Cerberus – a local firewall for AI agents' tool calls (github.com)

Cerberus has been introduced as a local-first security gateway designed to enhance the safety of autonomous AI coding agents like Claude Code, Codex, Cursor, and Cline. It intercepts every tool call made by these agents, mitigating potential risks by evaluating them through four distinct signals: policy, behavioral, content, and injection. Based on this analysis, Cerberus can either allow, audit, request human approval, or block the execution of commands on the user's machine without relying on any external APIs, thus ensuring that sensitive data remains contained. The significance of Cerberus lies in its ability to act as a safeguard against malicious actions that can occur when coding agents operate unattended, such as inadvertent deletions or data leaks. By integrating a risk scoring mechanism that prioritizes secret exfiltration detection and excessive permissions scrutiny, it provides robust protection at what is termed the "tool boundary." Cerberus also features a forensic dashboard for tracking risk factors during sessions, offering transparency and enabling users to monitor agent behavior closely. This innovation addresses a critical gap in AI safety, making it an invaluable tool for developers leveraging AI in sensitive coding environments.