All integrations
Agent Gateway
AI

Authorize agent communication through Agent Gateway with Cerbos

Enforce fine-grained Cerbos authorization policies on MCP, A2A, and LLM traffic flowing through Agent Gateway — the open-source proxy for AI agent communication.

Native ext_authz support

Native ext_authz support

Cerbos speaks Agent Gateway's ext_authz protocol natively over gRPC or HTTP, no adapter or custom code required

Context-aware decisions

Context-aware decisions

Authorize agent actions based on user identity, agent roles, tool type, and request context at runtime

Audit every interaction

Audit every interaction

Every authorization decision is logged with full context, giving you a complete audit trail of agent activity

How Cerbos works with Agent Gateway

AI agents and tools introduce a new class of authorization challenges. They act on behalf of users, access sensitive data, and chain operations, all of which need fine-grained access control.

Cerbos provides policy-driven authorization that controls what AI systems can do, which data they can access, and on whose behalf. Policies are written in human-readable YAML and evaluated at request time.

With Cerbos and Agent Gateway, you get guardrails that scale with your AI adoption, centrally managed policies, full audit trails, and sub-millisecond decision times that don't slow down agent workflows.

Policy-as-codeHuman-readable YAML policies managed like source codeScalable PDPStateless policy decision point with sub-millisecond latencyCentralized managementManage, test, and deploy policies from a single control plane

How Cerbos authorizes Agent Gateway traffic

  1. Deploy Cerbos alongside Agent Gateway, Run the Cerbos PDP as a sidecar or service accessible from your Agent Gateway instance.
  2. Configure the ext_authz policy, Point Agent Gateway's extAuthz policy at the Cerbos PDP using gRPC (preferred) or HTTP. Agent Gateway automatically passes JWT claims, request metadata, and backend context in the ext_authz request.
  3. Define authorization policies in YAML, Write Cerbos policies that control access to MCP tools, A2A agent delegation, and LLM endpoints based on user identity, roles, and context.
  4. Requests are authorized or blocked, Cerbos evaluates the ext_authz request and returns an allow or deny decision. Agent Gateway enforces it before routing to the downstream service, with every decision logged for audit.

Security risks of unsecured agent gateways

Without authorization at the gateway layer, AI agent infrastructure introduces risks that traditional API security doesn't cover:

  • Unrestricted tool access. Any authenticated user or agent can invoke any federated MCP tool, regardless of whether they should have access to the underlying data or operations.
  • Uncontrolled delegation. Agents can delegate tasks to other agents via A2A without verifying that the originating user is authorized for the target agent's capabilities.
  • Shadow LLM access. Without per-user or per-role controls on LLM routing, agents can access models or providers that organizational policies restrict.
  • No decision audit trail. Without authorization checks at each request, there's no record of which user or agent accessed which tool, model, or remote agent — making compliance and incident investigation impossible.

Richer agent decisions with Cerbos Synapse

Agent Gateway often receives requests with minimal identity context — an API key or a bare JWT claim. Cerbos Synapse enriches each authorization request with the full user profile from your identity provider, resource metadata from your data stores, and the agent's own constraints — so the PDP receives complete context for every decision without the gateway needing to assemble it.

FAQ

How does Cerbos work with Agent Gateway?

Agent Gateway supports the Envoy ext_authz protocol natively via its extAuthz policy. Cerbos implements this same protocol, so the PDP can be used directly as Agent Gateway's external authorization service over gRPC or HTTP — no adapter needed.

Which Agent Gateway protocols does Cerbos authorize?

Cerbos can authorize requests across all three Agent Gateway protocol layers — MCP tool calls, A2A inter-agent delegation, and LLM routing. Agent Gateway passes full request context including JWT claims, MCP tool names, and backend metadata to Cerbos via ext_authz.

Does Cerbos replace Agent Gateway's built-in CEL rules?

Agent Gateway has built-in CEL-based authorization rules for simple inline policies. Cerbos replaces or extends these with externalized, testable, auditable policies managed outside your gateway configuration. Both can coexist — use CEL rules for simple checks and Cerbos for complex attribute-based decisions.

Learn more about Cerbos

How Cerbos worksCerbos PDPCerbos HubWebinars and ebooksFeatures & use casesSuccess stories

Related integrations

View all integrations →
Agent2Agent
Agent2Agent ProtocolPolicy-driven authorization for inter-agent communication via the Agent2Agent protocol
AI
Aperture
Aperture by TailscaleZero Trust authorization for AI agents routed through Aperture by Tailscale
AI
ChromaDB
ChromaDBTranslate Cerbos query plans into ChromaDB metadata filters
Data filteringAI
Claude Agent SDK
Claude Agent SDKGate Claude agent tool calls and data access through Cerbos policies
AI
Claude Code
Claude CodeCentralized policy enforcement and audit logging for Claude Code agent tool calls
AI
CrewAI
CrewAIPer-agent and per-tool authorization for CrewAI multi-agent workflows through Cerbos policies
AI

Cerbos + Agent Gateway

  • Cerbos policies govern AI agent tool access and data visibility
  • Full audit trail for every AI tool call and data access
  • Per-user permissions enforced across autonomous agent workflows
  • Sub-millisecond policy evaluation with no agent pipeline overhead
Book a free policy workshopTry the Playground