Skip to content
Toolradar
Cerbos logo

Cerbos

Unclaimed

Fine-grained, contextual, and continuous authorization for enterprise software and AI systems.

Identity & AccessCompliance
Visit Website

TL;DR - Cerbos

  • Provides fine-grained, contextual authorization for enterprise software and AI.
  • Offers a complete platform with policy definition, enforcement, and centralized management.
  • Ensures compliance and reduces security risks with audit-ready logs and flexible deployment.
Pricing: Free plan available
Best for: Growing teams
4.9/5 across review platforms

Pros & Cons

Pros

  • Significantly accelerates time to market for new roles and permissions.
  • Reduces AI security risks by preventing over-permissioning and shadow access.
  • Offers substantial cost reduction by eliminating custom authorization infrastructure.
  • Provides comprehensive audit logs for compliance and visibility into security posture.
  • Supports a wide range of programming languages and deployment environments.

Cons

  • Pricing for higher tiers can be significant for large enterprises.
  • Requires integration into existing applications and infrastructure, which may involve initial setup effort.

Ratings Across the Web

4.9(6 reviews)
G24 reviews
4.9/5
Capterra2 reviews
5/5

Ratings aggregated from independent review platforms. Learn more

Preview

Key Features

Fine-grained, contextual, and continuous authorizationPolicy Decision Point (PDP) for access evaluationPolicy Enforcement Point (PEP) SDKs for in-app enforcementCerbos Hub for centralized policy management, testing, and deploymentProgrammatic policy management via CLI and APIAutomated policy validation and testingAudit-ready logs for compliance (GDPR, SOC 2, HIPAA, ISO 27001)Support for ABAC, RBAC, and PBAC authorization models

Pricing Plans

Free Trial

Open source

Free forever

  • YAML-based policy definition
  • Audit logs
  • CI/CD & IDE tooling
  • Git, Disk, Cloud or DB-based storage
  • Community support

Proof of Concept

$0/month

  • Up to 100 monthly active principals
  • 1 workspace, 2 developers
  • 2 Playgrounds
  • 2 simultaneous PDPs
  • Up to 5 custom tenants
  • 5 policy builds per week
  • 1 week of unified audit logs
  • In-browser/serverless authorization
  • Managed CI/CD pipeline
  • Community support

Development

From $25/month

  • First 100 monthly active principals included
  • 3 workspaces, 5 developers
  • Up to 5 Playgrounds
  • Up to 10 simultaneous PDPs
  • Up to 20 custom tenants
  • 100 policy builds per week
  • 3 months of unified audit logs
  • Uptime SLA
  • Live Chat support

Production

From $933/month

  • First 5000 monthly active principals included
  • Unlimited workspaces & developers
  • Unlimited Playgrounds
  • Unlimited simultaneous PDPs
  • Unlimited custom tenants
  • Unlimited policy builds per week
  • 1 year of unified audit logs
  • Uptime SLA
  • Live Chat support

Enterprise

Contact us

  • SSO support
  • Self-hosted Cerbos Hub
  • Custom audit log retention
  • Custom training support
  • Enterprise support SLA
  • Phone support
  • Quarterly training
Calculate your costView full pricing

What is Cerbos?

Editorial review
Cerbos provides an externalized authorization layer designed for enterprise software and AI. It enables organizations to enforce fine-grained, contextual, and continuous authorization across applications, APIs, AI agents, and workloads. The platform helps define, test, and iterate policies, deploy and manage them across various environments, and log and audit every access decision. Cerbos is built for engineers and leadership, offering benefits like faster time to market by instantly deploying new roles and permissions, reducing AI risk by preventing over-permissioning, and significantly cutting costs by eliminating custom authorization infrastructure. It ensures compliance with regulations like GDPR, SOC 2, HIPAA, and ISO 27001 through audit-ready logs. The platform supports various authorization models including RBAC, ABAC, and PBAC, and can be deployed in cloud, self-hosted, on-premise, or air-gapped environments. It is particularly valuable for regulated industries like fintech and for securing AI systems.
how we evaluateSourcecerbos.dev

Reviews

Be the first to review Cerbos

Your take helps the next buyer. Verified LinkedIn reviewers get a badge.

Write a review

Best Cerbos Alternatives

Top alternatives based on features, pricing, and user needs.

View full list →
Permit.io logo
Permit.ioFreemium

End-to-end authorization platform for the AI era, with no-code policy editing and GitOps.

Wiz logo
WizPaid

#1 Cloud Security Software for Modern Cloud Protection

CyberArk logo
CyberArkPaid

Secure every identity across human, machine, and AI with intelligent privilege controls.

See all Identity & Access tools →

Explore More

Best Identity & Access ToolsBest Compliance ToolsBest Free Identity & AccessBest Free Compliance

Cerbos FAQ

What is a Monthly Active Principal (MAP) and how does it affect pricing?

A Monthly Active Principal (MAP) refers to any unique user or service (human or non-human identity) that requests authorization decisions within a calendar month. Cerbos pricing is primarily based on the number of these MAPs, with different tiers offering varying allowances.

Can Cerbos Hub be self-hosted?

Yes, the Enterprise plan for Cerbos Hub offers an option for self-hosted deployment, providing greater control and customization for organizations with specific infrastructure requirements.

How does Cerbos ensure compliance with regulations like GDPR and HIPAA?

Cerbos generates detailed, audit-ready logs for every access decision, capturing requests, actions, resources, and the exact policy version used. This centralized and structured logging provides complete visibility into identity access actions, simplifying audits and ensuring compliance with regulations such as GDPR, SOC 2, HIPAA, PCI DSS, and ISO 27001.

What is the difference between Cerbos PDP and Cerbos Hub?

Cerbos PDP is the open-source authorization engine that evaluates and applies fine-grained access control policies. Cerbos Hub is the central control plane that provides complete authorization management, including policy creation, testing, deployment, and compliance visibility, working in conjunction with the PDPs deployed in your environment.

Can I integrate Cerbos with my existing Git provider and CI/CD pipeline?

Yes, Cerbos supports flexible policy delivery, allowing you to manage and deploy policies from your existing Git provider, any CI/CD pipeline, the Cerbos Hub API, or directly through the Cerbos Hub interface. It also includes automated policy validation within its CI pipeline.

Does Cerbos support authorization for AI agents and RAG systems?

Yes, Cerbos provides specific authorization capabilities for AI systems, including dynamically controlling access for AI agents to MCP server tools and maintaining data security and compliance with fine-grained authorization for RAG (Retrieval Augmented Generation) and LLMs.

Source: cerbos.dev