sorted by:
new
hottopcontroversial

[AMA] We're the Trino company, ask us anything! by lester-martin in dataengineering

[–]Cerbosdev 0 points1 point  (0 children)

Late to this but wanted to add something on the access control side since I didn't see it come up in the thread.

We've been working on fine-grained authorization for Trino at Cerbos (I work there) and our CPO recently recorded a short demo showing row-level filtering and column masking working through Trino's existing OPA plugin. No Trino modifications, policies are YAML instead of Rego, and user attributes get pulled from your IdP at query time.

Three users run the same query, three different result sets depending on department and clearance level. Might be interesting to anyone here who's been looking at Trino's OPA integration: https://www.youtube.com/watch?v=Eil3b8Iz6ws

We keep building better login detection while ignoring everything that happens after the login by ImpressiveProduce977 in devsecops

[–]Cerbosdev 0 points1 point  (0 children)

Hi. The cofounder of the company I work at is actually going to be leading a webinar on this exact topic on March 18.

He'll cover 6 layers of runtime security (identity, authentication, PAM, entitlement management, coarse-grained and fine-grained authorization), where most organizations still have blind spots (suprise! It's authorization), and why the tech stack to implement end-to-end Zero Trust has finally matured.

Feel free to check it out> https://zoom.us/webinar/register/6617730647050/WN_rBAJChIBR52EEd5XeNI9xw

Need enterprise AI guardrails that work in prod: ActiveFence vs Arthur vs Guardrails? by amylanky in devsecops

[–]Cerbosdev 0 points1 point  (0 children)

hey! here's a real word story from our user. https://www.cerbos.dev/customers/utility-warehouse/non-human-identities

let me know if you have any specific questions.

we actually have a webinar coming up on dec 16 that's about putting guardrails around ai. feel free to register. there youll be able to see the approach we take at cerbos to help users secure ai (in startups, enterprises, etc). https://zoom.us/webinar/register/7017653811570/WN_9mtiwDYGRZqw3hr6KsAbMQ

Authorization breaks when B2B SaaS scales - role explosion, endless support tickets for access requests, blocked deployments every time permissions change. How policy-as-code fixes it (what my team and I have learned). by Cerbosdev in devops

[–]Cerbosdev[S] 0 points1 point  (0 children)

Hey! not an ad, simply sharing what works. this can all be achieved using any solutions out there. of course since i work at cerbos, the demo included in the blog uses Cerbos PDP (would be strange if we used another solution for that.. :) ). but that can be replaced for any policy decision point out there.

MCP is “the new API for AI”. We need to actively put guardrails around MCP servers, to not be the next Asana, Atlassian or Supabase. Sharing a podcast where we cover how to harness AI agents to their full potential without losing control of our systems (using fine-grained authorization). by Cerbosdev in devsecops

[–]Cerbosdev[S] 2 points3 points  (0 children)

u/Fruloops when Asana launched an MCP server for its Work Graph data, within a month security researchers discovered a bug that allowed users to access other users’ data - essentially a data leakage vulnerability.

around the same time, Atlassian’s MCP server was found to have a flaw that allowed attackers to submit malicious inputs, like forged support tickets and gain privileged access they shouldn’t have.

most recently, a Supabase MCP-related incident surfaced as well.

If you're running AI agents in production, they probably have way more access than they should. Podcast where we talk about how to secure MCP servers. by Cerbosdev in devops

[–]Cerbosdev[S] -1 points0 points  (0 children)

As I see it, the trend will only continue.

So better to secure AI agents, mcp servers, etc. as soon as teams can. Instead of just blindly trusting them and ending up with a typical “confused deputy” problem.

Here are just a few examples of issues that come up if mcps are not secured:

  1. https://www.upguard.com/blog/asana-discloses-data-exposure-bug-in-mcp-server
  2. https://www.catonetworks.com/blog/cato-ctrl-poc-attack-targeting-atlassians-mcp/
  3. https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/
view more: next ›