Quickstart Guide
Welcome to Cerbera AI
This guide walks you through getting Cerbera AI running, from deployment to your first rules. The Cerbera team works with you over a shared Slack channel at every step.
The recommended path is monitor first, harden gradually: deploy silently, learn what AI is actually in use, then introduce redaction and blocking once you are comfortable.
Step 1: Confirm Compatibility
Cerbera AI is one more layer in the network path, so it is validated against your existing stack before any rollout.
Share your stack
Tell us which VPN, ZTNA, secure web gateway, and EDR you run (for example Cato, Jamf Security Cloud). Cerbera checks for conflicts with chained proxies.
Pick a pilot group
Choose a small group of consenting users, often power users, to validate end to end. Include at least one device running each of your existing layers.
Step 2: Deploy the Proxy
The proxy installs through your MDM in one click. The user simply restarts once, and it works out of the box with no per-user configuration.
macOS and Windows (MDM)
Push the package from your MDM (for example Jamf or an MSI through Intune). The certificate for TLS interception is installed automatically into the trust store.
Without an MDM
Users download and run the installer package themselves.
Linux
There is no MDM path on Linux, so installation is via an emailed script the user runs.
See Deployment for the full rollout guide.
Step 3: Discover AI Usage
Run Cerbera AI in monitor-only mode for roughly five to ten days. Nothing is blocked; you simply learn which AI tools, models, agents, and MCP servers are in use.
- Review the inventory of detected AI tools. See AI Discovery.
- Look at the MCP servers employees connect to and any token exposure. See MCP Governance.
Step 4: Set Rules
Translate your policies into rules from the managed catalog, or write custom ones. Each rule takes one of three actions:
| Action | Effect |
|---|---|
| Monitor | Log the match, change nothing |
| Redact | Redact secrets (API keys, AWS keys, PII) before the request leaves the device |
| Block | Stop the request and show the user a pop-up explaining why |
Start every rule in monitor, confirm it matches what you expect, then promote it. See Rules.
Step 5: Act and Integrate
Review alerts
Cerbera watches alerts with you over Slack and pings you when something looks suspicious.
Automate remediation
Notify users to fix a misconfigured MCP or switch off a personal account. See Exceptions & Remediation.
Export to your SIEM
Stream alerts in OpenTelemetry format into your existing tooling. See Openness & Interoperability.