Meet four new use cases in the updated Cerbos Hub

We spent the last year listening to hundreds of customers, attending dozens of industry events, and talking with teams building at scale. Their feedback directly led to support for four new use cases in Cerbos Hub.

Cerbos Hub gives engineering, security, and IAM teams everything they need to manage authorization across any architecture at any scale.

Fine-grained, tenant specific authorization

We often hear from SaaS companies: “We need to let our customers define their own roles and rules without hardcoding every customization.” With Cerbos Hub, each customer’s authorization logic lives in its own secure silo, layered on top of your core rules:

• Tenant‑isolated policy storage ensures customers can define roles and permissions specific to their context. No code modifications required
• Real‑time tenant-specific policy updates can be made from the app and pushed to Cerbos Hub for rollout to the PDPs
• Scoped policies enforce boundaries: tenants can customize within platform-defined guardrails
• Audit logs and version control are preserved per tenant, ensuring transparency and rollback capabilities

👉 Join our spotlight webinar to learn how to deliver tenant-specific roles and policies dynamically
👉 Check the use case page for more information

Dynamic policy management at scale

With Cerbos Hub’s new dynamic policy capabilities, you can automate the full lifecycle of your authorization policies. Cerbos Hub Policy Stores enable programmatic creation, updates, and deployment of policies via API, triggered by any event or system in your stack. With this new use case, you get:

• Full CRUD support via Admin API and SDKs enables policy creation, updates, and deletion in response to system events or CI/CD pipelines
• Built-in compilation and testing validate changes before deployment
• Instant synchronized distribution pushes policies to all PDPs (cloud, edge, embedded) with no manual steps
• No custom infrastructure needed. Cerbos Hub handles policy storage, reloading, and testing
• Every change, from API call to enforcement decision, is logged for full traceability

👉 Join our spotlight webinar to see dynamic policy workflows in action
👉 Visit the dynamic policies use case page for implementation details

Scalable NHI permission management

Microservices, workloads, and AI agents now drive most system-to-system traffic, but many lack enforceable access controls. Overprivileged NHIs can bypass Zero Trust boundaries, leak data, or become invisible backdoors in your architecture.

Cerbos’s NHI support gives you centralized, policy-based authorization for every non-human identity:

• Apply least privilege by default to every workload, service, or AI agent
• Implement delegated and impersonated authorization checks between services
• Define SPIFFE-based policies and enforce ABAC, RBAC, or PBAC rules
• Track which service accessed what, when, on whose behalf, and why
• Maintain a unified audit trail for all NHI access decisions across your apps

👉 Join our spotlight webinar to learn how to discover NHIs, assess their risks, and implement fine-grained access controls in a microservice architecture.
👉 Check the use case page to get more details

Secure authorization for MCP servers

Model Context Protocol is powering a new wave of AI apps, but recent breaches have shown how easily misconfigured agents can access more than they should. Cerbos Hub can now control which agents can access which MCP tools, using policies evaluated per agent, per tool, and per session, outside your server logic. New MCP capabilities include:

• Dynamically authorized tool access for each client using context-aware Cerbos policies
• Prevent unauthorized tools from appearing in the available_tools list
• Capture every MCP access decision with full audit context for compliance and debugging

👉 Join our spotlight webinar to see how to secure MCP tools with policy-based access control
👉 Visit the MCP server use case page to learn more about authorization for MCP servers

With the updated Cerbos Hub, you get an enterprise grade control plane that integrates with your identity fabric, delivers built-in compliance and audit logging, and a developer friendly experience. It’s a single hub for all your human and non-human authorization needs.

Our engineers would be happy to give you a personalized demo.