Skip to main content

Glossary

Overview

Definitions of the terms used across this documentation. Cerbera AI is built to serve technical and non-technical stakeholders alike, so this page keeps each definition short and practical.

Core Terms

TermDefinition
ProxyA program that sits in the network path and inspects traffic as it passes. Cerbera AI installs a lightweight local proxy on each device. See How It Works.
MITM (man-in-the-middle)A position in the request path that can read and modify traffic. A security proxy uses this technique deliberately to inspect AI traffic.
TLS interception (HTTPS offloading)Decrypting and re-encrypting HTTPS traffic so its contents can be inspected. It requires a trusted certificate on the device.
Leaf certificateA per-device certificate used for TLS interception. Cerbera generates one on each device and holds no root CA, so a breach of Cerbera does not yield a key to intercept your traffic.
Root CA (certificate authority)The top-level certificate that can issue others. Cerbera deliberately does not hold one.
MDM (mobile device management)The system used to manage company devices (for example Jamf or Intune). Cerbera AI deploys through it in one click.

AI & Agents

TermDefinition
LLM (large language model)The model behind tools like ChatGPT, Claude, and Gemini.
AgentAn AI tool that takes actions on a device, such as Claude Code running commands or editing files, not just answering questions.
MCP (Model Context Protocol)An open protocol that lets AI clients call external tools and APIs. See MCP.
MCP serverA service an AI client connects to over MCP. Can be official (provider-maintained) or third-party (community-maintained).
Shadow AIAI tools used inside an organization without security review or approval.
Prompt injectionAn attack that hides instructions in content an AI reads, hijacking its behavior. Detection is on the Cerbera roadmap.

Rules & Actions

TermDefinition
MonitorA rule action that logs a match without changing or blocking anything.
RedactA rule action that redacts secrets (API keys, AWS keys, PII) from a request before it leaves the device. See Rules.
BlockA rule action that stops a request and shows the user a pop-up explaining why.
Allow-by-defaultUnrecognized traffic is permitted. Cerbera AI enforces this for traffic it does not identify as a known AI tool, so an unexpected provider API change does not break users.
Deny-by-defaultAnything not explicitly allowed is blocked. Recommended only after monitoring has surfaced the legitimate tools in use.

Adjacent Tools

TermDefinition
EDR (endpoint detection and response)Watches system calls on a device. Complementary to Cerbera AI but cannot read prompts or govern AI network calls.
Firewall / SWG (secure web gateway)Inspects network traffic. Not designed to understand AI-specific behavior.
ZTNA (zero trust network access)Controls access to internal resources (for example Cato Networks). Chains with Cerbera AI rather than conflicting with it.
VPNRoutes traffic through a private network. Cerbera AI behaves similarly in that traffic passes through it, but its purpose is AI inspection.

Data & Integrations

TermDefinition
OpenTelemetry (OTel)An open standard for telemetry. Cerbera AI exports alerts and rule matches in this format. See Openness & Interoperability.
SIEMA security information and event management system that aggregates logs and alerts. Cerbera AI feeds it over OpenTelemetry.
WebhookAn HTTP callback that pushes events to another system as they happen. On the Cerbera roadmap.
IaC (infrastructure as code)Managing configuration declaratively in version control rather than by hand. On the Cerbera roadmap.
P75 / P99 latencyThe latency experienced by the 75th and 99th percentile of requests. Cerbera AI runs under 1 ms at P75 and around 10 ms at P99.

Next Steps