Cerbera AI
Introduction
Cerbera AI gives security teams visibility and control over how AI is used inside the organization. It is a lightweight local proxy deployed through your MDM that inspects traffic to AI tools, no matter where it originates: a browser tab on ChatGPT, a desktop app like Claude, a coding agent like Claude Code, or an MCP server running locally.
Because it sits in the request path, Cerbera AI covers the entire AI attack surface on a device, not just one channel. The same deployment monitors browser assistants, desktop clients, local agents, and MCP usage from a single proxy.
Why a Proxy?
Most existing tools only see part of the picture:
- EDR watches system calls. It can flag when an agent launches
ssh, but it cannot read the prompt being sent to ChatGPT or decide whether a network call should be blocked. - Firewalls and SWGs inspect network traffic but are not designed to understand AI-specific behavior, prompts, or MCP tool calls.
Cerbera AI is purpose-built for AI workloads. It sees prompts and responses, can redact secrets before they leave the device, and can block specific AI behaviors, across both the browser and local applications at once.
How It Works
The local proxy, TLS interception, offline mode, and performance
Deployment
One-click rollout via Jamf, Intune, and other MDMs
AI Discovery
Inventory the AI tools, models, and agents in use
Rules
Monitor, redact, or block with a firewall-style rule catalog
Agent Controls
Block risky agent behavior and personal account usage
Privacy
Privacy-by-design: metrics only by default
What Cerbera AI Covers
| Channel | Examples |
|---|---|
| Browser LLMs | ChatGPT, Claude, Gemini in the browser |
| Desktop apps | Claude desktop, Claude Cowork |
| Local agents and CLIs | Claude Code, Hermes, OpenClaw, and other coding agents |
| MCP servers | Official and third-party MCP servers connected to AI clients |
The one thing a network proxy cannot see is purely in-cloud context, for example instructions hidden inside a Notion page that Notion AI reads server-side. These edge cases aside, anything that leaves the device on its way to an AI provider passes through Cerbera AI.
The Managed Model
Cerbera AI is designed to add as little operational load to your team as possible. AI moves fast, and maintaining detection rules for every new tool is a full-time job. So Cerbera runs it as a managed service:
- We maintain the catalog of AI tools, models, agents, and MCP servers we can detect.
- We propose rules from a standard catalog and update them as new tools appear (for example a new agent like OpenClaw or Hermes).
- We pair you with a forward-deployed security engineer who tailors the rule set to your environment, watches your alerts over a shared Slack channel, and flags anything suspicious.
- You keep full control to configure your own rules and approve what we suggest.
This mirrors how an MSSP or SOC operates. Patterns we learn from one environment inform the rule catalog for everyone, anonymously. No customer data is shared between clients, and no model is trained on your traffic.
Getting Started
Deploy the proxy
Roll out the Cerbera proxy through your MDM. See Deployment.
Discover usage
Run in monitor-only mode to inventory which AI tools and MCP servers are in use. See AI Discovery.
Define rules
Translate your policies into monitor, redact, or block rules. See Rules.
Harden gradually
Tighten controls over time and automate remediation. See Exceptions & Remediation.
Availability
Cerbera AI is in active development and offered to design partners. Some capabilities are live today and others are on the roadmap.
| Capability | Status |
|---|---|
| AI tool and agent discovery | Available |
| Monitor / redact / block rules | Available |
| MCP governance | Available |
| Privacy controls and local logging | Available |
| OpenTelemetry export to SIEM | Available |
| Prompt-injection detection | Roadmap |
| Token usage per seat | Roadmap (approximate) |
| Webhooks | Roadmap |
| Infrastructure-as-code configuration | Roadmap |
| Self-service exception workflow | Roadmap |