WebAssembly (WASM) embedded Policy Decision Points

Cerbos Hub introduces a unique, flexible approach to authorization by leveraging WebAssembly (WASM) for embedded Policy Decision Points (PDPs).

Lightweight and compatible

Take advantage of a stateless and scalable authorization system that seamlessly integrates into your environment. Unlike the standard open source PDP, an embedded PDP can be deployed as a library instead of a service at edge, on client devices and in serverless environments. Cerbos Hub delivers this feature by creating a policy file on CDN, pre-compiled and ready to be loaded into your application, all whilst maintaining the same API as the PDP service.

Since launching embedded PDPs, we have heard consistent feedback from teams using client-side authorization at scale: more control over bundle contents, tenant isolation in multi-tenant applications, security controls for sensitive authorization logic. We have delivered on that feedback with ePDP Rules - a new way to configure exactly what policies are served to which clients, with enterprise-grade security built in.

Advantages of an embedded PDP

Easier front-end policy checks: The lightweight design lets your application make decisions on UI rendering faster, and without making a call to the backend
Portability: Usable in serverless environments like Vercel and Netlify.
Reduce latency: Process authorization decisions directly on the user's device. Or distribute your authorization logic closer to the user by embedding it at the edge, ensuring rapid response times and reduced central server loads.
Security and consistency: As Cerbos Hub distributes policies for both the Policy Decision Points (PDPs) and the WebAssembly modules - any changes to policy are reflected everywhere with no extra work. Ensure a consistent and unified approach to policy enforcement.

Join hundreds of leading companies using Cerbos

The world's leading crypto finance house serving people, projects, protocols and institutions since 2011.

Utility Warehouse synchronizes authorization across 4,500 services and secures millions of NHIs.

One of the world's leading automobile manufacturers.

Flash eliminates authorization technical debt and doubles corporate card spending with Cerbos.

4G Capital saves a quarter-million dollars per year with Cerbos.

An employee experience that people love.

Creating a world where workplaces work better.

BarrierSystems integrates Cerbos into smart vehicle access gates, cutting internal costs by 15%.

Most secured and interactive NG911 cloud native communications platform for mission-critical contact centers.

The number 1 company in Italy to buy and sell.

Enhancing and accelerating the software development lifecycle.

Protecting user data with true end-to-end encryption.

The leading European analyst firm in identity and access management.

Modern and digital survey solutions for companies.

Complex (NTWRK) makes a complex access control system easy to manage with Cerbos.

The experts in medical imaging technology.

Making the world a better place to work together.

An early stage tech venture investor.

The collaborative platform to build conversational AI.

Human Managed creates a future-proof ABAC engine with Cerbos.

The fastest development platform.

Delivering innovative solutions to track and certify data and operations.

The leading contract creation and collaboration platform.

One of the world's fastest-growing global technology services provider.

9fin modifies product packaging in 10 minutes.

Cerbos helps Salesroom save over $1MM worth of developer time.

People analytics platform: Fast track to the insights behind your people data.

Advanced malware and phishing analysis.

Logistics payments without the logistics.

Nook onboards 3x more users by implementing granular roles and permissions.

A react-based framework for building internal tools, rapidly.

Debite accelerates compliance certification and ships products faster.

Supy offers dynamic role management to their clients with Cerbos.

Loop secures air-gapped cash deposit machines with Cerbos.

Making the world a better place to work together.

Build and manage residential investment portfolios.

Securely manage application secrets and configurations.

A discussion-first platform without language issues.

Collaborative team design canvas that equips tech leaders to make smarter org design decisions.

The world's leading crypto finance house serving people, projects, protocols and institutions since 2011.

Utility Warehouse synchronizes authorization across 4,500 services and secures millions of NHIs.

One of the world's leading automobile manufacturers.

Flash eliminates authorization technical debt and doubles corporate card spending with Cerbos.

4G Capital saves a quarter-million dollars per year with Cerbos.

An employee experience that people love.

Creating a world where workplaces work better.

BarrierSystems integrates Cerbos into smart vehicle access gates, cutting internal costs by 15%.

Most secured and interactive NG911 cloud native communications platform for mission-critical contact centers.

The number 1 company in Italy to buy and sell.

Enhancing and accelerating the software development lifecycle.

Protecting user data with true end-to-end encryption.

The leading European analyst firm in identity and access management.

Modern and digital survey solutions for companies.

Complex (NTWRK) makes a complex access control system easy to manage with Cerbos.

The experts in medical imaging technology.

Making the world a better place to work together.

An early stage tech venture investor.

The collaborative platform to build conversational AI.

Human Managed creates a future-proof ABAC engine with Cerbos.

The fastest development platform.

Delivering innovative solutions to track and certify data and operations.

The leading contract creation and collaboration platform.

One of the world's fastest-growing global technology services provider.

9fin modifies product packaging in 10 minutes.

Cerbos helps Salesroom save over $1MM worth of developer time.

People analytics platform: Fast track to the insights behind your people data.

Advanced malware and phishing analysis.

Logistics payments without the logistics.

Nook onboards 3x more users by implementing granular roles and permissions.

A react-based framework for building internal tools, rapidly.

Debite accelerates compliance certification and ships products faster.

Supy offers dynamic role management to their clients with Cerbos.

Loop secures air-gapped cash deposit machines with Cerbos.

Making the world a better place to work together.

Build and manage residential investment portfolios.

Securely manage application secrets and configurations.

A discussion-first platform without language issues.

Collaborative team design canvas that equips tech leaders to make smarter org design decisions.

Find out more

Features, benefits & use cases

Fit Cerbos seamlessly into your tech stack

Playground

Prototype policies in your browser right now

Cerbos Hub

Implement roles & permissions in your app

Speak to an engineer

Book an intro call and learn more

Cerbos

/assets/footer/socials/x.svg

/assets/footer/socials/github.svg

/assets/footer/socials/mail.svg

/assets/footer/socials/youtube.svg

/assets/footer/socials/slack.svg

/assets/footer/socials/npm.svg

/assets/footer/compliance/soc-2.svg

/assets/footer/compliance/gdpr.svg

Authorization for enterprise software

Application permissions SaaS multi-tenant access control Per-tenant authorization Authorization for non-human identities Programmatic permission management Product packaging

Authorization for AI systems

Agentic AI authorization MCP server access control RAG authorization Agentic commerce security

By industry

Fintech Insurance Energy and Utilities

By business requirement

Zero Trust Compliance and audit logs AI security On-premise and Air gapped RBAC ABAC PBAC

Getting started

Documentation Quickstart Playground Integrations Tech Blog Community Slack support

How it works

See how Cerbos works Policy Decision Point Policy Administration Point

Resources

About Success stories Webinars and eBooks News Features, benefits and use cases Partnerships Subscribe

Useful links

Translating business requirements to authorization policy How to adopt externalized authorization Securing MCP servers using dynamic authorization 3 most common authorization designs for SaaS products Service to service authorization Filtering data using authorization logic Standardized authorization with AuthZEN Open source access control Best open source auth tools

What is Cerbos?

Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.

Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.

© 2026 Cerbos.dev

Terms of Service

Privacy Policy

Trusted Tester Agreement

Trademark Guidelines