The special Startups of The Year 2024 Winners Interview series is a celebration of all this year’s Tech Champions. You’ve earned it! The HackerNoon community can’t wait to learn more about your journey! The special Startups of The Year 2024 Winners Interview series is a celebration of all this year’s Tech Champions. You’ve earned it! The HackerNoon community can’t wait to learn more about your journey! The special Startups of The Year 2024 Winners Interview series is a celebration of all this year’s Tech Champions. You’ve earned it! The HackerNoon community can’t wait to learn more about your journey! https://hackernoon.com/startups/industry/access-control https://hackernoon.com/startups/industry/access-control https://hackernoon.com/startups/industry/access-control Tell us about you. Cerbos is an authorization management solution for authoring, testing, and deploying access control policies. Implement scalable and secure fine-grained authorization. Cerbos Cerbos externalizes authorization from core application code, enabling teams to implement secure, adaptable access controls faster and with greater confidence. Cerbos makes authorization a scalable service rather than a bottleneck. Tell us how your startup is changing the world. Authorization has been a hidden complexity inside application code for too long, slowing development and increasing risk. Cerbos changes that by externalizing and standardizing access control. By offering a low-code, stateless, and language-agnostic solution, Cerbos transforms authorization from an opaque, hardcoded process into a flexible, auditable, and collaborative part of modern software architecture. We enable companies to adapt quickly to security, regulatory, and product changes—without reengineering their applications from scratch. What sets you apart from the competition? Cerbos was built from the ground up to support flexibility, scalability, and security at scale. Stateless PDPs: Deliver low-latency, in-environment decisions without managing application state. Stateless PDPs Policy-as-Code: Enable versioning, testing, and collaboration like any other critical part of the stack. Policy-as-Code Zero Cloud Lock-In: Deploy Cerbos anywhere—on-prem, cloud, hybrid. Zero Cloud Lock-In Fine-Grained: Combine role, attribute, and contextual information seamlessly. Fine-Grained Built-in audit logging: Meet compliance needs like ISO27001 and SOC2 without extra effort. Built-in audit logging Developer-first tooling: SDKs, starter projects, and the Cerbos Playground for collaborative policy development. Developer-first tooling Identity-Agnostic Authorization: Cerbos can authorize access for humans, non-human identities (NHIs), AI agents, services, and more—all using the same set of tested, audited, and versioned policy for consistent authorization. Identity-Agnostic Authorization In short, Cerbos turns months of engineering complexity into days of implementation, and that’s just the beginning. What does it mean for you to win this title? Winning HackerNoon's Startup of the Year for Access Control validates both the problem we set out to solve and the way we approached it. It’s confirmation from the tech community that secure and scalable authorization isn't just a "nice-to-have"—it’s becoming a critical layer of modern infrastructure. This recognition drives us to continue pushing the standard for what good authorization looks like. What do you love about your team, and why are you the ones to set out for this mission? At Cerbos, we're a globally distributed team united by a shared mission: to make authorization simple and accessible for developers everywhere. Our diverse backgrounds span large-scale distributed systems, developer tooling, and cloud-native architectures, all of which require fine-grained access controls, equipping us with the expertise to tackle the complexities of access control. Our culture is built on core values: Clarity and Pragmatism: We prioritize straightforward solutions that address real-world developer challenges, avoiding unnecessary complexity.
Security and Reliability: Every line of code is written with a focus on robust security practices and dependable performance.
Open Collaboration: We believe in working transparently and cohesively, fostering an environment where ideas are shared, and feedback is valued.
Continuous Learning: Our team embraces change and is always eager to learn, adapt, and improve based on new information and technologies. Clarity and Pragmatism: We prioritize straightforward solutions that address real-world developer challenges, avoiding unnecessary complexity. Clarity and Pragmatism Security and Reliability: Every line of code is written with a focus on robust security practices and dependable performance. Security and Reliability Open Collaboration: We believe in working transparently and cohesively, fostering an environment where ideas are shared, and feedback is valued. Open Collaboration Continuous Learning: Our team embraces change and is always eager to learn, adapt, and improve based on new information and technologies. Continuous Learning By embodying these principles, we've created a team that's not only capable of addressing the intricate challenges of modern authorization but also passionate about delivering solutions that empower teams to build secure applications with ease. Looking back, what milestone was the biggest turning point for your startup? Launching Cerbos Hub was a pivotal moment - after releasing our open source policy decision point to the world, we got a tonne of insights and feedback from real-world production use cases of where Cerbos could be used, and what workflows were missing in order to operate in both small companies and global enterprise businesses. Cerbos Hub took these pains and delivered a holistic solution for authorization - It proved that policy management, testing, and observability—at scale—could be done in a way that both developers and security teams could love. It also marked Cerbos’ move from a tool used by early adopters to a complete platform adopted by large-scale production environments. What’s one valuable lesson you learned this year that you’d pass on to other startups? One of the most valuable lessons we at Cerbos want to share with other startups, is the critical importance of deeply understanding your market and validating your product concept before scaling. This insight was a cornerstone of our journey and is something we'd strongly pass on to other startups.​ Cerbos was born from firsthand experience. Our co-founders had dealt with authorization challenges countless times across various companies, from startups to tech giants like Google. They recognized that authorization was often a recurring problem that diverted valuable time and resources away from a company's core mission. This realization led to the creation of Cerbos: a solution designed to prevent teams from repeatedly reinventing the authorization wheel.​ Before writing a single line of code, we engaged extensively with potential customers to understand their pain points around authorization. This proactive approach ensured we were addressing a real, unmet need in the Identity and Access Management (IAM) space, which is poised for significant growth.​ For startups, our key takeaway is this: invest time in understanding your users' needs and validate your product concept thoroughly. This foundation will guide your development, help you avoid costly missteps, and position you for sustainable growth. How do you envision your industry evolving in the coming years, and how will your startup stay ahead? Applications are growing more complex. Identities are no longer just humans—they now include AI agents, non-human identities (NHIs), services, bots, and IoT devices. In this environment, permissions must adapt in real-time, across distributed systems, without introducing security gaps or compliance risks. Cerbos is already pushing into these frontiers. Guardrails for AI and RAG-based systems: As AI agents increasingly access sensitive enterprise data, Cerbos enables fine-grained filtering of knowledge sources at query time, ensuring AI responses are built only from data the user is authorized to see.
Secure authorization for Non-Human Identities (NHIs): Cerbos helps protect against OWASP-identified threats to machine identities, by enforcing context-aware, dynamic authorization policies that adapt to automated workflows and system-to-system interactions.
Policy versioning and testing automation: Building resilient access control requires robust tooling to validate policies before deployment. Cerbos offers a test-driven approach to authorization that ensures changes don’t introduce regressions.
Visibility and auditing at global scale: With Cerbos' real-time audit logs and policy observability features, organizations can meet regulatory standards like SOC2 and ISO27001 while securing systems against insider and external threats. Guardrails for AI and RAG-based systems: As AI agents increasingly access sensitive enterprise data, Cerbos enables fine-grained filtering of knowledge sources at query time, ensuring AI responses are built only from data the user is authorized to see. Guardrails for AI and RAG-based systems Secure authorization for Non-Human Identities (NHIs): Cerbos helps protect against OWASP-identified threats to machine identities, by enforcing context-aware, dynamic authorization policies that adapt to automated workflows and system-to-system interactions. Secure authorization for Non-Human Identities (NHIs) Policy versioning and testing automation: Building resilient access control requires robust tooling to validate policies before deployment. Cerbos offers a test-driven approach to authorization that ensures changes don’t introduce regressions. Policy versioning and testing automation Visibility and auditing at global scale: With Cerbos' real-time audit logs and policy observability features, organizations can meet regulatory standards like SOC2 and ISO27001 while securing systems against insider and external threats. Visibility and auditing at global scale We’ll stay ahead by continuously focusing on: Developer experience: Providing powerful yet intuitive tooling.
Security rigor: Anticipating new attack surfaces as architectures evolve.
Architecture flexibility: Supporting decentralized, hybrid, and AI-augmented environments without forcing lock-in or complex rewrites. Developer experience: Providing powerful yet intuitive tooling. Developer experienc Security rigor: Anticipating new attack surfaces as architectures evolve. Security rigor Architecture flexibility: Supporting decentralized, hybrid, and AI-augmented environments without forcing lock-in or complex rewrites. Architecture flexibility How do you or your company intend to embrace the responsibility of this title in 2025? We'll continue investing in: Expanding integrations across ecosystems and frameworks
Deepening developer tooling for policy testing, validation, and audit
Leading standards efforts around authorization patterns in cloud-native and AI-enabled systems as a member of the OpenID Foundation AuthZEN working group
Growing our open-source community, because secure systems are built better together Expanding integrations across ecosystems and frameworks Deepening developer tooling for policy testing, validation, and audit Leading standards efforts around authorization patterns in cloud-native and AI-enabled systems as a member of the OpenID Foundation AuthZEN working group Growing our open-source community, because secure systems are built better together Winning is motivation—but responsibility is fuel for continuous improvement. What goals are you looking forward to accomplishing in 2025? Enhanced AI security


Access controls around prompts


Access controls around RAG vector stores


Access controls around MCP Servers



Enhanced NHI security

Educate authorization practitioners on how best to authorize non-human identities
Contribute to the evolving identity fabric design with targeted solutions for access control use cases
Continue to leverage identity standards such as SPIFFE for authorizing workloads Enhanced AI security


Access controls around prompts


Access controls around RAG vector stores


Access controls around MCP Servers Enhanced AI security Access controls around prompts


Access controls around RAG vector stores


Access controls around MCP Servers Access controls around prompts Access controls around prompts Access controls around RAG vector stores Access controls around RAG vector stores Access controls around MCP Servers Access controls around MCP Servers Enhanced NHI security

Educate authorization practitioners on how best to authorize non-human identities
Contribute to the evolving identity fabric design with targeted solutions for access control use cases
Continue to leverage identity standards such as SPIFFE for authorizing workloads Enhanced NHI security Educate authorization practitioners on how best to authorize non-human identities
Contribute to the evolving identity fabric design with targeted solutions for access control use cases
Continue to leverage identity standards such as SPIFFE for authorizing workloads Educate authorization practitioners on how best to authorize non-human identities Contribute to the evolving identity fabric design with targeted solutions for access control use cases Continue to leverage identity standards such as SPIFFE for authorizing workloads About HackerNoon’s Startups of The Year
Startups of The Year 2024 is HackerNoon’s flagship community-driven event celebrating startups, technology, and the spirit of innovation. Currently in its third iteration, the prestigious Internet award recognizes and celebrates tech startups of all shapes and sizes. This year, over 150,000 entities across 4200+ cities, 6 continents, and 100+ industries will participate in a bid to be crowned the best startup of the year! Millions of votes have been cast over the past few years, and many stories have been written about these daring and rising startups.
The winners will get a free interview on HackerNoon and an Evergreen Tech Company Newspage.Visit our FAQ page to learn more.
Download our design assets here.Check out the Startups of the Year Merch Shop here.HackerNoon’s Startups of The Year is a branding opportunity unlike any other. Whether your goal is brand awareness or lead generation, HackerNoon has curated startup-friendly packages to solve your marketing challenges.
Meet our sponsors:
Wellfound:. Join the #1 global, startup-focused community. At Wellfound, we're not just a job board—we're the place where top startup talent and the world's most exciting companies connect to build the future.
Notion: Notion is trusted and loved by thousands of startups as their connected workspace—from building product roadmaps to tracking fundraising. Try Notion with unlimited AI, FREE for up to 6 months, to build and scale your company with one powerful tool. Get your offer now!
Hubspot: If you’re looking for a smart CRM platform that meets the needs of small businesses, look no further than HubSpot. Seamlessly connect your data, teams and customers in one easy-to-use scalable platform that grows with your business. Get started for free.Bright Data: Startups that leverage public web data can make faster, data-driven decisions, giving them a competitive edge. With Bright Data’s scalable web data collection, businesses can grow from a small operation to an enterprise by harnessing insights at every stage.
Algolia: Algolia NeuralSearch is the world's only AI end-to-end Search and Discovery Platform combining powerful keyword and natural language processing in a single API. About HackerNoon’s Startups of The Year Startups of The Year 2024 is HackerNoon’s flagship community-driven event celebrating startups, technology, and the spirit of innovation. Currently in its third iteration, the prestigious Internet award recognizes and celebrates tech startups of all shapes and sizes. This year, over 150,000 entities across 4200+ cities, 6 continents, and 100+ industries will participate in a bid to be crowned the best startup of the year! Millions of votes have been cast over the past few years, and many stories have been written about these daring and rising startups. Startups of The Year 2024 many stories The winners will get a free interview on HackerNoon and an Evergreen Tech Company Newspage. free interview Evergreen Tech Company Newspage Visit our FAQ page to learn more. FAQ Download our design assets here. here Check out the Startups of the Year Merch Shop here. here HackerNoon’s Startups of The Year is a branding opportunity unlike any other. Whether your goal is brand awareness or lead generation, HackerNoon has curated startup-friendly packages to solve your marketing challenges. startup-friendly packages Meet our sponsors: Meet our sponsors: Wellfound:. Join the #1 global, startup-focused community. At Wellfound, we're not just a job board—we're the place where top startup talent and the world's most exciting companies connect to build the future. Wellfound: Join the #1 global, startup-focused community Notion: Notion is trusted and loved by thousands of startups as their connected workspace—from building product roadmaps to tracking fundraising. Try Notion with unlimited AI, FREE for up to 6 months, to build and scale your company with one powerful tool. Get your offer now! Notion: Try Notion with unlimited AI, FREE for up to 6 months Get your offer now ! Hubspot: If you’re looking for a smart CRM platform that meets the needs of small businesses, look no further than HubSpot. Seamlessly connect your data, teams and customers in one easy-to-use scalable platform that grows with your business. Get started for free. Hubspot: Get started for free Bright Data: Startups that leverage public web data can make faster, data-driven decisions, giving them a competitive edge. With Bright Data’s scalable web data collection, businesses can grow from a small operation to an enterprise by harnessing insights at every stage. Bright Data: Bright Data’s scalable web data collection Algolia: Algolia NeuralSearch is the world's only AI end-to-end Search and Discovery Platform combining powerful keyword and natural language processing in a single API. Algolia: AI end-to-end Search and Discovery Platform

Between Two Computer Monitors: This story includes an interview between the writer and guest/interviewee. 

Algolia

Cerbos

Discovery

Every

Crafting Robust Authorization Systems: Harmonizing Security and User Experience

Get access control for your software

Read My Stories

Co-Founder and CPO

Too Long; Didn't Read

Meet Cerbos, Winner of Startups of The Year 2024 in Access Control

Meet Cerbos, Winner of Startups of The Year 2024 in Access Control

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Are You Empowering Your Development Team Enough?

6 Chatbot Security Measures to Implement

Access Control Systems Help Companies Comply With Regulations: Here's How

Badly Designed Authorization Is Technical Debt

Best Physical Security Practices for Your Server Room

Confidently Working With IAM Roles in AWS

Are You Empowering Your Development Team Enough?

6 Chatbot Security Measures to Implement

Access Control Systems Help Companies Comply With Regulations: Here's How

Badly Designed Authorization Is Technical Debt

Best Physical Security Practices for Your Server Room

Confidently Working With IAM Roles in AWS

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps