Skip to main content

Quickstart Guide

Welcome to Cerbera AI

This guide walks you through getting Cerbera AI running, from deployment to your first rules. The Cerbera team works with you over a shared Slack channel at every step.

The recommended path is monitor first, harden gradually: deploy silently, learn what AI is actually in use, then introduce redaction and blocking once you are comfortable.

Step 1: Confirm Compatibility

Cerbera AI is one more layer in the network path, so it is validated against your existing stack before any rollout.

  1. Share your stack

    Tell us which VPN, ZTNA, secure web gateway, and EDR you run (for example Cato, Jamf Security Cloud). Cerbera checks for conflicts with chained proxies.

  2. Pick a pilot group

    Choose a small group of consenting users, often power users, to validate end to end. Include at least one device running each of your existing layers.

Step 2: Deploy the Proxy

The proxy installs through your MDM in one click. The user simply restarts once, and it works out of the box with no per-user configuration.

macOS and Windows (MDM)

Push the package from your MDM (for example Jamf or an MSI through Intune). The certificate for TLS interception is installed automatically into the trust store.

Without an MDM

Users download and run the installer package themselves.

Linux

There is no MDM path on Linux, so installation is via an emailed script the user runs.

See Deployment for the full rollout guide.

Step 3: Discover AI Usage

Run Cerbera AI in monitor-only mode for roughly five to ten days. Nothing is blocked; you simply learn which AI tools, models, agents, and MCP servers are in use.

  • Review the inventory of detected AI tools. See AI Discovery.
  • Look at the MCP servers employees connect to and any token exposure. See MCP Governance.

Step 4: Set Rules

Translate your policies into rules from the managed catalog, or write custom ones. Each rule takes one of three actions:

ActionEffect
MonitorLog the match, change nothing
RedactRedact secrets (API keys, AWS keys, PII) before the request leaves the device
BlockStop the request and show the user a pop-up explaining why

Start every rule in monitor, confirm it matches what you expect, then promote it. See Rules.

Step 5: Act and Integrate

  1. Review alerts

    Cerbera watches alerts with you over Slack and pings you when something looks suspicious.

  2. Automate remediation

    Notify users to fix a misconfigured MCP or switch off a personal account. See Exceptions & Remediation.

  3. Export to your SIEM

    Stream alerts in OpenTelemetry format into your existing tooling. See Openness & Interoperability.

Next Steps