Skip to main content

Rules

A Firewall for AI

Cerbera AI works like a firewall. There is a catalog of standard rules that reflects what is common across most organizations, and you can write your own. Each rule defines where it applies (which devices, which models, which behavior to match) and what action to take when it matches.

Because the rules are signature-based rather than predictive, they are fast and run reliably on any device, including older fleets. See How It Works for the performance characteristics.

The Three Actions

ActionWhat happensEffect on the user
MonitorThe match is logged. Nothing is changed or stopped.None. Silent.
RedactSensitive data is stripped from the request before it reaches the provider.Usually none. The workflow continues.
BlockThe request is stopped.A pop-up explains what was intercepted and why.

Monitor

The starting point for every deployment. Rules log matches without changing anything, so you can learn usage and tune policy with zero user impact.

Redact

When a request contains secrets such as API keys, AWS keys, tokens, or PII, Cerbera redacts them before the request leaves the device, so they are never sent to Anthropic, OpenAI, or any other provider. Redaction rarely interrupts the workflow, because for most workflows sending the key to the provider was not actually necessary. The benefit is that you avoid exposing credentials you would then have to rotate.

Block

The request is stopped and the user sees a pop-up explaining what happened at the moment the request was intercepted. Blocking is how you enforce hard limits, for example disallowing a specific model or a risky agent behavior.

Rule Templates

Most rules start from a template, so you do not have to know the exact API of each tool. Rather than writing out the ChatGPT endpoint by hand, you pick the ChatGPT template. Templates are predefined and kept current by Cerbera.

You can also write fully custom rules. A rule can match any domain, so you could, for example, block an arbitrary site the same way you block an AI tool.

What a Rule Can Match

A rule can be scoped along several dimensions:

  • Where it applies, for example specific device groups.
  • Which model or tool it targets.
  • Which behavior to match, such as a particular agent action or a class of secret.
  • Which action to take: monitor, redact, or block.

How Rules Reach the Device

You define rules in the Cerbera cloud. The local agent pulls them periodically, verifies their signature, and applies them. This means enforcement keeps working offline and rules cannot be silently tampered with. See How It Works.

The Managed Catalog

Maintaining rules for a fast-moving ecosystem is exactly the work Cerbera takes on for you. We keep the catalog current, propose new rules when a new tool or risky pattern appears, and tell you what we found and what we recommend. You approve, we implement. The goal is that you fine-tune for your specifics rather than maintain the base from scratch.

tip

Start every rule in monitor, confirm it matches what you expect, then promote it to redact or block. This mirrors a safe firewall rollout and avoids surprising users.

Export to Your SIEM

Every rule match is also available in OpenTelemetry format, so alerts and logs can flow into your SIEM and the tools where they make the most sense, instead of living only in the Cerbera app. See Exceptions & Remediation for downstream workflows.

Next Steps