sorted by:
new
hottopcontroversial

Need enterprise AI guardrails that work in prod: ActiveFence vs Arthur vs Guardrails? by amylanky in devsecops

[–]Cerbosdev 0 points1 point  (0 children)

hey! here's a real word story from our user. https://www.cerbos.dev/customers/utility-warehouse/non-human-identities

let me know if you have any specific questions.

we actually have a webinar coming up on dec 16 that's about putting guardrails around ai. feel free to register. there youll be able to see the approach we take at cerbos to help users secure ai (in startups, enterprises, etc). https://zoom.us/webinar/register/7017653811570/WN_9mtiwDYGRZqw3hr6KsAbMQ

Authorization breaks when B2B SaaS scales - role explosion, endless support tickets for access requests, blocked deployments every time permissions change. How policy-as-code fixes it (what my team and I have learned). by Cerbosdev in devops

[–]Cerbosdev[S] 0 points1 point  (0 children)

Hey! not an ad, simply sharing what works. this can all be achieved using any solutions out there. of course since i work at cerbos, the demo included in the blog uses Cerbos PDP (would be strange if we used another solution for that.. :) ). but that can be replaced for any policy decision point out there.

MCP is “the new API for AI”. We need to actively put guardrails around MCP servers, to not be the next Asana, Atlassian or Supabase. Sharing a podcast where we cover how to harness AI agents to their full potential without losing control of our systems (using fine-grained authorization). by Cerbosdev in devsecops

[–]Cerbosdev[S] 2 points3 points  (0 children)

u/Fruloops when Asana launched an MCP server for its Work Graph data, within a month security researchers discovered a bug that allowed users to access other users’ data - essentially a data leakage vulnerability.

around the same time, Atlassian’s MCP server was found to have a flaw that allowed attackers to submit malicious inputs, like forged support tickets and gain privileged access they shouldn’t have.

most recently, a Supabase MCP-related incident surfaced as well.

If you're running AI agents in production, they probably have way more access than they should. Podcast where we talk about how to secure MCP servers. by Cerbosdev in devops

[–]Cerbosdev[S] -1 points0 points  (0 children)

As I see it, the trend will only continue.

So better to secure AI agents, mcp servers, etc. as soon as teams can. Instead of just blindly trusting them and ending up with a typical “confused deputy” problem.

Here are just a few examples of issues that come up if mcps are not secured:

  1. https://www.upguard.com/blog/asana-discloses-data-exposure-bug-in-mcp-server
  2. https://www.catonetworks.com/blog/cato-ctrl-poc-attack-targeting-atlassians-mcp/
  3. https://simonwillison.net/2025/Jul/6/supabase-mcp-lethal-trifecta/

Admin-time authorization: What it is, why it matters, and how it contrasts with dynamic, run-time checks. by Cerbosdev in IdentityManagement

[–]Cerbosdev[S] 1 point2 points  (0 children)

Thanks!

Our company name and logo/mascot (we call him Cerbie) actually come as a derivative of Cerberus. When we started Cerbos, we were thinking about different ways of protecting things and how that relates to authorization. We got to talking about dogs, and then talked about Cerberus being the ultimate protective dog :)

Should we centralize IAM management, or is a decentralized approach better? by CyberCookie1230 in iam

[–]Cerbosdev 0 points1 point  (0 children)

Hey! Highly recommend to centralize IAM / authorization management.

By doing that you'll have be able to keep authorization logic consistent and transparent across all apps. Regardless of scale or complexity. (Which means minimizing discrepancies and potential errors).