hey <!channel>! 🙂 MCP servers are reshaping how AI agents interact with external tools and APIs. They unlock speed and flexibility, but can also punch holes in your security model if every agent can call every tool by default. Which why we are excited to share our guide on implementing dynamic authorization for AI agents and fine-grained permissions in MCP servers (and it doesn’t require a backend rewrite 😊).

Hello, <!channel> ! We’re excited to share our latest ebook with you: 📘 The “How to adopt externalized authorization: Planning your path”! Over the years, we’ve worked with hundreds of engineering, IAM, and security teams - helping everyone from early-stage startups to global enterprises navigate the process of adopting externalized authorization. That experience became the foundation for our new ebook. It’s a hands-on, 10-chapter guide that walks through every stage of the journey, from foundational planning to externalized authorization rollout and long-term governance. If you’re interested, feel free to download it here. Let us know what you think once you have a chance to read it! 🙌

Hey, <!channel> 👋 Exciting news - Cerbos documentation is now LLM optimized! Use your favorite AI assistant to help build Cerbos policies and integrations. Check out the details here.

Hey <!channel>! We have a really big update today 😊 We’re very excited to share that we have 🚀🎉 just released the updated Cerbos Hub! Cerbos Hub is now the centralized control plane for every authorization decision across applications, AI agents, services, and workloads. All identities. Any architecture at any scale. All in one place. This update is the result of your feedback. Over the past year, hundreds of engineering and security teams shared their challenges, and this input shaped four powerful new use cases: 1. Fine-grained, tenant specific authorization 2. Dynamic policy management at scale 3. Scalable NHI permission management 4. Secure authorization for MCP servers This latest update brings new features across the entire authorization lifecycle. So now you can: • Create, update, and deploy policies programmatically • Scale your policies by tenant, team, environment, or use case with the new Policy Stores • Push and deploy policy updates from any Git provider, CI tool, or API, with real-time distribution and built-in testing • Get a complete audit trail of every access decision across all identities, tenants, and apps • And much more! If you haven’t tried Cerbos Hub yet, and you’re looking to manage authorization for every identity in your system with full visibility, consistent policy enforcement, and Zero Trust alignment - this is the time to check it out 🙂 We’re happy to walk you through the new features and explore how they can meet your requirements. Our engineer and Head of Product are happy to talk with you!

Happy Friday, community! We’re back with some more fun news! 😊 We are excited to share that Cerbos Hub has been named Best in Microservices Infrastructure at the 2025 API Awards! 🥇 Thank you for your continued support, and for being on this journey with us!

Hello, our awesome community! Do you want to learn best practices for multi-tenant authorization? Join our spotlight webinar on Jul 29 to see how to model and manage per-tenant access policies. Together with our CPO, @Alex Olivier (Cerbos), we’ll cover: • Real-world implementation examples • How to build tenant-specific Policy Stores with isolation and traceability • The architecture needed to scale per-tenant authorization • Supporting enterprise customers with custom roles and dynamic logic • Live demo of policy creation, deployment, and updates via API and Git Register here → https://zoom.us/webinar/register/WN_-U732lkoQLOdaCCyasJ_ag%20#/registration

Hey everyone 👋 We wanted to let you know about our next upcoming webinar, where we will dive into programmatic policy management for complex systems. We’ve heard from a number of you about issues with scaling manual permission updates. As your system grows with more tenants, services, and agents, keeping access control up to date gets messy. If you’d like to learn how to manage permission updates with code, join us on August 6. We’ll go through: • When to use programmatic updates (and when not to) • Static vs. dynamic policy models • Managing policies via CLI, API, and SDKs • Deploying from Git, CI, or external systems • Architectures for scaling real-time policy updates • Live demo: building dynamic policies and integrating with your systems You can register here ➡️ https://zoom.us/webinar/register/5317539696581/WN_SOGae5oqTSaJu28uiogCqA

Release - v0.46.0 New release published by github-actions[bot] ## Cerbos 0.46.0 View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.46.0.html ## Changelog ### Features • 6cff78d feat: Include policy source in audit logs (#2624) ### Enhancements • e73ec4c enhancement: Add embedded PDP metadata to audit logs (#2625) • 8b4cbe3 enhancement: Stickier PDP IDs (#2641) ### Bug fixes • 8184fdf fix: Handle const false DENY nodes in role-level query planning (#2644) • 3b2f73c fix: Handle rule-less policies for multi-tenant fallthrough (#2649) ### Documentation • ede245a docs: Fix css for logo on hover (#2628) ### Chores • 3531121 chore(ci): Set MySQL tag (#2647) • 084ad71 chore(ci): Temporarily disable MySQL E2E tests (#2650) • 445ca4e chore(ci): Use official MySQL image in E2E tests (#2646) • 616d48d chore(deps): Bump form-data from 4.0.2 to 4.0.4 in /npm/test/registry (#2654) • e12847a chore(deps): Bump github.com/docker/docker from 28.2.2+incompatible to 28.3.3+incompatible in /tools (#2655) • 15b5edf chore(deps): Bump helm.sh/helm/v3 from 3.17.3 to 3.18.4 in /tools (#2632) • 664315c chore(deps): Update github actions deps (#2642) • 149a57d chore(deps): Update go deps (#2626) • 4abe304 chore(deps): Update go deps (#2635) • 4803489 chore(deps): Update go deps (#2643) • ded17ae chore(deps): Update go deps (#2651) • 8629867 chore(deps): Update node.js deps (#2652) • 3b6b8d3 chore(deps): Update pnpm to v10.13.1 (#2636) • 1b3690b chore(deps): Update sigstore/cosign-installer action to v3.9.1 (#2627) • 1a130aa chore(deps): update module helm.sh/helm/v3 to v3.18.4 [security] (#2633) • 031a3c5 chore(release): Add 0.46.0 release notes (#2657) • 2e55b6b chore(release): Prepare release 0.46.0 • 17d8000 chore(version): Bump version to 0.46.0 • 17e74dc chore: Enable gzip and increase response size limit for cerbosctl (#2631) • 4b09afc chore: Rename cerbosctl hub

like

filter to

contains

(#2623) • e8e7a86 chore: Use new Bitnami repository (#2640) cerbos/cerbos

hey <!channel>! 👋 We have launched the new Usage Dashboard in Cerbos Hub! 🙌 This new feature provides a comprehensive, real-time view of your authorization service, allowing you to monitor key metrics, analyze trends, and gain valuable insights into your policies and their consumers. The new usage insights, available on both the workspace homepage and its own dedicated “Usage” section, surface these key metrics into a quick reference dashboard. It provides a detailed breakdown of your Monthly Active Principals (MAPs), decisions, query plans, and more, allowing you to see exactly how your authorization policies are being used. Details can be found here.

Hey community! 🔥 During these hot summer days, we’re diving into an even hotter topic: securing MCP servers. If your AI agents are getting smarter and gaining access to tools, APIs, and sensitive systems via the Model Context Protocol, you already know the risks aren’t just theoretical. Join our free MCP security webinar on August 14: https://zoom.us/webinar/register/3017545640027/WN_lefbNhY7RmimAflP7xbTzg Can’t make it live? No worries - we’ll share the recording afterward. Check out the preview video below where Alex Olivier (our CPO & Co-Founder) gives you a taste of what we’ll cover! 👇

🎉 We just passed 4,000 stars on GitHub. A huge thank you to our amazing community for the support! Who wants to give us star number 4001? 😉

Hey <!channel>! 👋 Our next webinar is diving deep into non-human identity authorization on August 26th. Most teams have Zero Trust figured out for humans. But their service accounts, API keys, workload identities and agents? Still getting broad permissions. The reality is that Zero Trust architecture is only as strong as how teams handle these machine identities. We’ll start the webinar with the fundamentals (NHI types, common risks) then get into the architecture patterns you need for proper Zero Trust, and fine-grained, method-level authorization What we’re covering: • NHI fundamentals and risks • 5 common authentication methods for NHIs • Zero Trust principles applied to NHIs • Fine-grained, method-level authorization for workloads and agents • Delegated authorization and on-behalf-of identity handling • How to unify policies and audits across the stack • We’ll also touch briefly on broader NHI security strategies beyond authorization. *Register:* https://zoom.us/webinar/register/4117556840966/WN_OHDM3rveSZ-pBD5ApU6gsw Can’t make it live? No worries - register anyway and you’ll get the recording. Looking forward to seeing some familiar faces there! 🚀

Happy Friday, community 😊 Excited to share that we have just shipped some new features! Both came directly from customer feedback about debugging and monitoring: 1️⃣ Understanding why specific authorization decisions were made 2️⃣ Getting visibility into usage patterns across multiple teams. Details can be found here If you’re already using Cerbos Hub, head to the playground to try execution traces or check your dashboard for the new organization view. If you’re not using Cerbos Hub yet, you can sign up for free and see both features in action with your own policies.

Hey everyone, hope your week is off to a good start! We just published a technical guide on making application authorization context-aware with Cerbos outputs 📃 If you’ve ever had users confused by cryptic “access denied” messages, or struggled with audit trails that only tell you what happened but not why - this guide could be relevant for you. Cerbos outputs solve the above by providing contextual metadata that transforms binary allow/deny decisions into intelligent, actionable authorization responses.

Happy Monday, community 😊 We just published a guide on how to write schemas. Why care about schemas? Well, when you write Cerbos policies, you’re essentially making assumptions about the shape of data your application will send. Without schemas, those assumptions are just that: assumptions. Your policies become a house of cards waiting for the wrong payload to knock everything down. With schemas in place: • You can catch integration errors during testing, not in production; • Get documentation that can’t lie; • And prevent attribute injection attacks. Feel free to check the blog out, if it’s relevant for you. Have a great week!

👋 Some of you have asked how to filter database results. So we put together a detailed guide answering that question, the focus of which is the PlanResources API. You can check it out here.

Hey, <!channel>! After seeing so many of you registered for our MCP webinar (seriously, the response was amazing!), we knew there was a real appetite for diving deeper into MCP security. So, our co-founder Emre wrote a comprehensive ebook “*Zero Trust for AI: Securing MCP Servers*” covering what we couldn’t fit into the webinar: • Why MCP servers are becoming high-privilege security risks • How traditional RBAC fails in AI environments • The PEP/PDP architecture for Zero Trust AI systems • Ready-to-implement authorization policies and deployment patterns The guide draws from our work with customers implementing AI systems and covers real incidents like the recent Supabase and Asana vulnerabilities. Thanks for all the great questions during the webinar - they influenced what went into this guide. Hope you find it helpful for your MCP implementations! :books:Get access to the ebook here

Hey everyone! Some more news on the topic of MCP to start off the week 😊 We are excited to share that 🤖 we have introduced cerbos-fastmcp middleware. FastMCP is a popular Python framework for building production-ready Model Context Protocol servers. However, a default FastMCP implementation exposes all tools to all users, creating a significant security risk. The introduced middleware brings policy-based, fine-grained access control to FastMCP deployments. This allows teams to define authorization rules in human-readable YAML policies, completely decoupled from application code. Check out this blog for the details and a demo: https://www.cerbos.dev/blog/how-to-secure-your-fast-mcp-server-with-permission-management

Hey everyone 😊 We have a new guide out “Zero-Trust for microservices, a practical blueprint”! If you are moving from monoliths to distributed systems, you’ve likely hit the authorization wall. In the guide, we tackle the critical question modern architectures struggle with: “Is Service A allowed to access Resource X on behalf of User Y?” What we cover: → Why perimeter-based security fails in microservices, and creates lateral movement risks → Implementing workload identity for services, bots, and AI agents → The “on-behalf-of” authorization model for context-aware decisions → Real policy examples for service-to-service authorization and AI agent constraints → Observability through OpenTelemetry integration and centralized audit logs

Hey community 👋 Earlier this year, Cerbos co-founder and CPO Alex Olivier took the stage at DevDays Europe alongside experts Kenneth Rohde Christiansen, Paul Dragoonis, Romano Roth, and Victor Lyuboslavsky to speak on the topic of “*Building the Future: Trends in Modern Application Architecture*”. They tackled everything from AI’s impact on cloud infrastructure to the perennial microservices vs. monolith debate. If you’re curious, you can check out the recording and summary write-up here 👈 😊

Hello, everyone ☺️ We just published a new guide “Mapping business requirements to authorization policy for insurance” In it, we explore how authorization helps fight insurance fraud (which costs the industry $306B annually), and break down PBAC examples across auto, life, and property insurance. Complete with Cerbos policies you can use 💻

Release - v0.47.0 New release published by github-actions[bot] ## Cerbos 0.47.0 View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.47.0.html ## Changelog ### Features • 1b8e12d feat(helm): allow specififying service.trafficDistribution (#2693) • 3ea4971 feat: Add AWS Lambda support (#2661) • ac53850 feat: Decouple rule table (#2653) ### Enhancements • d1e01d8 enhancement: Add upload-git cmd and change details from git to replace-files cmd (#2695) • e82e409 enhancement: More detailed schema errors (#2663) • 46bf586 enhancement: Use default config if one not provided for Lambda (#2728) ### Bug fixes • d0edd70 fix: Batch dependents and deflake CI suites (#2677) • e89c9cc fix: Fix e2e blob test by guaranteeing policy existence (#2672) • 0e863bb fix: Fix e2e overlay test (#2671) • ce2c68d fix: Increase blob e2e sleep period (#2684) • 054159c fix: Use CollectT in EventuallyWithT (#2685) ### Documentation • a9f9af4 docs(lambda): Add AWS Lambda docs (#2740) • 2d8e7f6 docs: Add AI policy to contribution guidelines (#2710) • 353d188 docs: Fix broken link in README.md (#2658) • 7cfd150 docs: Fix broken links to Hub documentation (#2741) ### Chores • 2f6df1c chore(ci): Clean up .goreleaser.yml (#2670) • fdc383f chore(ci): Clean up deployment to AWS SAR (#2723) • 9f5baba chore(ci): Clear disk space quicker (#2692) • 26f5ead chore(ci): Increase E2E blob store update interval (#2720) • a72d22c chore(ci): Move all Minio images to bitnamilegacy (#2722) • f8559c9 chore(ci): Publish AWS Lambda extension to SAR (#2719) • 08ed41a chore(ci): Publish lambda handler to AWS SAR (#2707) • ada628e chore(ci): Rename lambda release directories for consistency (#2725) • 7cb7f74 chore(ci): Set minimum age for Renovate dependencies (#2708) • 1dca73d chore(ci): Test publishing to SAR (#2713) • 6ca5696 chore(ci): Use faster disk space reclaim action (#2694) • 124d4f8 chore(ci): Use legacy Bitnami registry (#2721) • f6bf465 chore(deps): Bump github.com/docker/docker from 27.2.0+incompatible to 28.0.0+incompatible (#2666) • e621d1f chore(deps): Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 (#2673) • 8705370 chore(deps): Bump github.com/quic-go/quic-go from 0.54.0 to 0.54.1 in /tools (#2731) • 7848eb4 chore(deps): Bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 in /tools (#2678) • 0c1cc42 chore(deps): Update Buf dependencies (#2737) • 0bc938c chore(deps): Update GitHub Actions deps to v5 (major) (#2712) • 86df549 chore(deps): Update Go deps (#2711) • 27c8dbd chore(deps): Update Go deps (#2717) • 8133849 chore(deps): Update Go deps (#2727) • 617c1be chore(deps): Update Go deps (#2732) • b3dfff0 chore(deps): Update Go deps (#2739) • 4094281 chore(deps): Update Go deps (#2744) • aa5c201 chore(deps): Update No… cerbos/cerbos

Hey community 👋 We just published a technical guide on how to leverage JWT claims in Cerbos. Feel free to check it out if it’s relevant for you. Main takeaways: • Cerbos verifies JWTs using your JWKS and exposes claims directly to policy conditions. • You can configure multiple keysets, cache verified tokens, and handle rotation without restarts. • Claims like iss, aud, and sub can be enforced centrally in CEL expressions. • Gateways can pass tokens through; one policy set covers edge and service. • Stolen credentials remain a top initial action in breaches at 24 percent in 2024. Strong token verification helps reduce risk. • Disable verification only for controlled testing, not for production.

Hey everyone 🙂 Coming to you with some great news. You can now run Cerbos natively inside AWS Lambda. [Guide for reference] Depending on your preference, you can deploy Cerbos directly in AWS Lambda-either as a standalone function or as a lightweight extension layer-while using Cerbos Hub for centralized policy management and audit-logging.

Hey everyone, we got some requests asking for a possibility to automate Cerbos policy uploads. There is now a solution 🙌 The cerbos-store-action GitHub Action can be used for this purpose. Check out our guide for details. Have a great week!👋

Hey <!channel>! We have introduced security controls designed specifically for agentic AI 🤖🚀 Using Cerbos, you can enforce fine grained authorization at every step of your agent’s workflow: • You can filter RAG retrievals before they ever reach a prompt. • You can control which MCP tools an agent can use based on permissions and context. • You can authorize every downstream API call the agent makes. • And you can capture structured audit logs that explain every allow and deny decision. With Cerbos in place, your AI agents stay within the security and compliance boundaries you set. Check out the details here

Okay

Hello @channel! I'd love to invite you all to a practical webinar on securing agnetic AI. I guess this is the topic many of you care about 🤖. It will be 45-minute sessions where our team will cover: • Real attack surfaces and abuse cases from agentic workflows • Guardrail patterns for controlling agent-initiated actions • Authorization models that constrain what agents can do • How to map controls to SOC2 / privacy / enterprise audit needs • Practical architecture patterns you can reuse immediately • Zero trust principles for agents • A walkthrough of agentic access control policies + examples Speaker is @Alex Olivier (Cerbos), CPO at Cerbos. Much of his current work is centered around securing agentic workflows and the new controls required to keep AI systems safe. 🛠️ Alex will show agentic demos, access control policy templates, and workflow diagrams. 📆 Date: Dec 16, 2025, 05:30 PM (GMT+0)/ 9.30 AM PST cerbie Zoom link to register: https://zoom.us/webinar/register/3617646715082/WN_9mtiwDYGRZqw3hr6KsAbMQ Looking to see you there!

Release - v0.48.0 New release published by github-actions[bot] ## Cerbos 0.48.0 View the full release notes at https://docs.cerbos.dev/cerbos/latest/releases/v0.48.0.html ## Changelog • 8838f2a Add v0.48.0 release notes (#2827) • c02028c Fix free-disk-space action (#2816) • 1022dba Implement inspect.RuleTables (#2818) • e050e29 Pin cerbos/buf-breaking-action version (#2819) • d3133c2 Pin golangci-lint version in CI (#2811) • 9de93b8 Remove jlumbroso/free-disk-space action (#2815) • fe0a0dd Update verdaccio to 6.2.2 (#2810) • dc198e5 Use

extractions/setup-crate

directly (#2812) • 6a966b2 chore(api): Reimplement AuthZen APIs using direct calls to engine (#2798) • 883e9ec chore(ci): Add "v" prefix to cosign version (#2763) • ed6ac72 chore(ci): Fix cosign version to 2.6.1 (#2760) • 72ff0e5 chore(ci): Fix no such host error in e2e tests (#2775) • c747b01 chore(ci): Fix release workflow, rename cerbosfunc, update lambda docs (#2748) • cc5819f chore(ci): Pin GitHub Action digests (#2807) • a8bcd9e chore(ci): Remove -failfast flag when executing E2E tests (#2776) • 052aec9 chore(ci): Remove conventional commits requirement (#2806) • 6602c25 chore(deps): Bump github.com/opencontainers/runc from 1.2.3 to 1.2.8 (#2767) • 0a4e029 chore(deps): Bump golang.org/x/crypto from 0.37.0 to 0.45.0 in /hack/tools/changelog (#2805) • 4d99f7c chore(deps): Bump golang.org/x/crypto from 0.43.0 to 0.45.0 in /tools (#2794) • 8dd72c7 chore(deps): Pin dependencies (#2809) • cb47613 chore(deps): Update GitHub Actions deps (#2750) • aa7968c chore(deps): Update GitHub Actions deps (#2756) • 60703b8 chore(deps): Update GitHub Actions deps (#2821) • 6136f27 chore(deps): Update GitHub Actions deps to v6 (major) (#2755) • 3913ce1 chore(deps): Update Go deps (#2751) • 81d1746 chore(deps): Update Go deps (#2772) • 27656c0 chore(deps): Update Go deps (#2788) • dbd2f64 chore(deps): Update Go deps (#2799) • afd20ef chore(deps): Update Node.js deps (#2753) • ebc6907 chore(deps): Update Node.js deps (#2789) • f3872e9 chore(deps): Update Node.js deps (#2800) • 9b7fae8 chore(deps): Update Node.js deps (#2822) • e805581 chore(deps): Update actions/upload-artifact action to v5 (#2754) • 0574697 chore(deps): Update dependency corepack to v0.34.2 (#2771) • 019092f chore(deps): Update dependency node to v24 (#2757) • 7215630 chore(deps): Update module golang.org/x/crypto to v0.45.0 [SECURITY] (#2795) • b21e502 chore(deps): Update sigstore/cosign-installer action to v4 (#2758) • 98da70f chore(release): Prepare release 0.48.0 • 15bf74d chore(version): Bump version to 0.48.0 • 71107bc chore: Add

just align

recipe to sort struct fields (#2790) • a702850 chore: Add manifest field to rule table (#2768) • <https://git… cerbos/cerbos

Hey <!channel>, we have some big news: We just released our comprehensive guide to multitenant authorization! 🎉 📚 “One size does not fit all: A guide to multitenant authorization” We keep seeing the same pattern across companies: fixed roles work at small scale, but collapse under enterprise complexity. This ebook captures how we help teams solve that problem. The “Admin, Editor, Viewer” model becomes a cage when an enterprise signs up for a SaaS product. Teams scramble to create thousands of tenant-specific role variants. Role explosion follows. Support tickets pile up. Enterprise deals stall. We’ve distilled everything we’ve learned, from real-world implementations, architecture patterns, and painful lessons, into a practical guide that shows teams how to implement dynamic, multitenant authorization that actually scales. In the ebook we dive into: → Why fixed roles break at enterprise scale (and what role explosion really looks like) → How to implement authorization that mirrors each tenant’s organizational reality → Architecture patterns for separating platform-wide rules from tenant-specific policies → How to balance central control with tenant self-service and delegated administration → Real examples from leading SaaS companies scaling authorization across thousands of tenants → The PEP/PDP/PAP pattern and policy-as-code workflows 🔗* Download the ebook* 🔗