Secure AI agents and MCP tool calls with Cerbos authorization

Control what AI agents can access, which models they call, and which MCP tools they invoke, all enforced by authorization policy at the AI gateway. No rebuilding your stack, no per agent custom code. This demo walks through the pattern teams are using to roll out AI agents safely. Agents run in a sandbox with outbound access blocked, and every connection leaves through an AI gateway like the CNCF agent gateway or LiteLLM. Cerbos plugs into that gateway as the authorization guardrail and becomes the decision point for every model call and every MCP tool call. You see it end to end in a support ticket system. Alice, a tier 1 support agent, has tickets already triaged by an autonomous agent. Policy decides which MCP servers each agent can reach, so the triage agent can touch tickets and CRM but not payments or payroll. When Alice delegates a refund handler agent acting on her behalf, it asks for a $9,000 refund and gets denied at the gateway because a tier 1 agent's refund cap is exceeded. The denial is caught before the MCP tool runs, and the reason is fed back to the LLM so the agent updates the ticket instead. Cerbos Synapse enriches each request with the context of the task and the caller's identity, whether that's the agent identity, the on behalf of user identity, or a workload identity from something like SPIFFE. Cerbos Hub is the control plane for the policies and the unified audit trail of every decision across the model and MCP layers. Topics covered: ✓ Securing AI agents with authorization policy at an AI gateway ✓ Controlling MCP server and MCP tool access per agent identity ✓ Model access control so agents only call the LLM the task needs ✓ Argument-aware refund limits and tier-based policy checks ✓ On behalf of, agent, and workload (SPIFFE) identity for non-human identities ✓ Audit trail and decision logging in Cerbos Hub ✓ Returning denial context back to the LLM and the agent ✓ Plugging into existing agent sandboxes, AI gateways, and MCP servers Chapters: 0:00 How companies are rolling out AI agents 0:29 The security gaps with no audit trail, governance, or kill switch 1:31 The AI gateway and sandbox model 2:25 Where Cerbos fits as the authorization guardrail 3:17 Demo, an autonomous agent triaging a support ticket 3:48 Policy-driven MCP access by agent identity 4:17 Viewing enriched decisions in Cerbos Hub 4:55 A delegated refund agent acting on behalf of a user 5:20 A $9,000 refund denied at the gateway 6:19 The refund cap policy in the policy store 6:44 One architecture for model and MCP tool access For more details: https://www.cerbos.dev/features-benef... #AIAgents #AIGateway #LiteLLM