Beams runs each agent in an isolated Firecracker VM with built-in identity.
Connected to your infrastructure and inference services — no secrets, no IAM wrestling.
Connects agents to inference endpoints without secrets. Start coding now, bring your own inference later.
Check out the repo, spin up Claude, and test against staging or production without exposing secrets.
Run agentic jobs against real infrastructure in an isolated VM. Zero risk of credential leakage.
Security and IAM are the main adoption blockers for running agents in production. Launching agents today means stitching together IAM, infra, and secrets by hand.
Today, agents impersonate users and services with unchecked permissions and access to API keys and secrets.
Today's tooling are not equipped to audit agent activity and access to infrastructure without the extra hassle.
Teams end up needing to build their own container or VM workflows to run agents securely across their infrastructure.
Beams start with limited access to OpenAI and Anthropic subscriptions and let you integrate your own inference endpoints.
Full control over access to internet services and internal services via API or CLI. Nothing is open unless you explicitly allow it.
Cap beam count and shared inference usage. All beams expire with the user session, roughly 24 hours. No runaway agents.
Ephemeral, isolated runtimes built for agentic workloads. Fast to start, locked down by default, and wired with identity connected to your infrastructure and audit trails.
When you run tsh beams add, Teleport provisions an isolated VM, injects an identity certificate, and opens a VNet tunnel — all before your agent executes its first line.
tsh beams exec 'python agent.py'
python agent.py
From internal agents to ephemeral jobs, Beams keeps the environment secure and auditable.
Drop a simple agent into a beam, let Teleport handle access to internal services and OpenAI and Anthropic inference endpoints with audit and access control.
# Launch ephemeral Firecracker VM, deploy agent $ tsh beams add ray1 $ tsh scp agents.py ray1:/mnt $ tsh beams exec ray1 -- python /mnt/agents.py
Check out the repo, spin up Claude skills, and test against staging or production without exposing secrets.
# Create a named beam running in background $ tsh beams add ray1 # Clone repo inside the isolated VM $ tsh beams exec ray1 -- git clone github.com/org/repo # Spin up Claude, write some code $ tsh beams run ray1 claude init
Run ephemeral agentic jobs against real infrastructure in an isolated VM. Full access to services, zero risk of credential leakage.
# Spin up a sandboxed agent environment $ tsh beams add agent-runner $ tsh beams exec agent-runner -- git clone github.com/org/repo $ tsh beams exec agent-runner -- make agent-task Job completed. Beam "agent-runner" will be garbage collected.
Join the early cohort and shape how secure agent runtimes should work.
We'll email you when your access is ready. Free beta, no credit card required.