Securing Agents

Different types of AI agents require different security approaches. This page maps each agent category to the right Highflame integration path and links to the detailed documentation for each.

Choosing your path

Agent type

Deployment model

Integration

Custom agents — new builds

In-code, per-step control

Highflame SDK

Custom agents — existing traffic

Centralized proxy, no code changes

Agent Gateway

Code agents (Cursor, Claude Code)

Local daemon, IDE hooks

Code Agents

Browser agents (ChatGPT, Gemini, Copilot.ai)

Managed browser extension

Browser Security

Third-party / uncontrolled agents

Network-layer via Tailscale Aperture

Tailscale

These are complementary. Most enterprise deployments use more than one: the Gateway for custom agent traffic, Code Agents for developer workstations, Browser Security for employee AI usage, and Tailscale Aperture for any third-party systems that fall outside those categories.

PreviousQuick Start NextCustom Agents

Last updated 6 days ago