
NetBird v0.74 is here: Agent Network, keyless AI provider access tied to your identity provider
If you manage AI access for your team you’ve probably handed out plenty API tokens to individuals or a key for an entire team. That key gets copied into agents, scripts, and .env files. Someone leaves, who knows what they did with the keys. It's the same mess we all lived through with SSH keys for years: shared, copied onto machines by hand, and never revoked when people move on.
A lot of customers had started using an AI gateway with their stack and tried to come up with their own solution to wire it back into their identity provider. One night, after a customer call, Misha (our CEO) and Maycon (our CTO) realized the reverse proxy we already shipped was, with a few tweaks, already most of an AI gateway. So we didn't build some giant new AI platform. We wrapped what was already there.
Checkout the release here: https://github.com/netbirdio/netbird/releases/tag/v0.74.0
That's NetBird Agent Network. Any person or agent can use any AI provider without ever holding a key. NetBird holds the provider key server-side, injects it per request, and ties every call to a real identity from your IdP (Okta, Entra ID, Google, and others). And all it requires for the end user is a gateway url and the NetBird client running in the background. The tunnel is the credential. No tunnel, no access, same rule you already know. It allows you to securely route agents to any major AI provider or local model, while simultaneously controlling agent access to internal network resources like databases and APIs. With centralized guardrails such as budget caps, model allowlists, and PII redaction, you maintain complete visibility and control through detailed per-request audit logs, making it simple to manage access and security without the headache of rotating keys.
It's open source and self-hostable. You can test out the Agent Network using this one-liner:
curl -fsSL https://pkgs.netbird.io/getting-started.sh | NETBIRD_AGENT_NETWORK_ONLY=true bash
Already running NetBird?
You don't redeploy anything. It ships in the same backend, so you flip one environment variable and it shows up in the left menu next to the reverse proxy. Set NETBIRD_AGENT_NETWORK_ENABLED=true to turn it on next to everything else, or NETBIRD_AGENT_NETWORK_ONLY=true if you'd rather have the stripped-down, Agent-Network-only dashboard instead.
Don't want it at all? There's nothing to do, leave both unset and it stays off. The command above is really just the fast path for people coming purely for the LLM and agentic-access use case, we did this to prevent people coming for the Agent Network getting overwhelmed with our platform.
We'd love feedback!
- Overview: https://docs.netbird.io/agent-network
- Quickstart: https://docs.netbird.io/agent-network/quickstart
- Interview with Misha: https://youtu.be/IFT-nTyLDro
- Demo video: https://www.youtube.com/watch?v=oqkcFI_3WAU
- Release Article: https://netbird.io/knowledge-hub/netbird-agent-network