Cerbos
UnclaimedFine-grained, contextual, and continuous authorization for enterprise software and AI systems.
Visit WebsiteFreemiumVisit Website
TL;DR - Cerbos
- Provides fine-grained, contextual authorization for enterprise software and AI.
- Offers a complete platform with policy definition, enforcement, and centralized management.
- Ensures compliance and reduces security risks with audit-ready logs and flexible deployment.
Pricing: Free plan available
Best for: Growing teams
Pros & Cons
Pros
- Significantly accelerates time to market for new roles and permissions.
- Reduces AI security risks by preventing over-permissioning and shadow access.
- Offers substantial cost reduction by eliminating custom authorization infrastructure.
- Provides comprehensive audit logs for compliance and visibility into security posture.
- Supports a wide range of programming languages and deployment environments.
Cons
- Pricing for higher tiers can be significant for large enterprises.
- Requires integration into existing applications and infrastructure, which may involve initial setup effort.
Key Features
Fine-grained, contextual, and continuous authorizationPolicy Decision Point (PDP) for access evaluationPolicy Enforcement Point (PEP) SDKs for in-app enforcementCerbos Hub for centralized policy management, testing, and deploymentProgrammatic policy management via CLI and APIAutomated policy validation and testingAudit-ready logs for compliance (GDPR, SOC 2, HIPAA, ISO 27001)Support for ABAC, RBAC, and PBAC authorization models
Pricing Plans
Free TrialOpen source
Free forever
- YAML-based policy definition
- Audit logs
- CI/CD & IDE tooling
- Git, Disk, Cloud or DB-based storage
- Community support
Proof of Concept
$0/month
- Up to 100 monthly active principals
- 1 workspace, 2 developers
- 2 Playgrounds
- 2 simultaneous PDPs
- Up to 5 custom tenants
- 5 policy builds per week
- 1 week of unified audit logs
- In-browser/serverless authorization
- Managed CI/CD pipeline
- Community support
Development
From $25/month
- First 100 monthly active principals included
- 3 workspaces, 5 developers
- Up to 5 Playgrounds
- Up to 10 simultaneous PDPs
- Up to 20 custom tenants
- 100 policy builds per week
- 3 months of unified audit logs
- Uptime SLA
- Live Chat support
Production
From $933/month
- First 5000 monthly active principals included
- Unlimited workspaces & developers
- Unlimited Playgrounds
- Unlimited simultaneous PDPs
- Unlimited custom tenants
- Unlimited policy builds per week
- 1 year of unified audit logs
- Uptime SLA
- Live Chat support
Enterprise
Contact us
- SSO support
- Self-hosted Cerbos Hub
- Custom audit log retention
- Custom training support
- Enterprise support SLA
- Phone support
- Quarterly training
About Cerbos
By Toolradar Team·
Cerbos provides an externalized authorization layer designed for enterprise software and AI. It enables organizations to enforce fine-grained, contextual, and continuous authorization across applications, APIs, AI agents, and workloads. The platform helps define, test, and iterate policies, deploy and manage them across various environments, and log and audit every access decision.
Cerbos is built for engineers and leadership, offering benefits like faster time to market by instantly deploying new roles and permissions, reducing AI risk by preventing over-permissioning, and significantly cutting costs by eliminating custom authorization infrastructure. It ensures compliance with regulations like GDPR, SOC 2, HIPAA, and ISO 27001 through audit-ready logs. The platform supports various authorization models including RBAC, ABAC, and PBAC, and can be deployed in cloud, self-hosted, on-premise, or air-gapped environments. It is particularly valuable for regulated industries like fintech and for securing AI systems.
Reviews
No reviews yet. Be the first to review Cerbos!
Best Cerbos Alternatives
Top alternatives based on features, pricing, and user needs.
Explore More
Cerbos FAQ
What is a Monthly Active Principal (MAP) and how does it affect pricing?
A Monthly Active Principal (MAP) refers to any unique user or service (human or non-human identity) that requests authorization decisions within a calendar month. Cerbos pricing is primarily based on the number of these MAPs, with different tiers offering varying allowances.
Can Cerbos Hub be self-hosted?
Yes, the Enterprise plan for Cerbos Hub offers an option for self-hosted deployment, providing greater control and customization for organizations with specific infrastructure requirements.
How does Cerbos ensure compliance with regulations like GDPR and HIPAA?
Cerbos generates detailed, audit-ready logs for every access decision, capturing requests, actions, resources, and the exact policy version used. This centralized and structured logging provides complete visibility into identity access actions, simplifying audits and ensuring compliance with regulations such as GDPR, SOC 2, HIPAA, PCI DSS, and ISO 27001.
What is the difference between Cerbos PDP and Cerbos Hub?
Cerbos PDP is the open-source authorization engine that evaluates and applies fine-grained access control policies. Cerbos Hub is the central control plane that provides complete authorization management, including policy creation, testing, deployment, and compliance visibility, working in conjunction with the PDPs deployed in your environment.
Can I integrate Cerbos with my existing Git provider and CI/CD pipeline?
Yes, Cerbos supports flexible policy delivery, allowing you to manage and deploy policies from your existing Git provider, any CI/CD pipeline, the Cerbos Hub API, or directly through the Cerbos Hub interface. It also includes automated policy validation within its CI pipeline.
Does Cerbos support authorization for AI agents and RAG systems?
Yes, Cerbos provides specific authorization capabilities for AI systems, including dynamically controlling access for AI agents to MCP server tools and maintaining data security and compliance with fine-grained authorization for RAG (Retrieval Augmented Generation) and LLMs.
Source: cerbos.dev