Skip to main content

Core Concepts

Architecture

Cerbera AI is a lightweight local proxy deployed to each device through your MDM. All traffic from a device to AI tools, whether from a browser, a desktop app, or a local agent, passes through the proxy before it reaches the provider. That is where discovery, monitoring, redaction, and blocking happen.

Rules are defined centrally in the Cerbera cloud, signed, and pulled by the agent, which keeps enforcement working even offline. For the full picture, see How It Works.

Workspaces

A Workspace represents a single organization in Cerbera. For Cerbera AI, a workspace contains:

  • The fleet of devices running the proxy
  • The inventory of AI tools, models, agents, and MCP servers discovered
  • The rule catalog and default policies
  • Alerts and activity, and the privacy settings that govern what is collected

Core Concepts

The Proxy

A lightweight local program installed via MDM. It performs TLS interception with a per-device certificate (Cerbera holds no root CA) so it can inspect encrypted AI traffic. Median latency is under a millisecond, so it is transparent in normal use.

AI Discovery

The inventory of AI in use across the fleet: browser assistants, desktop apps, coding agents and CLIs, the underlying models, and MCP servers. Cerbera maintains the catalog of what can be detected and keeps it current as new tools appear.

Rules & Actions

A firewall-style catalog of rules, plus custom rules. Each rule matches on scope (devices, model, behavior) and takes one of three actions: monitor (log only), redact (redact secrets before they leave the device), or block (stop the request and show the user why).

Agent Controls

Behavior-based rules for AI agents: blocking SSH commands or .env access, flagging intrusive clients, and detecting personal (non-enterprise) account usage on tools like Claude and ChatGPT.

MCP Governance

Discovery and policy for the Model Context Protocol: which MCP servers employees connect to, whether they expose tokens, and allow or block rules by transport and parameters.

Alerts & Activity

What a rule produces when it matches. By default an alert records only that a rule matched, for which user, at what time. Optional logging of the request body is governed by the privacy model. See Dashboards & Alerts.

Privacy Model

Privacy by design. By default only metrics reach Cerbera. Logging prompts or responses requires a deliberate double opt-in, is auditable, and can be disabled organization-wide. See Privacy.

How the Pieces Fit

  1. Deploy

    Roll out the proxy through your MDM. See Deployment.

  2. Discover

    Run in monitor-only mode to inventory AI usage with zero user impact.

  3. Define rules

    Translate policy into monitor, redact, or block rules.

  4. Act on alerts

    Review activity, automate remediation, and export to your SIEM.

Next Steps