Cerbos: Enterprise Authorization Software
Cerbos helps software companies and enterprise teams manage access controls. It is designed for organizations that want to decouple authorization logic from their core application code.
At a glance
- Category
- Security
- Best for
- Software companies, Enterprise companies, Security and engineering teams, Companies building AI-powered applications
- Pricing
- Cerbos offers a free open-source version. The Development plan starts at $25/month, and Production plans start from $933/month. Custom pricing is available for Enterprise needs.
- Key use cases
- SaaS Multi-tenant Access Control, AI Agent Security, MCP Server Protection, Non-Human Identity (NHI) Authorization, Compliance Support
- Integrations
- GitHub Actions, Git providers, CI/CD tools
- Official website
- cerbos.dev
Cerbos is an authorization platform for Zero Trust environments and AI-powered systems. It allows teams to externalize access control logic, managing permissions as policies rather than hard-coding them into application software.
The tool is designed for software companies and enterprise-scale organizations managing complex user roles and non-human identities. It supports authorization models including RBAC, ABAC, and PBAC to help maintain a principle of least privilege.
Beyond standard application permissions, the software supports security for AI agents, RAG pipelines, and MCP servers. It is designed for high performance with decision times under 1 millisecond to help maintain application speed while enforcing security.
Buyers should verify that their technical team is comfortable with a policy-as-code workflow and confirm that the available SDKs for their programming languages meet their architectural requirements.
Key Features
An open-source engine that evaluates access requests against defined policies to return authorization decisions.
A central control plane for authoring, testing, versioning, and distributing authorization policies.
Supports RBAC, ABAC, and PBAC models to define permissions based on user attributes and context.
A data layer that fetches identity and relationship data from external systems to enrich authorization requests.
Client libraries for JavaScript, Python, Java, .NET, PHP, Rust, Go, and Ruby.
Records of authorization decisions to support compliance and visibility.
Use Cases
Managing isolated environments and per-tenant custom policies for multi-tenant software offerings.
Implementing authorization for AI agents and agentic workflows to help prevent over-permissioning.
Applying dynamic authorization and access control for Model Context Protocol (MCP) servers.
Securing access for workloads, services, and API clients.
Using decision logging to support audits for GDPR, SOC 2, HIPAA, and ISO 27001.
Best For
Integrations
Pricing
Cerbos offers a free open-source version. The Development plan starts at $25/month, and Production plans start from $933/month. Custom pricing is available for Enterprise needs.
FAQ
A principal is a unique identity requiring an authorization decision during a month, which can be either a human user or a non-human identity like a bot or service.
Yes, Cerbos supports on-premise, air-gapped, and cloud deployments.
Cerbos supports Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Policy-Based Access Control (PBAC).
It provides contextual access control for AI agents, RAG pipelines, and MCP servers to help manage permissions and prevent shadow access.
Source category: Security
Source subcategory: Identity & Access Management
