP regions across North America, Europe, Asia, Africa, South America, and the Middle East, with most regions having at least three servers. SE003
CE034 Tailscale says existing point-to-point connectivity can continue if the coordination service is unavailable, but new administrative changes and some relay optimizations still depend on the control plane. SE003, SE021
CE035 Running a custom DERP server is an advanced operation that sacrifices some control-plane optimizations and certain cross-tailnet features. SE003
CE036 Tailscale's Border0 announcement says the company is expanding from network reachability toward protocol-aware controls, session visibility, approval workflows, and deeper privileged access management. SE017, SE018
CE037 Border0's FAQ says current workflows include SSH and Kubernetes access, RDP and VNC, database controls, session recording, and command or query visibility, but native Tailscale convergence is still described as something that will come over time. SE017
CE038 Independent coverage describes Border0 as adding application-layer access and authorization on top of Tailscale's network-layer identity and connectivity foundation. SE033, SE034
CE039 Aperture routes AI requests through a Tailscale-authenticated gateway instead of distributing provider API keys across laptops, CI, and agent runtimes. SE015, SE028
CE040 Aperture supports major hosted model APIs including OpenAI, Anthropic, Gemini, OpenRouter, Bedrock, and Vertex AI. SE015
CE041 Aperture guardrails are synchronous pre-request hooks that can allow, block, or modify requests, but the default hook failure mode is fail_open unless an admin switches it to fail_closed. SE016
CE042 Official Aperture surfaces still present the product as pre-GA and experimental rather than generally available. SE015, SE028
CE043 SiliconANGLE reported that Aperture launched with partners including Oso, Cerbos, Apollo Research, and Cribl and with support for coding agents such as Claude Code, Codex, and Gemini CLI. SE032
CE044 The GitHub repository contains most of Tailscale's open-source code, including tailscaled and the CLI, but excludes some GUI wrappers and the mobile GUI code. SE029
CE045 GitHub releases show active shipping cadence through 2026-05-18 with v1.98.2, following v1.96.x in March and v1.94.x in January and February. SE025, SE030
CE046 TS-2026-002 fixed a bug that let a malicious tailnet node with web-interface access clear exit-node and subnet-route settings on another node despite missing grants. SE022
CE047 TS-2026-001 fixed a privilege-escalation flaw in the macOS tssentineld service used for AlwaysOn MDM deployments. SE022
CE048 Tailscale's incident-disclosure policy says both client software and managed backend infrastructure are in scope and that public bulletins are issued when user action is needed or the company cannot confirm that no users were affected. SE023
CE049 StatusGator reported Tailscale was operational on 2026-05-21 and listed the last officially acknowledged outage as 2026-05-08. SE035
CE050 OpenCVE and NVD still list older Tailscale issues, including the FreeBSD Tailscale SSH privilege bug CVE-2023-28436, showing that platform-specific flaws have existed in the product surface. SE036, SE037, SE038
CE051 Because Tailscale encrypts traffic end to end and avoids vendor-side decryption even on DERP, it does not natively provide the full SWG, CASB, or DLP inspection stack typical of heavier SSE or SASE suites. SE006, SE021, SE020
CE052 Tailscale's strength over legacy VPNs is that the vendor cloud is usually a coordination plane rather than the normal packet path, but the architecture still depends on control-plane correctness, relay availability for hard-NAT scenarios, and customer-managed gateway nodes for some workflows. SE003, SE009, SE010, SE021
CE053 Peer relays can offer lower latency and lower egress cost than DERP, but customers must provision appropriate tailnet devices to use them. SE003
CE054 Serve identity and app-capability headers are only available for tailnet traffic, while Funnel traffic is public and does not carry those identity headers. SE011, SE012
CE055 The current release and bulletin trail shows Tailscale shipping quickly, but it also means buyers in sensitive environments need disciplined upgrade processes to avoid web-interface, SSH, or client-specific exposure. SE022, SE025, SE030
CU001 Tailscale offers a Personal plan at $0 for up to 6 users, Standard at $8 per user per month, Premium at $18 per user per month, and Enterprise custom pricing. SU002
CU002 Current commercial packaging targets engineers, IT, security, and home users while bundling infrastructure, developer, AI, edge and IoT, and PAM-adjacent workflows into paid plans. SU002, SU005
CU003 Tailscale explicitly frames adoption as a bring-to-work motion in which personal or small-team use can expand into broader company rollout with vendor help. SU003
CU004 The Startups Program gives accepted early-stage companies a full year of the business plan at no cost, showing deliberate seeding of startup buyers before enterprise-scale spend. SU004
CU005 Tailscale says organizations of all sizes use its platform to connect employees, devices, and workloads across globally distributed infrastructure. SU005
CU006 BetaKit reports that Tailscale took more than four years to reach 5,000 paid business customers, a milestone it hit in March 2024. SU006
CU007 BetaKit then reports that Tailscale reached 10,000 paid business customers ten months later and still had hundreds of thousands of personal users. SU006
CU008 The University of Waterloo reports that Tailscale serves over 10,000 clients, saw business clients rise 20% since January, and had year-over-year revenue growth above 100 percent. SU007
CU009 Independent 2026 coverage links recent customer momentum to AI demand and names Mistral, Hugging Face, Cohere, and Perplexity as customers. SU006, SU007
CU010 Hugging Face is an AI and open-source platform that currently hosts over 1 million public and private models. SU010, SU011
CU011 Hugging Face says it standardized on Tailscale for secure remote access, tied it to Okta and SCIM, and saved tens of hours a month while simplifying least-privilege access. SU010
CU012 Instacart is a large grocery-technology platform working with more than 1,000 retail banners, over 75,000 stores, and more than 13,000 cities in North America. SU012, SU013
CU013 Instacart replaced eight separate VPNs and had Tailscale working across GCP, AWS, and multiple environments in less than a day before expanding into split DNS, subnet routers, and HIPAA-sensitive workflows. SU012
CU014 Cribl is an IT and security telemetry vendor whose public site says it serves 50 percent of the Fortune 100. SU014, SU015
CU015 Cribl says it adopted Tailscale in 2020 and later scaled from about 18 people to about 550 employees while keeping remote access workable for nontechnical staff. SU014
CU016 Mercury says it is software-led banking for entrepreneurs and that it now has more than 1,000 employees. SU016, SU017
CU017 Mercury says it built a company-wide tailnet within days and expanded usage with subnet routers and NixOS-friendly workflows as the company grew from 240 people to more than 1,000. SU016
CU018 Abilene Christian University is a higher-education institution with nearly 7,000 students and 1,200 employees. SU018, SU019
CU019 ACU says Tailscale is used mainly by faculty and staff for ERP and campus-resource access with granular port-level controls and stronger encrypted remote access than the previous VPN. SU018
CU020 The Linux Foundation says it supports over 13,000 developers and used Tailscale to fully replace OpenVPN certificate-management overhead. SU020, SU021
CU021 VersaBank is a branchless digital bank that chose Tailscale for secure, software-only remote access with easier ACL administration and compatibility with its authentication stack. SU022, SU023
CU022 Loft Orbital sells space infrastructure to companies, governments, and institutions and says its workforce has grown to about 300 people worldwide. SU024, SU025
CU023 Loft Orbital says unreliable VPN software created disconnections and support tickets and that Tailscale became the more reliable access layer for its distributed staff. SU024
CU024 Vanta says it has more than 1,000 employees and 16,000-plus customers in compliance workflows. SU026, SU027
CU025 Vanta says previous VPN tools took roughly 50 percent more effort to use and that GitHub Codespaces compatibility was an important reason to choose Tailscale. SU026
CU026 Netcraft says that moving beyond a mostly engineer-only workforce made certificate-heavy OpenVPN onboarding too cumbersome, strengthening the case for Tailscale. SU028, SU029
CU027 Mercari says it has more than 20 million monthly active users and adopted Tailscale to cut daily VPN troubleshooting for QA, engineering, and GitHub Actions-connected development workflows. SU030, SU031
CU028 DEEL Media says its signage business spans thousands of IoT devices and tens of thousands of screens across three continents and that Tailscale enabled plug-and-play just-in-time support access. SU032
CU029 Yugabyte says roughly 30 support and field-engineering staff share Tailscale-based environments for debugging, demos, and customer reproduction work, showing developer-centric adoption beyond generic employee VPN access. SU033, SU034
CU030 Across the named case studies, the initial champion is usually an engineer, IT admin, or security lead, while the daily users broaden into employees, faculty, support staff, or field engineers after rollout. SU010, SU012, SU014, SU016, SU018, SU020, SU022, SU024, SU026, SU028, SU030, SU032, SU033
CU031 The common trigger to replace a legacy VPN is operational pain such as multiple VPNs, certificate management, poor user experience, reconnect friction, or support overhead rather than purely abstract zero-trust branding. SU012, SU014, SU018, SU020, SU022, SU024, SU026, SU028, SU030, SU032, SU033
CU032 The public expansion pattern usually starts with remote access and then grows into adjacent workflows such as subnet routers, split DNS, SCIM or SSO, ACL segmentation, Codespaces, CI/CD, or field-device support. SU010, SU012, SU016, SU018, SU026, SU030, SU032, SU033
CU033 Public named customer proof spans AI and open source, commerce, security and compliance, fintech, higher education, nonprofit infrastructure, field IoT, developer infrastructure, and public-sector-adjacent aerospace. SU010, SU012, SU014, SU016, SU018, SU020, SU022, SU024, SU026, SU028, SU030, SU032, SU033
CU034 Tailscale’s public materials show a broad self-serve entry path with a free personal tier, startup incentive, and bring-to-work motion, but they do not reveal how many users convert into paid team deployments. SU002, SU003, SU004, SU006
CU035 Public sources reviewed in this run do not disclose NRR, GRR, logo churn, renewal rate, or contract length for the customer base. SU002, SU006, SU007
CU036 PeerSpot reviews are positive on ease of use, security, free-tier value, and support responsiveness, but they also cite multiple-account login issues on Mac and friction when switching between tailnets. SU008
CU037 Trustpilot shows a 4.3 out of 5 rating from 14 reviews, with strong praise for the free tier and ease of use but at least one complaint that the documentation lacks detail. SU009
CU038 The public complaint signal in this run is usability- and documentation-oriented rather than evidence of broad deployment failure or high-profile churn. SU008, SU009
CU039 AI exposure is clearly a growth strength for Tailscale, but the public record still does not quantify what share of revenue or customer additions comes from AI startups versus the rest of the base. SU006, SU007
CU040 Public customer proof is strongest on production use cases and operator quotes but much weaker on procurement economics such as annual contract value, renewal quality, and expansion rates. SU010, SU012, SU014, SU016, SU018, SU020, SU022, SU024, SU026, SU028, SU030, SU032, SU033
CU041 With more than 10,000 paid business customers ranging from small firms to Fortune 500 companies, concentration risk is plausible, but public sources do not disclose top-customer exposure or segment revenue share. SU006, SU007
CU042 The overall go-to-market still looks developer-led and product-led even as enterprise support increases, because official rollout pages and independent coverage both emphasize free entry, easy pilots, and product-led growth. SU003, SU004, SU006
CU043 In the public source set reviewed for this run, the closest institutional proof is higher education, nonprofit infrastructure, and government-adjacent aerospace rather than a named government-agency deployment. SU018, SU020, SU024
CR001 Tailscale says it does not and cannot inspect customer traffic because the service keeps traffic end-to-end encrypted and point-to-point. SR001, SR011
CR002 Tailscale says existing peer-to-peer connectivity can survive coordination-server outages, but onboarding, administrative changes, and peer discovery still depend on the coordination service. SR001
CR003 Tailscale relies on the customer's existing identity provider for authentication and MFA context. SR001, SR010
CR004 Tailscale's terms make the customer responsible for maintaining its own identity provider, client endpoints, internet connectivity, updates, and tailnet configuration. SR010
CR005 Tailscale's DERP documentation says DERP is a fallback for cases where direct connectivity and peer relays are unavailable and that heavy DERP usage usually means worse performance than direct paths. SR014
CR006 Tailscale says running custom DERP is an advanced operation that requires direct internet reachability, open ports, ongoing updates, and significant operator effort. SR014
CR007 Tailnet Lock is not enabled by default and exists because customers otherwise must trust Tailscale's control plane to admit the right nodes into a tailnet. SR015
CR008 Tailnet Lock materially reduces trust in the coordination plane after initialization, but it still uses trust-on-first-use and requires safely stored disablement secrets and signing-node operations. SR015
CR009 Tailscale disclosed TS-2026-002, where a malicious tailnet node with port-5252 access could clear exit-node and subnet-route settings on peers running the web interface until affected versions were patched. SR002
CR010 Tailscale disclosed TS-2026-001, where certain macOS AlwaysOn MDM deployments could allow elevated command execution before fixed versions were deployed. SR002
CR011 Tailscale disclosed TS-2025-008, where some Tailnet Lock deployments without a state directory could fail to enforce signing checks until version 1.90.8. SR002, SR015
CR012 NVD and CVE records show older Tailscale SSH and local-API vulnerabilities, demonstrating that platform-specific security edge cases have existed outside the newest 2026 disclosures. SR016, SR017
CR013 Independent outage tracker IsDown recorded multiple 2026 incidents affecting coordination, login, admin console, Funnel, logging, and billing-related workflows. SR004, SR018
CR014 StatusGator independently logged repeated February 2026 incidents touching Funnel, coordination, certificate issuance, and the admin console, with official acknowledgement timestamps. SR019
CR015 Tailscale publishes a free personal tier, standard at $8 per user per month, premium at $18 per user per month, and enterprise custom pricing. SR005
CR016 Tailscale's pricing page also meters tagged resources and ephemeral resources separately, adding budget complexity beyond a pure seat-based model. SR005
CR017 Cloudflare One markets a unified SASE platform with AI governance, DLP, browser isolation, global network delivery, and unlimited software connectors. SR020
CR018 Zscaler markets full TLS and SSL inspection, DLP, real-time policy enforcement, and a proxy architecture spanning users, workloads, IoT/OT, and B2B partners. SR021
CR019 Prisma Access markets inline threat prevention, SWG, CASB, RBI, FWaaS, unified-agent delivery, and uptime or performance SLAs for enterprise access. SR022
CR020 Prisma Access Private App Security explicitly sells SASE-native inspection of private-app traffic with AI-powered policy recommendations. SR023
CR021 Cisco Secure Access packages ZTNA, SaaS and internet protection, AI-app controls, identity defenses, experience monitoring, and VPNaaS in one platform story. SR024
CR022 NetBird says it is open source, can be self-hosted, and uses direct WireGuard tunnels without a centralized VPN server. SR025
CR023 NetBird publishes lower starting list prices than Tailscale and advertises on-premise installation, SLAs, and DORA compliance for enterprise buyers. SR026
CR024 ZeroTier publishes device-scale pricing from small to very large deployments, preserving a lower-end alternative for buyers who want overlay networking more than identity-first governance. SR027
CR025 Teleport offers self-hosted deployment modes, a community edition, session recording, moderation, audit export, and broader privileged-infrastructure controls than Tailscale's original connectivity wedge. SR028, SR029
CR026 Because Tailscale explicitly says it cannot inspect traffic, inspection-heavy buyers will often still need complementary SSE or security tooling even when Tailscale wins the connectivity layer. SR001, SR020, SR021, SR022, SR024
CR027 BetaKit reported that Tailscale crossed 10,000 paid business customers after doubling from 5,000 in ten months while still serving hundreds of thousands of personal users. SR008
CR028 BetaKit reported that after the Series C the company had seen another 20 percent increase in paid business customers since January and that AI demand was an important growth driver. SR007
CR029 Official and independent coverage repeatedly identify AI customers such as Perplexity, Mistral, Cohere, Groq, and Hugging Face, implying AI is a material but still unquantified demand vector for Tailscale. SR006, SR007, SR032
CR030 Neither Tailscale's public pricing page nor its public financing posts disclose free-to-paid conversion, NRR, GRR, churn, or segment-level retention metrics. SR005, SR006, SR007
CR031 BankInfoSecurity reported that Tailscale is adapting the product for larger, multi-domain enterprise environments rather than launching wholly separate product lines. SR032
CR032 The same BankInfoSecurity interview quotes Avery Pennarun saying bigger customers keep pulling Tailscale in new and improved directions, which is direct evidence of scope-control risk during upmarket expansion. SR032
CR033 Tailscale's Border0 FAQ says deeper privileged-access capabilities will come together over time and were not yet fully native inside Tailscale at announcement time. SR031
CR034 The Border0 acquisition broadens Tailscale into session visibility, database controls, RDP and VNC workflows, and PAM-style approvals, increasing execution risk relative to the original secure-connectivity wedge. SR030, SR031
CR035 Tailscale's April 2025 Series C raised $160 million and took total disclosed funding past $275 million, giving the company capital to prioritize expansion over near-term profitability. SR006, SR007, SR032
CR036 Independent coverage from BetaKit and BankInfoSecurity both place Tailscale's 2025 post-money valuation around $1.45 billion USD, with BetaKit also framing it as about $2 billion CAD. SR007, SR032
CR037 Tailscale remains a private company that publicly withholds current ARR, margin, profitability, and retention detail despite presenting a strong growth narrative. SR007, SR008, SR032
CR038 Tailscale's About page says the company is fully remote and explicitly prefers small teams, a model that can support capital efficiency but also increases dependence on coordination quality as the company scales. SR009
CR039 The published About page still centers Avery Pennarun heavily in the board and public company story, while the disclosed board and technical advisory structure remains compact. SR009
CR040 Tailscale's DPA says customers are responsible for determining whether the service meets their own legal and regulatory obligations and that Tailscale does not independently assess that fit for them. SR012
CR041 Tailscale's legal stack commits to breach notice, public-authority transparency efforts, subprocessors governance, and cross-border processing controls, but those same documents confirm that customer data can be processed across multiple jurisdictions and service providers. SR011, SR012, SR013
CR042 The DORA addendum positions Tailscale as an ICT third-party service provider for regulated customers, offering audit, cooperation, incident-assistance, and termination mechanics if regulators cannot supervise effectively. SR013
CR043 Tailscale's self-serve terms include arbitration and class-action-waiver language, underscoring a contractual posture designed for SaaS scale rather than for full public-company style risk disclosure. SR010
CR044 Public headcount references vary across 2025 reporting, with BetaKit citing 150 employees after the Series C and BankInfoSecurity citing 177, which underlines the limits of standardized public disclosure for a private company. SR007, SR032
CR045 BetaKit reported that Tailscale planned to add engineering, sales, marketing, and operations roles including London hiring for 24/7 global coverage, showing both expansion ambition and operating-footprint complexity. SR008
CR046 The most useful thesis-break indicators after 2026-05-21 are coordination-plane reliability, security patch cadence, enterprise-scope creep, customer concentration disclosure, and whether management opens up retention and margin evidence. SR002, SR018, SR032
CR047 The strongest public synthesis is that Tailscale's risk profile is shaped less by a single fatal flaw than by simultaneous pressure from suite vendors above, self-hosted alternatives below, and limited visibility into the durability of the current growth mix. SR001, SR020, SR021, SR025, SR032
CV001 Tailscale announced a $160 million USD Series C in April 2025. SV001
CV002 Independent coverage reported that the April 2025 Series C priced Tailscale at roughly $1.45 billion post-money or about C$2 billion. SV002, SV003, SV004
CV003 Independent coverage reported that Tailscale had raised about $275 million in total by April 2025. SV003, SV004
CV004 Independent April 2025 coverage said Tailscale had over 10,000 paid business clients and another 20 percent increase since January. SV002, SV003
CV005 Independent April 2025 coverage said Tailscale was growing revenue more than 100 percent year over year without publicly disclosing exact ARR. SV002, SV003
CV006 Management said Tailscale had a long runway and could become profitable when needed. SV002, SV003, SV004
CV007 Management said Tailscale intended to remain independent and viewed an IPO as a likely but several-years-away path. SV002, SV003
CV008 Tailscale raised $100 million USD in its May 2022 Series B. SV005, SV006, SV007
CV009 May 2022 coverage framed the Series B valuation at roughly C$1 billion or about $780 million USD-equivalent. SV004, SV005, SV006
CV010 The step from roughly 2022 Series B valuation levels to $1.45 billion in 2025 implies Tailscale roughly doubled valuation in about three years. SV003, SV004, SV005, SV006
CV011 Tailscale’s pricing page describes a seat-based model with Premium and Enterprise tiers plus device and resource concepts. SV009
CV012 The current pricing surface is more complex than a simple VPN-seat model because tagged resources, ephemeral resources, and overage logic affect monetization. SV009
CV013 Public evidence reviewed for this chapter does not disclose audited ARR, gross margin, burn, or net retention metrics for Tailscale. SV002, SV003, SV004
CV014 GetLatka publishes a non-company estimate that Tailscale reached about $45.2 million ARR in 2025. SV008
CV015 GetLatka also publishes a non-company estimate that Tailscale had about 250 employees by late 2025. SV008
CV016 If the $1.45 billion April 2025 valuation is divided by the $45.2 million external ARR estimate, the implied ARR multiple is about 32x. SV008
CV017 Cloudflare’s May 2026 public market cap signal was about $75.16 billion. SV010
CV018 Cloudflare’s public revenue signal was about $2.16 billion TTM. SV011
CV019 Cloudflare markets Cloudflare One as a broader SASE and Zero Trust platform than Tailscale’s connectivity-first product scope. SV013
CV020 Using the May 2026 market-cap and TTM revenue signals, Cloudflare screens at roughly 34.8x market cap to revenue. SV010, SV011
CV021 Cloudflare’s investor relations site exposes a continuing SEC filing cadence that public investors can underwrite directly. SV012
CV022 Zscaler’s May 2026 public market cap signal was about $27.49 billion. SV014
CV023 Zscaler’s public revenue signal was about $3.00 billion TTM. SV015
CV024 Zscaler describes Zero Trust Exchange as a comprehensive integrated platform for users, workloads, IoT, OT, and partners. SV017
CV025 Using the May 2026 market-cap and TTM revenue signals, Zscaler screens at roughly 9.2x market cap to revenue. SV014, SV015
CV026 Zscaler’s investor relations site exposes a continuing SEC filing cadence that public investors can underwrite directly. SV016
CV027 Palo Alto Networks’ May 2026 public market cap signal was about $205.11 billion. SV018
CV028 Palo Alto Networks’ public revenue signal was about $9.89 billion TTM. SV019
CV029 Palo Alto Networks reported fiscal Q2 2026 revenue of $2.6 billion and next-generation security ARR of $6.3 billion. SV020
CV030 Palo Alto Networks guided fiscal 2026 next-generation security ARR to roughly $8.52 billion to $8.62 billion and total revenue to about $11.28 billion to $11.31 billion. SV020
CV031 Palo Alto markets Prisma SASE as an AI-powered broader secure-access and operations platform than Tailscale’s current scope. SV021
CV032 Using the May 2026 market-cap and TTM revenue signals, Palo Alto Networks screens at roughly 20.7x market cap to revenue. SV018, SV019
CV033 Cisco’s May 2026 public market cap signal was about $465.87 billion. SV022
CV034 Cisco’s public revenue signal was about $59.05 billion TTM. SV023
CV035 Cisco reported fiscal Q3 2026 revenue of $15.8 billion, said Security was flat, and guided full-year 2026 revenue to $62.8 billion to $63.0 billion. SV026
CV036 Cisco Secure Access is a broader cloud-native SSE platform than Tailscale’s core access product. SV025
CV037 Using the May 2026 market-cap and TTM revenue signals, Cisco screens at roughly 7.9x market cap to revenue. SV022, SV023
CV038 Cisco’s investor relations site exposes a continuing SEC filing cadence that public investors can underwrite directly. SV024
CV039 Multiples.vc shows a wide public cyber-comp spread with Cloudflare around 30.5x EV or revenue, Palo Alto around 18.0x, and Zscaler around 8.3x. SV029
CV040 Finro says public cybersecurity companies average roughly 7.8x revenue versus about 15.2x for private deals and 16.3x for M&A transactions. SV031
CV041 Finro says cloud security averages about 21.7x revenue while IAM averages about 15.0x, showing premium niches command higher pricing than the public average. SV031
CV042 Momentum Cyber says Q1 2026 financing capital was concentrated in a few deals and median deal size compressed to about $12 million, indicating a flight-to-quality market. SV028
CV043 Clairfield says cybersecurity M&A recorded about 400 deals and more than $84 billion of deal value in 2025, confirming strong strategic demand for the sector. SV027
CV044 FE International argues cybersecurity valuation still depends on revenue structure, margins, and buyer-relevant metrics rather than category hype alone. SV030
CV045 The investable thesis is that Tailscale has real product-market fit, expanding enterprise pull, AI-linked demand, and capital-efficiency narrative support even without public ARR disclosure. SV001, SV002, SV003, SV004, SV009
CV046 The anti-thesis is that Tailscale remains a private and relatively narrow connectivity product being compared against broader public platforms with audited revenue and disclosure cadence. SV009, SV012, SV016, SV020, SV024, SV029, SV031
CV047 Because Tailscale does not publicly disclose ARR, margins, retention, or concentration, top-end cloud-security comp multiples would overstate supportable value from public evidence alone. SV003, SV009, SV029, SV030, SV031
CV048 Tailscale’s 2025 round likely priced in sustained AI demand and larger-enterprise expansion rather than proven public profitability metrics. SV001, SV002, SV003, SV004
CV049 A conservative base case treats the April 2025 round as only roughly fair if Tailscale can privately prove materially stronger ARR and retention than public evidence alone shows. SV008, SV029, SV031
CV050 A bull case requires Tailscale to convert AI and enterprise demand into durable expansion while preserving efficiency and broadening beyond a narrow VPN-replacement narrative. SV001, SV002, SV003, SV009, SV028
CV051 A bear case emerges if ARR, gross margin, or concentration metrics are materially weaker than implied by the April 2025 growth narrative. SV003, SV008, SV031
CV052 The public comp lens is most useful as a qualitative guardrail because Cloudflare, Zscaler, Palo Alto, and Cisco all sell broader and more disclosed platforms than Tailscale does. SV013, SV017, SV021, SV025, SV029
CV053 Using companies-market-cap and revenue signals, the selected public-comp band spans roughly 7.9x to 34.8x market cap to revenue. SV010, SV011, SV014, SV015, SV018, SV019, SV022, SV023
CV054 If the external ARR estimate is close to reality, Tailscale’s 2025 private valuation would sit above the broad public-comp revenue band despite having less disclosure. SV008, SV029, SV031
CV055 The recommendation from public evidence alone is research-more rather than chase because the company looks strong but the valuation lacks enough disclosed unit-economics support. SV003, SV004, SV009, SV029, SV031
CV056 The appropriate confidence is medium because the market and product signals are strong but the economics and cap-table details remain private. SV003, SV008, SV031
CV057 The public-evidence risk rating is high because valuation support remains highly sensitive to nonpublic ARR, margin, retention, and concentration data. SV008, SV029, SV031
CV058 The valuation stance is stretched rather than clearly attractive because the April 2025 round already captures much of the visible good news while leaving key economics undisclosed. SV003, SV004, SV029, SV031
CV059 A thesis-break trigger would be nonpublic diligence showing ARR materially below about $60 million or growth already decelerating sharply. SV008, SV029, SV031
CV060 A second thesis-break trigger would be customer concentration or AI-linked revenue dependence proving much higher than the public narrative suggests. SV002, SV003, SV028, SV031
CV061 The most important missing evidence is an ARR bridge, gross-margin profile, retention cohort data, and top-customer concentration detail. SV003, SV008, SV030, SV031
CV062 Public evidence does not reveal detailed preference stack, liquidation overhang, or dilution terms for the 2025 round. SV001, SV003, SV004
来源
编号出版方标题引文
SO001 Tailscale We're Building the New Internet | About Tailscale We’re building the new internet.
SO002 Tailscale Tailscale | Secure Connectivity for AI, IoT & Multi-Cloud Secure Connectivity for AI, IoT & Multi-Cloud.
SO003 Tailscale Tailscale: How it works Our base layer is the increasingly popular and excellent open source WireGuard package.
SO004 Tailscale Tailscale raises $160 Million (USD) Series C to build the New Internet Tailscale has raised $160 million USD ($230 million CAD) in our Series C, led by Accel.
SO005 Tailscale 10,000 customers, a new Operations SVP, and the bigger picture First, we’ve surpassed 10,000 business customers. Just 10 months ago, we were at 5,000.
SO006 Tailscale Border0 is joining Tailscale Border0 is now part of Tailscale, and we're very glad to have the team here.
SO007 Tailscale Security | Tailscale Tailscale publishes security bulletins to disclose security issues in our product.
SO008 Tailscale Security Bulletins · Tailscale Description: ACL capability bypass in the Tailscale client's web interface.
SO009 Tailscale How Instacart reduces developer disruptions Internal support requests at Instacart ... have dropped from 10 a week to nearly zero.
SO010 Tailscale Hugging Face adopts zero trust networking to protect ML tooling with Tailscale Tailscale has been a fantastic partner to us.
SO011 Tailscale Mercury enacts a privacy-led approach to security with Tailscale When I joined Mercury, there were 240 people. Today, we have over 1000 employees.
SO012 Tailscale How Cribl Enables Secure Work From Anywhere with Tailscale Since adopting Tailscale in 2020, Cribl has grown considerably.
SO013 GitHub GitHub - tailscale/tailscale: The easiest, most secure way to use WireGuard and 2FA. The easiest, most secure way to use WireGuard and 2FA.
SO014 Tailscale Privacy Policy · Tailscale Tailscale ... allows customers and individuals to directly connect servers, computers, mobile devices, and cloud instances in a simple mesh VPN network, in which every connection is encrypted.
SO015 Tailscale Tailscale Status Tailscale Status.
SO016 BetaKit Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth The company now has 150 employees, and has seen another 20 percent increase of its paid business clients since January.
SO017 BankInfoSecurity Tailscale Raises $160M to Scale AI and Enterprise Use The company got a $1.45 billion valuation, double the $780 million valuation Tailscale received in May 2022.
SO018 Osler, Hoskin & Harcourt LLP Tailscale Tailscale is a Toronto-based software company that provides zero-configuration virtual private networks (VPNs) for secure connectivity.
SO019 BetaKit Tailscale closes $128M CAD Series B to scale VPN service, amass more developer evangelists The startup operates as a fully remote company, with employees distributed across Canada and the US.
SO020 TechCrunch Tailscale lands $100 million to “transform” enterprise VPNs Tailscale’s product is built on WireGuard.
SO021 Business Wire Tailscale Raises $100 Million Series B to Fix the Internet with its Zero Trust VPN for Modern DevOps Teams Founded in 2019, Tailscale has experienced 1,200% YoY growth.
SO022 Insight Partners Tailscale Raises $100 Million Series B to Fix the Internet with its Zero Trust VPN for Modern DevOps Teams Tailscale Raises $100 Million Series B to Fix the Internet with its Zero Trust VPN for Modern DevOps Teams.
SO023 PYMNTS Tailscale Simplifies Secure Access With Border0 Acquisition This acquisition adds Border0’s solutions for managing access to sensitive infrastructure such as production systems and Kubernetes.
SO024 SiliconANGLE Secure networking startup Tailscale launches identity-linked governance for AI tools and agents Secure networking startup Tailscale launches identity-linked governance for AI tools and agents.
SO025 VMblog Tailscale launches Aperture in open alpha for identity-linked governance of AI tools and agents Aperture provides centralized policy controls, audit-ready session histories, and safer handling of provider credentials.
SO026 CAN1 Business Tailscale Inc. It was incorporated on 23 March 2019 in Canada and ... is an active company.
SO027 Accel Building the New Internet: Our Continued Partnership with Tailscale They recently announced doubling their customer base to 10,000 customers (it’s higher now).
SO028 BetaKit Tailscale makes first acquisition with Border0 purchase Tailscale makes first acquisition with Border0 purchase.
SM001 Tailscale What is Tailscale? · Tailscale Docs Tailscale is a Zero Trust identity-based connectivity platform that replaces your legacy VPN, SASE, and PAM.
SM002 Tailscale Tailscale pricing $8 per user, per month ... $18 per user, per month.
SM003 Tailscale Enterprise-Grade Zero Trust Networking | Tailscale Organizations of all sizes choose Tailscale to connect their employees, devices, and workloads securely across infrastructure spanning the globe.
SM004 Tailscale Tailscale, a virtual programmable network for DevOps Achieve connectivity across VPCs, clusters, and heterogeneous environments quickly.
SM005 Tailscale Securely Connect AI Infrastructure (Start for Free) | Tailscale Private networking to connect users, LLMs, and data across any infrastructure.
SM006 Tailscale Secure Infrastructure Access with Zero Trust | Tailscale Granular access controls enable everyone on your team to get access to exactly what they need, when they need it, wherever it is.
SM007 Tailscale Why Devs Love Tailscale | Customer Success Stories How Cribl Enables Secure Work From Anywhere with Tailscale.
SM008 Grand View Research Zero Trust Network Access Market | Industry Report, 2033 The global zero trust network access market size was estimated at USD 1.97 billion in 2025 and is projected to reach USD 11.03 billion by 2033.
SM009 MarketsandMarkets Secure Access Service Edge (SASE) Market Report 2026-2032, by Offering, Geo, Tech The SASE market is projected to grow from USD 19.19 billion in 2026 to USD 68.06 billion by 2032, at a CAGR of 28.8%.
SM010 Mordor Intelligence Secure Access Service Edge (SASE) Market Size, Growth & Forecast Report 2031 The secure access service edge market size is expected to increase from USD 12.21 billion in 2025 to USD 15.54 billion in 2026 and reach USD 39.14 billion by 2031.
SM011 Global Market Insights Secure Access Service Edge Market Size, 2026-2035 Forecast The market is expected to grow from USD 2.8 billion in 2026 to USD 27.5 billion in 2035, at a CAGR of 28.9%.
SM012 ORDR Zero Trust Statistics 2026 Report | ORDR Zero Trust Network Access (ZTNA) ... $2.95B in 2026 ... $14.74B in 2032.
SM013 ZeroTier ZeroTier Pricing Plans | Find the Right Network Plan for You From home use to enterprise-scale, whether you have 10 devices or 10,000, we have pricing to fit your needs.
SM014 NetBird Pricing - NetBird For teams replacing legacy VPNs with secure remote access and site-to-site connectivity.
SM015 WireGuard fast, modern, secure VPN tunnel All issues of key distribution and pushed configurations are out of scope of WireGuard.
SM016 Teleport Teleport Pricing: Cloud & Self-Hosted | Teleport Teleport is licensed based on monthly usage.
SM017 Amazon Web Services AWS VPN Pricing - Cloud VPN - Amazon Web Services You pay $523.80 per month for AWS Site-to-Site VPN 1.25 Gbps connection.
SM018 Amazon Web Services Secure Remote Access - AWS Verified Access - AWS Provide secure access to corporate applications and resources without a VPN.
SM019 Microsoft Microsoft Entra Private Access | Microsoft Security The Microsoft Entra Suite delivers unified Zero Trust user access.
SM020 Cloudflare Overview · Cloudflare One docs Cloudflare One is Cloudflare's Secure Access Service Edge (SASE) platform.
SM021 Zscaler AI-Powered Zero Trust Platform | Zscaler Zero Trust Exchange Lower costs and complexity by eliminating point solutions and reducing overhead.
SM022 Palo Alto Networks Prisma SASE Power the future of work with Prisma SASE from Palo Alto Networks.
SM023 Cisco Cisco Secure Access This cloud-delivered security service edge (SSE) solution, grounded in zero trust, provides secure, seamless access from any user or device to any application, anywhere.
SM024 WorkOS Tailscale is building the AI gateway for a world where agents need identity — WorkOS Instead of distributing API keys to every developer, every CI runner, and every autonomous agent in your organization, you point everything at the AI gateway.
SM025 FeaturedCustomers 43 Tailscale Customer Reviews & References Read 24 Tailscale reviews and testimonials from customers, explore 18 case studies and customer success stories.
SM026 BetaKit Tailscale hits 10,000 paid business clients after doubling customer base in 10 months Tailscale takes a different approach ... targeting the end users of its solution—developers—first.
SM027 SiliconANGLE Secure networking startup Tailscale launches identity-linked governance for AI tools and agents - SiliconANGLE Secure networking startup Tailscale launches identity-linked governance for AI tools and agents.
SP001 Tailscale Compare · Tailscale Tailscale’s peer-to-peer mesh network allows your machines to connect to each other directly — with coordination provided centrally — reducing bottlenecks, speeding things up, and improving reliability.
SP002 Tailscale Tailscale pricing $0 for up to 6 users ... $8 per user, per month ... $18 per user, per month.
SP003 Tailscale Enterprise-Grade Zero Trust Networking | Tailscale Tailscale integrates with your existing identity provider to enable single sign on, provide a seamless onboarding experience, and enforce multi-factor authentication.
SP004 Cloudflare Cloudflare One | The agile SASE platform | Cloudflare Cloudflare One converges core SASE services such as zero trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), network-as-a-service (NaaS), and firewall-as-a-service (FWaaS).
SP005 Cloudflare Cloudflare Tunnel · Cloudflare One docs cloudflared initiates an outbound connection through your firewall from the origin to the Cloudflare global network.
SP006 Cloudflare Identity providers · Cloudflare One docs Cloudflare supports all SAML and OIDC providers and can integrate with the majority of OAuth providers.
SP007 Cloudflare About the Cloudflare One Client · Cloudflare One docs The client also reports device health information ... so that you can enforce device posture checks in your Access and Gateway policies.
SP008 Cloudflare Zero Trust & SASE Plans & Pricing Cloudflare One is our single-vendor SASE platform ... Contact us to learn more about SASE packaging options.
SP009 Zscaler Transforming secure access with Zscaler Private Access (ZPA) Minimize the risk of app compromise and data loss with full inline inspection of private app traffic and data loss prevention.
SP010 Zscaler Private Access (ZPA) Help | Zscaler
SP011 Zscaler Pricing and Plans | Zscaler Pricing and Plans | Zscaler
SP012 Palo Alto Networks Prisma Access Achieve True Zero Trust Security for Your Entire Network.
SP013 Palo Alto Networks Prisma SASE Power the future of work with Prisma SASE ... the industry’s most comprehensive SASE solution that protects all your users, apps, data and devices.
SP014 Palo Alto Networks Prisma Access Prisma Access helps you deliver consistent security to your remote networks and mobile users.
SP015 Cisco Cisco Secure Access ZTNA leverages least-privilege principles, contextual insights, and client or clientless-based methods to deny access by default and allow access to apps when granted.
SP016 Cisco Duo Identity Security Products | Duo Security | Cisco Duo Protect access with phishing-resistant MFA.
SP017 Cisco Duo Editions and Pricing | Cisco Duo $0 per user/month ... $3 per user/month ... $6 per user/month ... $9 per user/month.
SP018 Cisco Duo Duo Documentation, How-To Guides | MFA | Cisco Duo
SP019 ZeroTier ZeroTier Pricing Plans | Find the Right Network Plan for You From home use to enterprise-scale, whether you have 10 devices or 10,000, we have pricing to fit your needs.
SP020 ZeroTier Create a Network | ZeroTier Documentation A ZeroTier network works like a LAN you can use anywhere in the world.
SP021 NetBird Pricing - NetBird $0 user / month ... $5 ... $10.
SP022 NetBird Self-Hosting Quickstart Guide (5 min) NetBird is open source and can be self-hosted on your servers.
SP023 NetBird Advanced guide - NetBird Docs This advanced guide is for users who need to integrate with an existing IdP or have specific enterprise requirements.
SP024 NetBird Self-Hosted Deployment Configuration Files Reference This page provides a comprehensive reference for all configuration files used when self-hosting NetBird.
SP025 GitHub GitHub - netbirdio/netbird: Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls. Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
SP026 GitHub GitHub - slackhq/nebula: A scalable overlay networking tool with a focus on performance, simplicity and security Nebula is a mutually authenticated peer-to-peer software-defined network based on the Noise Protocol Framework.
SP027 Teleport Teleport Pricing: Cloud & Self-Hosted | Teleport Teleport is licensed based on monthly usage.
SP028 Teleport Teleport Zero Trust Access | Teleport Structured audit export ... Session recording and playback.
SP029 Teleport Step 1 - Deploy Teleport Community Edition | Teleport Teleport SSH Service ... records sessions, and logs activity as Teleport audit events.
SP030 Teleport Install Teleport | Teleport The guides in this section show you how to install Teleport on your system.
SP031 GitHub GitHub - gravitational/teleport: The easiest, and most secure way to access and protect all of your infrastructure. Teleport provides connectivity, authentication, access controls and audit for infrastructure.
SP032 SiliconANGLE Secure networking startup Tailscale launches identity-linked governance for AI tools and agents - SiliconANGLE Aperture in open alpha mode ... offer centralized policy control and auditability for artificial intelligence agents to reduce data leakage.
SP033 BetaKit Tailscale makes first acquisition with Border0 purchase | BetaKit The acquisition helps us move faster on building out a more complete and modern PAM offering.
SI001 Tailscale Tailscale pricing $0 for up to 6 users ... $8 per user, per month ... $18 per user, per month.
SI002 Tailscale Tailscale raises $160 Million (USD) Series C to build the New Internet Even though we already had a long runway, we raised this Series C because we realized the world had started raining opportunities.
SI003 Tailscale Tailscale raises $100M… to fix the Internet We’ve raised $100M in a Series B financing led by CRV and Insight Partners.
SI004 Tailscale Careers at Tailscale · Tailscale Join the team championing small networks but launching big careers.
SI005 Tailscale Five thousand (paying) teams on Tailscale We've passed 5000 paying customers. More than half of those were added in the last 12 months.
SI006 Tailscale Business challenges and pain points: Tailscale patterns from the field There are over 30,000 companies using Tailscale!
SI007 Tailscale Real-world enterprise use cases: Tailscale patterns from the field This post covers the many use cases for which customers use Tailscale.
SI008 Tailscale Tailscale's Total Economic Impact The study found that Tailscale delivered a 213% ROI with a payback in under six months.
SI009 Tailscale The Total Economic Impact™ of Tailscale | ROI in <6 Months A 2026 Forrester study shows cost savings, productivity gains, and under 6-month payback.
SI010 Tailscale Why Devs Love Tailscale | Customer Success Stories Why Devs Love Tailscale | Customer Success Stories
SI011 Tailscale How Positron easily scales AI deployments for customers with Tailscale It saves us an hour per onboarded prospect.
SI012 Tailscale How Instacart reduces developer disruptions Internal support requests at Instacart ... have dropped from 10 a week to nearly zero.
SI013 Tailscale Security Bulletins · Tailscale TS-2026-001 ... TS-2026-002
SI014 Tailscale Security | Tailscale Your data is end-to-end encrypted and transmitted point-to-point.
SI015 Tailscale Tailscale Peer Relays · Tailscale Docs Tailscale first attempts to use any available peer relays in the tailnet before falling back to DERP servers.
SI016 Tailscale Tailscale Status Latest service status for Tailscale
SI017 BetaKit Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth While the company hasn't disclosed its annual recurring revenue, it claimed the metric was growing more than 100 percent year-over-year.
SI018 Business Wire Tailscale Raises $100 Million Series B to Fix the Internet with its Zero Trust VPN for Modern DevOps Teams Founded in 2019, Tailscale has experienced 1,200% YoY growth and continues to sustain 20% growth quarter over quarter in active monthly users.
SI019 The Stack Mesh network firm Tailscale raises $160m: Hits 10k+ customers Earlier this year it boasted of having hit 10,000 customers.
SI020 Proactive Investors Tailscale achieves $1.5B valuation with latest funding round Its technology is used by over 10,000 corporate customers.
SI021 PYMNTS Tailscale Simplifies Secure Access With Border0 Acquisition | PYMNTS.com The Border0 team has joined Tailscale, with former Border0 CEO Andree Toonk becoming Tailscale's director of engineering.
SI022 GetLatka Tailscale Revenue 2025: $45.2M ARR, $1.5B Valuation In 2025, Tailscale's revenue reached $45.2M.
SI023 Tracxn Tailscale Tailscale has raised a total funding of $275M over 4 rounds.
SI024 Tailscale Tailscale Tailscale is proud to be a fully remote company with team members in the United States, Canada and the United Kingdom.
SI025 Corporations Canada Federal corporation information - 1131559-5 - Online Filing Centre - Corporations Canada - Corporations Type of corporation: Non-distributing corporation with 50 or fewer shareholders.
SE001 Tailscale What is Tailscale? · Tailscale Docs Tailscale is a Zero Trust identity-based connectivity platform that replaces your legacy VPN, SASE, and PAM.
SE002 Tailscale About WireGuard · Tailscale Docs
SE003 Tailscale DERP servers · Tailscale Docs When a direct connection isn't possible Tailscale first attempts to use any available peer relays in the tailnet.
SE004 Tailscale What is a tailnet? · Tailscale Docs A Tailscale network (known as a tailnet) is a secure, interconnected collection of users, devices, and resources.
SE005 Tailscale Tailnet policy file · Tailscale Docs The tailnet policy file is a centralized human JSON (HuJSON) configuration file that stores parameters, policies, and settings for your Tailscale network.
SE006 Tailscale Grants vs. ACLs · Tailscale Docs Grants are feature complete with ACLs, which means they have all the capabilities of ACLs.
SE007 Tailscale Tailscale SSH · Tailscale Docs Tailscale SSH lets Tailscale manage the authentication and authorization of SSH connections in your tailnet.
SE008 Tailscale Deploy exit nodes and subnet routers on Kubernetes · Tailscale Docs
SE009 Tailscale Subnet routers · Tailscale Docs Subnet routers let you extend your Tailscale network to include devices that don't or can't run the Tailscale client.
SE010 Tailscale Exit nodes (route all traffic) · Tailscale Docs When you route all traffic through an exit node, you're effectively using default routes, similar to how you would if you were using a typical VPN.
SE011 Tailscale Tailscale Funnel · Tailscale Docs Tailscale Funnel lets you route traffic from the broader internet to a local service running on a device in your Tailscale network.
SE012 Tailscale Tailscale Serve · Tailscale Docs Serve traffic includes identity headers when serving traffic from your tailnet using Tailscale Serve.
SE013 Tailscale Device posture management · Tailscale Docs Device posture is a mechanism to measure how secure or trustworthy a device is.
SE014 Tailscale Logging overview · Tailscale Docs Network flow logs strictly do not contain any information about client operations or contents of network traffic.
SE015 Tailscale Get started with Aperture · Tailscale Docs Aperture supports OpenAI, Anthropic, Google Gemini, OpenRouter, Amazon Bedrock, Vertex AI, and OpenAI-compatible APIs.
SE016 Tailscale Guardrails · Tailscale Docs The fail_policy setting on each hook definition controls what happens when Aperture cannot reach a guardrail endpoint... fail_open (default).
SE017 Tailscale Border0 joins Tailscale - FAQs Border0 is designed for infrastructure access workflows and visibility, including support for common access patterns such as SSH and Kubernetes access, remote admin workflows (RDP and VNC), database access controls, session recording, and command or query visibility.
SE018 Tailscale Border0 is joining Tailscale Tailscale started with secure connectivity... Border0 brings protocol-aware controls, session visibility, approval workflows.
SE019 Tailscale Tailscale pricing update: clearer plans, more value We're moving to simple, predictable seat-based pricing for business plans.
SE020 Tailscale Tailscale pricing $0 for up to 6 users ... $8 per user, per month ... $18 per user, per month.
SE021 Tailscale Security | Tailscale Your data is end-to-end encrypted and transmitted point-to-point. Your devices' private encryption keys never leave their respective nodes.
SE022 Tailscale Security Bulletins · Tailscale TS-2026-002 ... ACL capability bypass in the Tailscale client's web interface.
SE023 Tailscale Incident disclosure and notification policy Both the client software and our managed backend infrastructure (i.e. coordination server) are in scope for this policy.
SE024 Tailscale Tailscale Status
SE025 Tailscale Tailscale changelog
SE026 Tailscale Configuration Audit Logs Now Generally Available in Tailscale Configuration audit logs are enabled by default on all tailnets, and cannot be disabled.
SE027 Tailscale Tailscale Kubernetes Operator generally available for simple, secure K8s access Thousands of organizations have adopted it, including for use in production environments.
SE028 Tailscale Aperture by Tailscale is now self-serve: Centralized AI access, usage, and spend Aperture shifts API keys out of application environments and into a gateway designed to manage them, while tying every request to identity.
SE029 GitHub GitHub - tailscale/tailscale: The easiest, most secure way to use WireGuard and 2FA. This repository contains the majority of Tailscale's open source code.
SE030 GitHub Releases · tailscale/tailscale v1.98.2 ... 18 May 14:06.
SE031 WireGuard Protocol & Cryptography - WireGuard WireGuard uses the Noise_IK handshake from Noise ... All packets are sent over UDP.
SE032 SiliconANGLE Secure networking startup Tailscale launches identity-linked governance for AI tools and agents Tailscale is working with partners such as Oso, Cerbos, Apollo Research PBC and Cribl Inc.
SE033 BetaKit Tailscale makes first acquisition with Border0 purchase Border0 adds deeper application-layer access and authorization on top of that foundation.
SE034 Techcouver Philosophies Aligned, Vancouver Startup Border0 Joins Toronto's Tailscale Over time, we'll pull these capabilities closer into the Tailscale experience and build out a more native Tailscale PAM offering.
SE035 StatusGator Tailscale Status. Check if Tailscale is down or having an outage. The last officially acknowledged outage was on May 8, 2026.
SE036 OpenCVE Tailscale CVEs and Security Vulnerabilities
SE037 NIST National Vulnerability Database NVD - CVE-2023-28436 A vulnerability identified in the implementation of Tailscale SSH ... allows commands to be run with a higher privilege group ID than that specified in Tailscale SSH access rules.
SE038 CVE Program Common vulnerabilities and Exposures (CVE)
SU001 Tailscale Why Devs Love Tailscale | Customer Success Stories The customer page currently spotlights stories such as Cribl, Instacart, Mercury, and Hugging Face.
SU002 Tailscale Tailscale pricing Personal is $0 for up to 6 users, Standard is $8 per user per month, Premium is $18 per user per month, and Enterprise is custom.
SU003 Tailscale Bring Tailscale to Work Rolling out Tailscale for your team should be a cost-effective and seamless adoption path, and the company offers help for team rollout.
SU004 Tailscale Apply to join the Tailscale for Startups Program Accepted startups will enjoy a full year of the business plan at no cost.
SU005 Tailscale Enterprise-Grade Zero Trust Networking | Tailscale Organizations of all sizes choose Tailscale to connect employees, devices, and workloads securely across infrastructure spanning the globe.
SU006 BetaKit Tailscale hits 10,000 paid business clients after doubling customer base in 10 months The software unicorn recently hit 10,000 paid business customers and still had hundreds of thousands of personal users.
SU007 University of Waterloo Alumni’s VPN startup secures $230M to meet AI demands | Engineering | University of Waterloo The company serves over 10,000 clients including Perplexity, Mistral, Hugging Face and Cohere.
SU008 PeerSpot Tailscale Reviews, Competitors and Pricing Users praise ease of use but also mention multi-account login problems and difficulty switching between tailnets.
SU009 Trustpilot tailscale.com is rated "Excellent" with 4.3 / 5 on Trustpilot The page shows a 4.3 out of 5 rating from 14 reviews, with praise for ease of use and at least one complaint about documentation detail.
SU010 Tailscale Hugging Face adopts zero trust networking to protect ML tooling with Tailscale Hugging Face standardized on a universal secure remote access solution and said the rollout saved tens of hours a month.
SU011 Hugging Face Hugging Face – The AI community building the future. Hugging Face hosts models, datasets, spaces, enterprise offerings, and pricing for the AI community.
SU012 Tailscale How Instacart reduces developer disruptions Instacart says it once ran eight separate VPNs and had Tailscale working across GCP, AWS, and multiple environments in less than a day.
SU013 Instacart Instacart Company | Home Instacart says it partners with more than 1,000 retail banners and over 75,000 stores across more than 13,000 cities in North America.
SU014 Tailscale How Cribl Enables Secure Work From Anywhere with Tailscale Cribl says it started using Tailscale when there were about 18 people and later grew to about 550 employees.
SU015 Cribl The AI Platform for Telemetry | Cribl Cribl says it is fueling the data engines of 50% of the Fortune 100.
SU016 Tailscale Mercury enacts a privacy-led approach to security with Tailscale Mercury says it built a company-wide tailnet within days and expanded Tailscale as the workforce grew from 240 people to more than 1,000.
SU017 Mercury About Mercury | The art of simplified finances Mercury says it now has 1,000+ employees and serves ambitious entrepreneurs with software-led banking.
SU018 Tailscale Abilene Christian University graduates to smarter remote access with Tailscale ACU says Tailscale supports faculty and staff access and offers granular, port-level controls.
SU019 Abilene Christian University Abilene Christian University ACU is a higher-education institution with campuses in Abilene and Dallas.
SU020 Tailscale The Linux Foundation adopts low-maintenance, worry-free networking The Linux Foundation says Tailscale completely replaced OpenVPN and made access management dramatically simpler.
SU021 Linux Foundation About the Linux Foundation The Linux Foundation says it supports over 13,000 developers and acts as a neutral home for code and collaboration.
SU022 Tailscale How VersaBank reduced maintenance costs by modernizing their VPN VersaBank says its critical VPN consumed too much maintenance time before the move to Tailscale.
SU023 VersaBank Home Landing - VersaBank VersaBank describes itself as a North American branchless digital bank built on proprietary technology.
SU024 Tailscale Loft Orbital supports space launches and eliminates tickets with Tailscale Loft Orbital says Tailscale helped it escape disconnections, slow speeds, and support-ticket drag as the team reached 300 people.
SU025 Loft Orbital Loft Orbital: Space Made Simple - Loft Orbital Loft Orbital highlights work with governmental, defense, and security applications in its public materials.
SU026 Tailscale Vanta upgrades to modern, frictionless networking with Tailscale Vanta says earlier VPN tools took roughly 50% longer to use and that Codespaces compatibility mattered in the Tailscale decision.
SU027 Vanta SOC 2, HIPAA, ISO 27001, PCI, and GDPR Compliance Vanta says it serves 16,000+ customers from startup to enterprise and automates compliance workflows.
SU028 Tailscale Inside Netcraft’s proactive approach to digital risk protection with Tailscale Netcraft says certificate-heavy OpenVPN workflows became too cumbersome as staff composition broadened beyond engineers.
SU029 Netcraft Next-Gen Digital Risk Protection | AI-powered Cybercrime Defense by Netcraft Netcraft positions itself as a digital-risk-protection and cybercrime-defense provider.
SU030 Tailscale How Mercari improved accessibility, security, and made VPNs simple Mercari says Tailscale reduced daily VPN troubleshooting and supported QA, engineering, and GitHub Actions workflows.
SU031 Mercari Mercari, Inc. Mercari describes itself as a large online marketplace company in Japan and the United States.
SU032 Tailscale How DEEL Media enables on-demand digital signage support with Tailscale DEEL Media says its Carbon platform powers thousands of IoT devices and tens of thousands of screens across three continents.
SU033 Tailscale How Yugabyte quickly and securely connects support and field teams Yugabyte says around 30 support and field-engineering staff share Tailscale-based environments for debugging and demos.
SU034 Yugabyte Distributed PostgreSQL for Modern Apps Yugabyte positions YugabyteDB as a distributed PostgreSQL-compatible database for cloud-native and global applications.
SR001 Tailscale Security Tailscale does not (and cannot) inspect your traffic.
SR002 Tailscale Security Bulletins A malicious tailnet node could disable the exit node and clear advertised subnet routes on other tailnet nodes that run the web interface.
SR003 Tailscale Incident disclosure
SR004 Tailscale Tailscale Status
SR005 Tailscale Pricing $8 per user, per month
SR006 Tailscale Tailscale raises $160 Million (USD) Series C to build the New Internet A surprising number of leading AI companies — Perplexity, Mistral, Cohere, Groq, Hugging Face — are now building on Tailscale to solve exactly this.
SR007 BetaKit Corporate VPN startup Tailscale secures $230 million CAD Series C on back of surprising growth The company has emerged from the capital raise with a $1.45 billion USD (approximately $2 billion CAD) post-money valuation.
SR008 BetaKit Tailscale hits 10,000 paid business clients after doubling customer base in past 10 months The software unicorn recently hit 10,000 paid business customers—ranging from small firms to Fortune 500 companies—and not including its hundreds of thousands of personal users.
SR009 Tailscale About Tailscale We are proudly, and always have been, a fully remote company with flexible working hours.
SR010 Tailscale Terms of Service Important notice... these Terms contain provisions requiring that you agree to the use of arbitration to resolve any disputes... and to waive your participation in class action of any kind against Tailscale.
SR011 Tailscale Tailscale Privacy Policy Tailscale does not process, or have the ability to access, the content of User traffic data transmitted through the Tailscale Solution, which is fully end-to-end encrypted.
SR012 Tailscale Data Processing Addendum We will notify you without undue delay (and in any event within seventy-two (72) hours) of any known breach of security...
SR013 Tailscale DORA Addendum Customer is considered the 'financial entity' and Tailscale is considered the 'ICT third-party service provider' under DORA.
SR014 Tailscale Custom DERP servers DERP relayed connections are slower than direct connections, you might experience poor performance.
SR015 Tailscale Tailnet Lock With Tailnet Lock enabled, even if Tailscale were malicious or Tailscale infrastructure hacked, attackers can't send or receive traffic in your tailnet.
SR016 National Vulnerability Database CVE-2023-28436 A vulnerability identified in the implementation of Tailscale SSH... allows commands to be run with a higher privilege group ID than that specified in Tailscale SSH access rules.
SR017 CVE Program CVE-2023-28436 A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code.
SR018 IsDown Tailscale outages and status history There were 61 Tailscale outages since November 2025.
SR019 StatusGator Tailscale Outage History There were 83 Tailscale outages since January 2025 which are summarized below, including incident details, duration, and resolution information.
SR020 Cloudflare Cloudflare Zero Trust Cloudflare One provides deep visibility and control over GenAI usage and is the first SASE platform to secure connections to Model Context Protocol (MCP) servers.
SR021 Zscaler Zscaler Zero Trust Exchange Our unique proxy architecture enables full TLS/SSL inspection at scale.
SR022 Palo Alto Networks Prisma Access Prisma® Access delivers best-in-class security powered by Precision AI® into a single, cloud-delivered solution to protect everywhere work gets done.
SR023 Palo Alto Networks Prisma Access Private App Security Gain comprehensive visibility into all private app traffic... with SASE-native architecture to instantly detect app changes and recommend intelligent policies.
SR024 Cisco Cisco Secure Access The new AI Access feature set brings visibility and control for third-party AI apps.
SR025 NetBird NetBird Docs NetBird is an open-source project and can be self-hosted.
SR026 NetBird NetBird Pricing Enjoy simple, usage-based pricing: pay per active user in the cloud, or deploy on-prem for full control and flexibility
SR027 ZeroTier ZeroTier Pricing From home use to enterprise-scale, whether you have 10 devices or 10,000, we have pricing to fit your needs.
SR028 Teleport Teleport Documentation Teleport Documentation... Secure app & SSH access with no VPNs or proxies.
SR029 Teleport Teleport Pricing Teleport Community Edition is an open-source version of Teleport that is available, free of charge, to companies with less than 100 employees and less than US $10 million in revenue.
SR030 Tailscale Border0 joins Tailscale Together, we'll move faster on a modern approach to privileged access management, with less complexity and more usability.
SR031 Tailscale Border0 and Tailscale FAQ We'll bring capabilities together over time and share more details as they're ready.
SR032 BankInfoSecurity Tailscale Raises $160M to Scale AI and Enterprise Use The company got a $1.45 billion valuation... Fresh capital will give Tailscale a significantly faster route to higher revenue.
SV001 Tailscale Tailscale raises $160 Million (USD) Series C to build the New Internet Tailscale has raised $160 million USD ($230 million CAD) in our Series C.
SV002 University of Waterloo Alumni’s VPN startup secures $230M to meet AI demands Tailscale has seen a 20 per cent increase in business clients since January and year-over-year revenue growth of over 100 per cent.
SV003 BetaKit Corporate VPN startup Tailscale secures $230 million CAD Series C on back of “surprising” growth Tailscale has emerged from the capital raise with a $1.45 billion USD (approximately $2 billion CAD) post-money valuation.
SV004 BankInfoSecurity Tailscale Raises $160M to Scale AI and Enterprise Use The company got a $1.45 billion valuation, double the $780 million valuation Tailscale received in May 2022 despite more favorable economic conditions.
SV005 BetaKit Tailscale closes $128M CAD Series B to scale VPN service, amass more developer evangelists Tailscale has raised $128 million CAD ($100 million USD) to begin scaling its operations.
SV006 TechCrunch Tailscale lands $100 million to 'transform' enterprise VPNs Tailscale ... raised $100 million in a Series B round ... at an over-$1 billion valuation (in Canadian dollars, not U.S.).
SV007 Business Wire Tailscale Raises $100 Million Series B to Fix the Internet with its Zero Trust VPN for Modern DevOps Teams Tailscale announced today that it has raised $100 million in Series B financing.
SV008 GetLatka Tailscale Revenue 2025: $45.2M ARR, $1.5B Valuation Revenue, funding, team, and customer figures are presented as company-reported or GetLatka-estimated metrics where the profile data identifies them that way.
SV009 Tailscale Tailscale pricing Seat-based pricing, devices, and resources
SV010 CompaniesMarketCap Cloudflare (NET) - Market capitalization As of May 2026 Cloudflare has a market cap of $75.16 Billion USD.
SV011 CompaniesMarketCap Cloudflare (NET) - Revenue According to Cloudflare's latest financial reports the company's current revenue (TTM ) is $2.16 Billion USD.
SV012 Cloudflare Cloudflare, Inc. - Investor Relations SEC Filings
SV013 Cloudflare Cloudflare One | The agile SASE platform | Cloudflare Cloudflare One | The agile SASE platform
SV014 CompaniesMarketCap Zscaler (ZS) - Market capitalization As of May 2026 Zscaler has a market cap of $27.49 Billion USD.
SV015 CompaniesMarketCap Zscaler (ZS) - Revenue According to Zscaler's latest financial reports the company's current revenue (TTM ) is $3.00 Billion USD.
SV016 Zscaler SEC Filings | Zscaler, Inc. Filing date
SV017 Zscaler AI-Powered Zero Trust Platform | Zscaler Zero Trust Exchange The Zscaler Zero Trust Exchange™ is a comprehensive, integrated platform.
SV018 CompaniesMarketCap Palo Alto Networks (PANW) - Market capitalization As of May 2026 Palo Alto Networks has a market cap of $205.11 Billion USD.
SV019 CompaniesMarketCap Palo Alto Networks (PANW) - Revenue According to Palo Alto Networks' latest financial reports the company's current revenue (TTM ) is $9.89 Billion USD.
SV020 PR Newswire Palo Alto Networks Reports Fiscal Second Quarter 2026 Financial Results Fiscal second quarter revenue grew 15% year over year to $2.6 billion. Next-Generation Security ARR grew 33% year over year to $6.3 billion.
SV021 Palo Alto Networks Prisma SASE Achieve best-in-class security, exceptional user experience and resilient, streamlined operations with AI-powered Prisma® SASE.
SV022 CompaniesMarketCap Cisco (CSCO) - Market capitalization As of May 2026 Cisco has a market cap of $465.87 Billion USD.
SV023 CompaniesMarketCap Cisco (CSCO) - Revenue According to Cisco's latest financial reports the company's current revenue (TTM ) is $59.05 Billion USD.
SV024 Cisco Cisco Systems Inc. - Financials SEC Filings documents grouped by date, type, and description
SV025 Cisco Cisco Secure Access This cloud-delivered security service edge (SSE) solution, grounded in zero trust, provides secure, seamless access from any user or device to any application, anywhere.
SV026 Cisco Cisco Reports Third Quarter Earnings Record revenue of $15.8 billion, up 12% year over year.
SV027 Clairfield Sector report: cybersecurity - Clairfield Last year, the cybersecurity sector recorded 400 M&A deals ... Total deal value exceeded US$84 billion.
SV028 Momentum Cyber Cybersecurity Quarterly Review - Q1 2026 | Momentum Cyber Five deals accounted for 45% of total capital deployed, while median deal sizes compressed to $12M as early-stage volume balanced late-stage concentration.
SV029 Multiples.vc Cybersecurity Valuation Multiples Cloudflare ... 30.5x ... Palo Alto Networks ... 18.0x ... Zscaler ... 8.3x.
SV030 FE International How to Value a Cybersecurity Business in 2026 | FE International The answer depends on where your business sits along the maturity spectrum, how your revenue is structured, and which metrics buyers care about most.
SV031 Finro Cybersecurity Valuation Multiples Mid-2025: Benchmarks Across Security Niches | Finro Public markets, for example, are the most cautious.