AI TOOL PROFILE

Cerbos: Enterprise Authorization Software

Cerbos helps software companies and enterprise teams manage access controls. It is designed for organizations that want to decouple authorization logic from their core application code.

Pricing

Cerbos offers a free open-source version. The Development plan starts at $25/month, and Production plans start from $933/month. Custom pricing is available for Enterprise needs.

At a glance

Best for
Software companies, Enterprise companies, Security and engineering teams, Companies building AI-powered applications
Key use cases
SaaS Multi-tenant Access Control, AI Agent Security, MCP Server Protection, Non-Human Identity (NHI) Authorization, Compliance Support
Integrations
GitHub Actions, Git providers, CI/CD tools
Visit cerboscerbos software interface screenshot

How AI is used

Cerbos is an authorization platform for Zero Trust environments and AI-powered systems. It allows teams to externalize access control logic, managing permissions as policies rather than hard-coding them into application software.

The tool is designed for software companies and enterprise-scale organizations managing complex user roles and non-human identities. It supports authorization models including RBAC, ABAC, and PBAC to help maintain a principle of least privilege.

Beyond standard application permissions, the software supports security for AI agents, RAG pipelines, and MCP servers. It is designed for high performance with decision times under 1 millisecond to help maintain application speed while enforcing security.

Buyers should verify that their technical team is comfortable with a policy-as-code workflow and confirm that the available SDKs for their programming languages meet their architectural requirements.

Key Features

  • Policy Decision Point (PDP)

    An open-source engine that evaluates access requests against defined policies to return authorization decisions.

  • Cerbos Hub

    A central control plane for authoring, testing, versioning, and distributing authorization policies.

  • Fine-Grained Access Control

    Supports RBAC, ABAC, and PBAC models to define permissions based on user attributes and context.

  • Cerbos Synapse

    A data layer that fetches identity and relationship data from external systems to enrich authorization requests.

  • Multi-Language SDKs

    Client libraries for JavaScript, Python, Java, .NET, PHP, Rust, Go, and Ruby.

  • Audit Logs

    Records of authorization decisions to support compliance and visibility.

Use Cases

  • SaaS Multi-tenant Access Control

    Managing isolated environments and per-tenant custom policies for multi-tenant software offerings.

  • AI Agent Security

    Implementing authorization for AI agents and agentic workflows to help prevent over-permissioning.

  • MCP Server Protection

    Applying dynamic authorization and access control for Model Context Protocol (MCP) servers.

  • Non-Human Identity (NHI) Authorization

    Securing access for workloads, services, and API clients.

  • Compliance Support

    Using decision logging to support audits for GDPR, SOC 2, HIPAA, and ISO 27001.

Integrations

  • GitHub Actions
  • Git providers
  • CI/CD tools

FAQ

What is a 'principal' in Cerbos pricing?

A principal is a unique identity requiring an authorization decision during a month, which can be either a human user or a non-human identity like a bot or service.

Does Cerbos support on-premise deployment?

Yes, Cerbos supports on-premise, air-gapped, and cloud deployments.

Which authorization models does Cerbos support?

Cerbos supports Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Policy-Based Access Control (PBAC).

How does Cerbos handle AI system security?

It provides contextual access control for AI agents, RAG pipelines, and MCP servers to help manage permissions and prevent shadow access.

Source category: Security

Source subcategory: Identity & Access Management

More tools in Security

Other published listings in the Security category.

Browse all tools in Security

More tools in the Identity and Access Management software type

Related listings that share the same software type for comparison and shortlisting.

Browse all Identity and Access Management software type tools