Skip to main content

Cerbera AI

Introduction

Cerbera AI gives security teams visibility and control over how AI is used inside the organization. It is a lightweight local proxy deployed through your MDM that inspects traffic to AI tools, no matter where it originates: a browser tab on ChatGPT, a desktop app like Claude, a coding agent like Claude Code, or an MCP server running locally.

Because it sits in the request path, Cerbera AI covers the entire AI attack surface on a device, not just one channel. The same deployment monitors browser assistants, desktop clients, local agents, and MCP usage from a single proxy.

Why a Proxy?

Most existing tools only see part of the picture:

  • EDR watches system calls. It can flag when an agent launches ssh, but it cannot read the prompt being sent to ChatGPT or decide whether a network call should be blocked.
  • Firewalls and SWGs inspect network traffic but are not designed to understand AI-specific behavior, prompts, or MCP tool calls.

Cerbera AI is purpose-built for AI workloads. It sees prompts and responses, can redact secrets before they leave the device, and can block specific AI behaviors, across both the browser and local applications at once.

What Cerbera AI Covers

ChannelExamples
Browser LLMsChatGPT, Claude, Gemini in the browser
Desktop appsClaude desktop, Claude Cowork
Local agents and CLIsClaude Code, Hermes, OpenClaw, and other coding agents
MCP serversOfficial and third-party MCP servers connected to AI clients

The one thing a network proxy cannot see is purely in-cloud context, for example instructions hidden inside a Notion page that Notion AI reads server-side. These edge cases aside, anything that leaves the device on its way to an AI provider passes through Cerbera AI.

The Managed Model

Cerbera AI is designed to add as little operational load to your team as possible. AI moves fast, and maintaining detection rules for every new tool is a full-time job. So Cerbera runs it as a managed service:

  • We maintain the catalog of AI tools, models, agents, and MCP servers we can detect.
  • We propose rules from a standard catalog and update them as new tools appear (for example a new agent like OpenClaw or Hermes).
  • We pair you with a forward-deployed security engineer who tailors the rule set to your environment, watches your alerts over a shared Slack channel, and flags anything suspicious.
  • You keep full control to configure your own rules and approve what we suggest.

This mirrors how an MSSP or SOC operates. Patterns we learn from one environment inform the rule catalog for everyone, anonymously. No customer data is shared between clients, and no model is trained on your traffic.

Getting Started

  1. Deploy the proxy

    Roll out the Cerbera proxy through your MDM. See Deployment.

  2. Discover usage

    Run in monitor-only mode to inventory which AI tools and MCP servers are in use. See AI Discovery.

  3. Define rules

    Translate your policies into monitor, redact, or block rules. See Rules.

  4. Harden gradually

    Tighten controls over time and automate remediation. See Exceptions & Remediation.

Availability

Cerbera AI is in active development and offered to design partners. Some capabilities are live today and others are on the roadmap.

CapabilityStatus
AI tool and agent discoveryAvailable
Monitor / redact / block rulesAvailable
MCP governanceAvailable
Privacy controls and local loggingAvailable
OpenTelemetry export to SIEMAvailable
Prompt-injection detectionRoadmap
Token usage per seatRoadmap (approximate)
WebhooksRoadmap
Infrastructure-as-code configurationRoadmap
Self-service exception workflowRoadmap

Next Steps