Notifications
Clear all
Topic starter
07/06/2026 8:55 pm
TL;DR: Cerbos centralises fine-grained authorization so applications and AI agents can query declarative policies instead of scattering permission logic through code, with sub-millisecond decisions and MCP-aware patterns for permission checks, according to WorkOS. The real shift is that identity teams must treat authorization as a runtime governance layer, not a static application concern.
NHIMG editorial — based on content published by WorkOS: Cerbos for AI Agent Security: Features, Pricing, and Alternatives
Questions worth separating out
Q: How should security teams govern fine-grained authorization for AI agents and service accounts?
A: Security teams should centralise authorization in a policy layer that evaluates the principal, resource, action, and context at runtime.
Q: Why do AI agents increase the importance of runtime authorization?
A: AI agents can make repeated tool calls, retrieve data dynamically, and branch into new actions inside a single session.
Q: What do teams get wrong when they rely on application code for permission checks?
A: They usually create inconsistent enforcement, because each service implements access rules differently and changes them on its own timeline.
Practitioner guidance
- Centralise authorization decisions in one policy layer Move fine-grained allow and deny logic out of scattered application code and into a single policy decision point that every service queries consistently.
- Model delegated agent access separately from human access Define explicit policy rules for agents acting on behalf of users, service accounts, or scheduled workflows.
- Block retrieval before the model sees sensitive content Apply permission checks before RAG pipelines assemble context, not after the model has already consumed documents.
What's in the full article
WorkOS's full article covers the operational detail this post intentionally leaves for the source:
- A feature-by-feature breakdown of Cerbos policy evaluation, testing, and deployment workflows for production teams.
- Pricing details for self-hosted and managed policy operations, including Monthly Active Principals usage framing.
- Implementation guidance for MCP-based agent checks and permission-aware RAG patterns in real applications.
- A direct comparison between authorization infrastructure and authentication infrastructure for enterprise buyers.
👉 Read WorkOS's analysis of Cerbos for AI agent authorization →
Cerbos and AI agent authorization: what changes for IAM teams?
Explore further
08/06/2026 8:40 am
Authorization sprawl is now an identity governance problem, not just an application design problem. When permission logic is scattered across services, teams lose a consistent control point for users, service accounts, and AI agents. That creates inconsistent enforcement, weak auditability, and policy drift across runtimes. The implication is that identity governance must own the policy layer as a first-class control surface.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: What is the difference between authentication and authorization in enterprise AI systems?
A: Authentication proves who or what the identity is, while authorization decides what that identity can do after it is verified. In enterprise AI systems, both layers matter. Authentication establishes the user, agent, or service account, and authorization must then constrain data access, tool use, and action scope.
👉 Read our full editorial: Cerbos for AI agent security: what authorization changes
