Cerbos
Role in IAAI Architecture
Cerbos is a lightweight, Git-native policy engine operating in Pillar A as a callable authorization service, with particularly strong fit for low-latency Pillar B RAG pipeline pre-retrieval checks and Pillar C output filtering. Cerbos emits authorization decision logs consumed by Pillar D SIEM for audit trails.
Linked Evidence
No public evidence links have been attached directly to this vendor profile yet.
Assertions
Cerbos translates authorization policies into native Weaviate query filters
Cerbos documents that its query plan API can translate authorization policy into Weaviate-compatible query filters before retrieval, allowing Pillar A identity-aware authorization to constrain which objects and chunks Weaviate returns in a RAG workflow.
Cerbos translates authorization policies into native Pinecone query filters
Cerbos documents that its query plan API can translate authorization policy into Pinecone-compatible metadata filters before retrieval, allowing Pillar A identity-aware authorization to constrain which vectors and document chunks Pinecone returns in a RAG workflow.
Cerbos integrates with LangChain as a tool-call authorization runbook for AI agents
Cerbos provides a documented LangChain integration pattern in which LangChain agents call the Cerbos policy decision point before tool invocations, allowing Pillar A authorization policies to constrain which retrieval tools or resources Pillar B pipelines can access on a per-user and per-context basis.