Happy New Year! We hope you all had a great break. Thank you for your continued support over the past year, and we look forward to continuing this journey together in 2026. Check out our 2025 year in review for the highlights, awards, and milestones made possible by your support.

Since our last update, we released Cerbos PDP v.0.48, providing OpenID AuthZEN support, improved query plans, faster bundle loading; Cerbos PDP v.0.49, enabling piping Hub audit logs to secondary backend; and Cerbos PDP v0.50.0, tightening CEL identifier rules, aligning query plan behavior with actual decisions across scopes, and introducing optimizations that reduce compute usage and speed up policy evaluation.

We published new resources to help teams strengthen their authorization strategy. These include a comprehensive ebook on implementing multitenant authorization that scales, a comparison of Cerbos PDP and Cerbos Hub to help teams choose the right setup, a dive on how to use the latest version of the Mongoose adapter for Cerbos Query Plans, and insights from our CPO's discussion on applying Zero Trust principles to MCP servers. We also carried out a webinar on securing agentic AI in production - grab the recording to learn about real attack vectors, guardrail patterns, and authorization models for AI agents.

Looking at the broader authorization landscape, we highlighted key takeaways from Gartner IAM Summit 2025 on why identity security is expanding to every workload, discussed main topics from Workload Identity Day 0 at KubeCon, shared our thoughts on Broken Access Control topping the OWASP Top 10 list yet again, and celebrated the ratification of the OpenID AuthZEN specification - a real milestone for authorization, with our CPO Alex Olivier appointed co-chair of the working group.

Product Updates

Cerbos Hub

With the latest updates, teams can experiment with real policies in the playground with much less setup. It is possible to create a playground directly from an existing policy store, making it easy to test changes against production-grade policies in a safe, isolated environment, or use an existing store as the starting point for new authorization models. The playground also supports drag-and-drop zip files containing policies and tests, simplifying how complete policy sets are loaded and shared.

Understanding authorization decisions is now more straightforward. Audit logs in Cerbos Hub support deep linking, allowing you to click from an audit entry directly to the policy that was evaluated. This reduces context switching and makes it faster to investigate decisions, review incidents, and understand how specific outcomes were produced.

Feedback and visibility when authoring policies have been improved. Failed test cases now show a side-by-side diff between expected and actual outputs, and execution traces are available directly in the playground explore tab to show how requests are evaluated.

See the release notes for details

Learn about Cerbos Hub

Get started with Cerbos Hub

Cerbos PDP

Version v0.48 of Cerbos PDP introduces first-class support for the AuthZEN Authorization API, a more capable Git upload flow for Hub stores, and a set of under-the-hood improvements that make policy distribution and evaluation faster and more predictable. It also includes several targeted fixes that remove edge-case inconsistencies discovered by users integrating Cerbos into large multi-tenant deployments. 

Version v.0.49 enables piping Hub audit logs to secondary backend.

Finally, version v0.50.0 brings a set of important changes to policy semantics, scope handling, and evaluation performance. This version tightens CEL identifier rules, aligns query plan behavior with actual decisions across scopes, and introduces optimizations that reduce compute usage and speed up policy evaluation.

Before upgrading in production, we strongly recommend validating your policies and workloads in a staging environment due to the breaking changes outlined here.

You can find the full release notes here: v0.48, v0.49, v0.50.0

Cerbos PDP is open source, check out our GitHub

Helpful Content

[Ebook] A guide to multitenant authorization

We've distilled everything we've learned, from real-world implementations, architecture patterns, and painful lessons, into a practical guide that shows teams how to implement dynamic, multitenant authorization that actually scales.

You will learn: 

• Why fixed roles break at enterprise scale (and what role explosion really looks like)
• How to implement authorization that mirrors each tenant's organizational reality
• Architecture patterns for separating platform-wide rules from tenant-specific policies
• How to balance central control with tenant self-service and delegated administration
• Real examples from leading SaaS companies scaling authorization across thousands of tenants
• The PEP/PDP/PAP pattern and policy-as-code workflows

Upcoming Events

Meet our team members and check out their talks to get valuable insights:

• Alex Olivier, Cerbos’ CPO and Co-Founder, will be attending and speaking at Gartner IAM Summit in London, March 9-10. Along with another member of OpenID AuthZEN, Alex will be covering the topic of “Externalize authorization, secure your AI processes, and achieve runtime authorization with OpenID AuthZEN” If you stop by to listen - let us know what you think!