What is NetBird Agent Network?
Updated
Agent Network is currently in Beta. It is open source and can be self-hosted on your own infrastructure.
As AI spreads across organizations, humans, agents, tools, and workflows need access to LLM APIs and internal systems. Too often, that access relies on shared API keys and broad network paths, creating credential sprawl, weak identity, poor visibility, and limited control over cost, usage, and what each agent can reach. It echoes how SSH keys are still managed in many places: shared, copied onto machines by hand, and never revoked when people move on.
Agent Network is NetBird's access control layer for AI agents and the people who run them. It gives every agent a real identity, tied to an identity provider (IdP), and governs what it can reach: LLM APIs and AI gateways it can call, and the internal resources it can access. Traffic flows only over the encrypted NetBird tunnel, scoped by policy, with no API keys or other credentials to leak.
The NetBird Control Center below captures it in essence: the agents on the left reach the internal databases, servers, and LLM APIs on the right, only where the policies in the middle allow it.

Two Use Cases
Agent Network is built on NetBird’s overlay network and reverse-proxy capabilities, giving any AI agent secure access to LLM APIs and private resources. It works with human-in-the-loop tools like Claude Code and Codex, as well as fully autonomous workloads running on VMs, Mac minis, or other infrastructure. Below are two specific use cases where Agent Network fits naturally.
Keyless Access to LLM APIs for Cost Control and Auditing
Your agents reach OpenAI, Anthropic, and AI gateways through a single endpoint that's only reachable over the end-to-end encrypted tunnel. There is no need to store or share API keys or other credentials. NetBird holds the provider API key server-side, so it never reaches the caller, and every request is tied to a real identity from your identity provider like Okta, Microsoft Entra ID, Google, and others. That lets you apply per-identity policies, token and cost limits, model guardrails, and full audit logs to outbound LLM traffic.

Agentic Access to Internal Resources and Local Models
Similarly, agents can securely reach internal resources such as databases, APIs, and private services that are not exposed to the internet. This also covers private models served by Ollama, vLLM, or GPU clusters, giving agents secure access over the same tunnel without public exposure.
NetBird’s overlay network traverses firewalls and works across datacenters and cloud environments without opening ports, configuring security groups, or changing network topology. Each agent connects with its own identity, and access policies define exactly which resources it can reach, just like any other NetBird peer in the network.

How NetBird Fits in Your Enterprise IT Stack
It’s common for organizations to rely on a centralized identity provider like Okta, Microsoft Entra ID, Google, or others. It’s also common for IT teams to manage access to internal resources while keeping costs under control.
Traditionally, IT has done this through the internal network, using ZTNA or VPNs to give employees access to databases, web servers, internal APIs, and other private services.
AI agents should be treated the same way: as another entity accessing the network. They need secure access to internal resources, and modern enterprise resources now include LLMs and API endpoints alongside traditional infrastructure. That makes agent access a natural responsibility for IT.
Because NetBird connects seamlessly with existing identity providers, IT teams can integrate NetBird Agent Network into their enterprise stack with minimal changes.
Next steps
- Quickstart. Deploy NetBird Agent Network and make your first routed LLM call.
- How Agent Network Works. Understand the core concepts and architecture of Agent Network.

