LayerV is a preemptive cybersecurity platform that makes infrastructure invisible to attackers. We implement the OpenNHP (Network Hiding Protocol) standard from the Cloud Security Alliance. Instead of detecting attacks after they start, we prevent them by eliminating the attack surface entirely.

How does LayerV work?

LayerV uses a 5-step authentication flow: (1) Knock - encrypted request sent, (2) Verify - identity and policy validated, (3) Grant - temporary tunnel opened, (4) Connect - resource visible only to authenticated user, (5) Audit - access logged. Protected resources have zero network presence until authentication succeeds.

No. VPNs encrypt traffic but servers remain visible and scannable. LayerV makes servers completely invisible - they have zero network presence until authentication succeeds. This is a fundamentally different approach called Network Hiding.

LayerV is generally available. Free tier includes 500 QURLs/month for developers. Enterprise plans with custom SLAs are available. Try the interactive playground at layerv.ai/qurl/playground — no signup required.

What identity providers does LayerV support?

LayerV integrates with major identity providers including Okta, Azure AD (Entra ID), Google Workspace, Auth0, and Ping Identity. Any OIDC or SAML-compatible provider can be integrated.

QURL stands for Quantum URL. It is a cryptographic, time-limited access link that hides a server's real address behind identity verification. QURLs are single-use credentials that self-destruct after access or expiration — eliminating persistent URLs that can be scraped, shared, or replayed. Try the interactive QURL Playground at layerv.ai/qurl/playground.

← All Comparisons

LayerV vs Tailscale

Infrastructure Hiding vs Device Mesh Networking

Tailscale creates a WireGuard-based mesh VPN between devices, making it easy to connect to resources as if they were on a local network. LayerV makes infrastructure invisible at the network layer. These are complementary tools that solve different problems — Tailscale connects devices, LayerV hides infrastructure.

Architectural Difference

Tailscale creates a peer-to-peer WireGuard mesh between enrolled devices. Each device gets a stable IP on the Tailscale network (100.x.x.x), and traffic between devices is encrypted end-to-end. Tailscale's coordination server handles key exchange and NAT traversal, while DERP relay servers handle traffic when direct connections aren't possible. Tailscale is excellent for what it does — device connectivity. However, Tailscale nodes have network presence on their local networks. The coordination server knows about all devices. And the security model is device-centric rather than resource-centric. LayerV operates at a different level. Instead of connecting devices to each other, LayerV hides infrastructure from the network entirely. Protected resources have zero network presence — they're invisible to port scanners, vulnerability scanners, and attackers. Access is granted per-resource, per-session, through ephemeral QURLs.

Feature Comparison

Feature	LayerV	Tailscale
Primary purpose	Make infrastructure invisible	Connect devices in an encrypted mesh
Network model	Per-resource hiding with ephemeral access	Persistent device mesh with stable IPs
Network presence	Zero — protected infrastructure is invisible	Nodes have presence on local networks and Tailscale network
Access granularity	Per-resource, per-session, time-limited	Per-device ACLs with persistent access
Agent requirement	Agentless for web apps (proxy mode), optional agent for SSH/non-HTTP	Requires Tailscale client on every device
Protocol	OpenNHP with Single Packet Authorization	WireGuard
IdP integration	Native Okta, Azure AD, OIDC/SAML	SSO via OIDC providers
Lateral movement risk	None — each access is isolated	Possible within authorized ACL scope

When to Choose

Choose Tailscale

Choose Tailscale for device-to-device connectivity. It excels at connecting laptops, servers, and cloud VMs into a private network. If you need SSH access between devices, file sharing, or a simple way to access services across locations, Tailscale is excellent. It's also great for personal use and small teams.

Choose LayerV

Choose LayerV when infrastructure should not have network presence. If you need to hide admin panels, APIs, staging environments, or cloud resources from the internet, LayerV is purpose-built for this. LayerV is also better for use cases requiring per-resource, time-limited access with automatic expiration — there's no concept of persistent network access.

Frequently Asked Questions

Can I use LayerV and Tailscale together?

Absolutely. They're complementary. Use Tailscale for device mesh connectivity (SSH between machines, accessing development services) and LayerV for hiding production infrastructure that should have zero network presence. Many organizations use a mesh VPN for internal connectivity and a hiding layer for externally-facing or sensitive infrastructure.

Does Tailscale hide infrastructure like LayerV?

No. Tailscale encrypts traffic and provides private IPs, but devices still have network presence. A Tailscale node responds to traffic on its local network and on the Tailscale network. LayerV-protected resources have zero network presence — they respond to nothing until cryptographic authentication succeeds.

Is LayerV a VPN like Tailscale?

No. LayerV is a network hiding platform, not a VPN. VPNs (including mesh VPNs like Tailscale) encrypt traffic between endpoints that have network presence. LayerV makes endpoints invisible — there's nothing to connect to until authentication succeeds.

See LayerV in Action

Try the QURL Playground — no signup required.

Try the Playground Sign Up Free