Skip to main content

Dashboards & Alerts

Overview

Dashboards and alerts are where the proxy's visibility surfaces. After deployment, Cerbera AI gives you a fleet-wide view of AI usage, the ability to drill into any individual user or agent, and a stream of alerts produced by your rules. What each alert contains is governed by your privacy settings, so visibility never comes at the cost of employee trust.

Fleet Dashboard

The top-level dashboard answers "what AI is happening across the organization?" at a glance:

MetricDescription
AI tools detectedUnique AI tools, agents, and models observed across the fleet
MCP servers detectedUnique MCP servers connected by employees
Security issuesToken exposure, personal accounts, risky agent behavior, and other flagged findings
Active usersUsers with at least one AI interaction
AlertsRule matches over the selected period, by action and severity

From here you can filter by tool, user, device, or time, and pivot into the detail views below.

Per-User View

For any employee, Cerbera AI shows the AI tools and agents they use, the MCP servers they connect to, and every alert raised for them. This is how you answer questions like "who is using personal accounts on Claude Code?" or "which users connected to an unapproved MCP server?"

Per-Agent View

The per-agent view focuses on how a given agent (for example Claude Code) is configured and behaving across the fleet:

  • Whether it uses enterprise or personal accounts
  • Whether it has attempted risky actions such as SSH commands or .env access
  • Which MCP servers it connects to and whether tokens are exposed

See Agent Controls for the behaviors these views surface.

Alert Types

Alerts fall into a few broad categories:

Usage alerts

A user or device used a particular AI tool, model, or MCP server. The foundation of discovery and the lightest-touch signal.

Configuration issues

Risky setup detected, such as a personal (non-enterprise) account, an exposed token on an MCP server, or access to SSH keys.

Redaction events

A rule redacted sensitive data (an API key, an AWS key, PII) from a request before it left the device. The workflow continued; the secret did not leave.

Policy violations

A block rule matched and stopped a request. The user saw a pop-up explaining why and can request an exception.

What an Alert Contains

By default an alert records only that a rule matched, for which user, at what time. Logging the request body is optional and governed by your privacy settings:

ModeWhat the alert carries
Alert only (default)Rule, user, timestamp. No prompt body, no response.
Body logged locallyStays on the user's device; retrievable by the user via an identifier.
Body logged to CerberaRequest body attaches to the alert; requires a deliberate double opt-in.

See Privacy for how these modes are configured and audited.

AI Usage Analytics

Beyond individual alerts, Cerbera AI can show aggregate usage: which classes of tool are used and in what proportion. This is deliberately sensitive territory. The goal is security insight, not monitoring individuals, so analytics respect the same privacy framework and the boundaries you set with your works council. Token figures, where shown, are rough fleet-level orders of magnitude (see Privacy).

Export

Every alert and rule match is available in OpenTelemetry format, so dashboards do not have to be the only place you consume this data. Stream alerts into your SIEM and existing workflows. See Openness & Interoperability.

Next Steps