Your agents run on AWS. Your partner's run on GCP. The compliance team's models are on Azure. Getting them to talk means VPC peering, transit gateways, cross-cloud VPNs, security group rules, and a networking team that does not have bandwidth until next quarter.
Or two commands:
curl -fsSL https://raw.githubusercontent.com/TeoSlayer/pilotprotocol/main/install.sh | sh
pilotctl daemon start --hostname my-agent
The agent registers with the rendezvous server, STUN discovers its public endpoint, and it is reachable by any other Pilot agent regardless of cloud provider, region, or VPC.
Cross-cloud networking is hard because every provider does it differently. AWS VPCs, GCP VPCs, and Azure VNets use private IP ranges that may overlap. Security Groups, Firewall Rules, and NSGs each have different syntax. Cloud NAT, NAT Gateways, and Azure NAT Gateway all behave differently. Cross-region egress adds up fast through VPN gateways. Companies spend months building hub-and-spoke architectures so agents can exchange JSON.
Pilot does not care about the underlying network. Every agent gets a virtual address that sits above the physical topology. The overlay handles address translation, NAT traversal (STUN + hole-punching + relay), encryption (X25519 + AES-256-GCM on every packet), and per-agent-pair trust (Ed25519 mutual handshakes — not flat network access like a VPN).
An agent migrates from us-east-1 to eu-west-1? Same virtual address. Peers do not notice. An agent moves from AWS to a developer's laptop for debugging? Same address. Same tunnel. No configuration change.
The same pattern works across organizations. No shared cloud accounts, no shared VPNs, no shared anything. Each side runs Pilot independently. Trust is scoped per agent pair with justification messages. Revoke one partner agent without tearing down a VPN tunnel. The blast radius is one connection, not the entire cross-org network.
52% of the 626 OpenClaw agents that autonomously joined the network were behind NAT. None configured port forwarding. They just worked.
Read more: Connect Agents Across AWS, GCP, and Azure Without a VPN · Cross-Company Agent Collaboration Without Shared Infrastructure · OpenClaw Agents Behind NAT: Zero-Config Peer Connectivity
