Cerberus: Governed Production-Neighbor Attach Platform — Full Evaluation¶
Date: March 17, 2026 Domain: cerberus.sh Founder context: Led the original Cerberus project at Uber (similar to Uber's publicly documented SLATE system). Ex-Cash App compliance/identity. Ex-CTO Wendy Labs. Score: 39/50 — CONDITIONAL GO
TL;DR¶
There is a product here. Not as a generic dev tunnel, not as a mirrord competitor, and not as "Uber Cerberus for everyone." The product is: governed, tenant-scoped, prod-safe attach to production neighbors — for humans and AI agents — with safety enforcement and audit trails.
The score is 39/50, which is the highest-scoring new idea since the compliance ops path (which scored higher on market size and regulatory tailwinds). The exceptional founder fit (5/5 — literally built this at Uber) and perfect timing (5/5 — AI agents, platform eng mainstream, Telepresence declining) make this worth pursuing. The risks are market size (~$150M SAM) and competitive pressure from mirrord ($12.5M, 25 people).
Where it sits in the ranking: #3, tied with vision ops. Better founder fit and faster time-to-revenue than vision ops, but smaller market and higher competitive risk. The compliance ops path remains #1 because it has stronger regulatory tailwinds, a bigger addressable market, and a clearer differentiation from incumbents.
The Idea¶
Cerberus is a production-neighbor attach platform. A developer or AI agent runs services locally. Cerberus routes only test-tenant traffic from production to their machine, lets their local code call real production dependencies back through a controlled tunnel, and enforces hard policy around writes, duration, approvals, and automatic cutoff.
The pitch: "Debug against production neighbors without touching production users."
Three proof points: 1. Tenant-scoped routing — only test traffic reaches your machine 2. Automatic fallback and session TTL — bad code gets cut off 3. Audit, approvals, and write guards by default
YC Scorecard: 39/50¶
| # | Dimension | Score | Key Evidence |
|---|---|---|---|
| 1 | Problem Severity | 4/5 | Uber built SLATE. DoorDash deprecated staging entirely. Lyft built internal context propagation. At 50+ microservices, staging is fiction |
| 2 | Problem Frequency | 5/5 | Inner-loop problem — developers hit this multiple times per day. AI agents accelerate frequency 10-100x |
| 3 | Market Size | 3/5 | ~$150M SAM (10K qualifying companies × 30% addressable × $50K ACV). Platform eng market is $5.8B at 23% CAGR but this niche is a fraction |
| 4 | Existing Solutions Quality | 3/5 | mirrord and Signadot are active but have genuine governance gaps. Telepresence declining. Nobody centers governance as first-class |
| 5 | Willingness to Pay | 4/5 | Signadot at $1.7M ARR proves the market. mirrord Teams at $40/seat. Governance unlocks security/compliance budgets (larger wallet) |
| 6 | Buildability | 4/5 | Founder has prototype + literally built this at Uber. MVP (write guards + audit trail + kill switch) achievable in 4-8 weeks |
| 7 | Founder Fit | 5/5 | Built the internal version at Uber. Cash App compliance experience directly relevant to governance angle. Owns cerberus.sh |
| 8 | Timing | 5/5 | AI agents creating explosive demand. Telepresence weakening. Platform eng mainstream (Gartner: 80% by 2026). mirrord just validated category with $12.5M raise |
| 9 | Growth Mechanics | 3/5 | Platform team → developers → next company. No viral loop. Uber alumni network is distribution advantage |
| 10 | Defensibility | 3/5 | Integration depth + audit trail data creates switching costs. But mirrord could ship governance features in 6-12 months |
Competitive Landscape¶
The Three Competitors¶
| mirrord (MetalBear) | Signadot | Telepresence | |
|---|---|---|---|
| Funding | $12.5M seed (Sept 2025) | $4.15M total | Acquired by Gravitee (July 2025) |
| Team | 25 people | 11 people | Folded into Gravitee/Blackbird |
| Revenue | Not disclosed | ~$1.7M ARR (Dec 2024) | Not disclosed |
| Architecture | Process-level injection (LD_PRELOAD/dylib) | In-cluster sandboxes + routing keys | Cluster VPN + sidecar injection |
| Pricing | $40/seat/month (Team) | $250/month base (Business) | Bundled into Gravitee platform |
| Governance | Basic policies via K8s CRDs. No write guards, no approval workflows, no audit trails | Audit logs (Enterprise only). No write guards, no kill switch | Admin restrictions, TTLs. No governance UI |
| AI Agents | mirrord for CI (Jan 2026) — runtime connectivity for CI agents | MCP server for sandbox creation/management by agents | None |
| Production targeting | Technically possible, not marketed or governed for it. Docs use "staging" language | DoorDash case study shows sandbox-in-production, but forked pods (not production attach) | Possible but not governed |
| Kill switch | Manual disconnect only | No | Admin revocation |
| Write protection | No | No (sandbox isolation provides some natural protection) | No |
| Stars | 5K | Not disclosed | 6.9K |
What Nobody Has Built¶
The SLATE-shaped gap that no commercial product fills:
| Capability | mirrord | Signadot | Telepresence | SLATE (Uber) | Cerberus |
|---|---|---|---|---|---|
| Local process receives production-path traffic | Yes (mirror/steal) | Yes (local mapping + routing key) | Yes (intercept) | Yes (SSH tunnel) | Yes |
| Traffic scoped to test tenant only | No (all or HTTP-filtered) | Yes (routing key) | No (pod-level) | Yes (host tenancy mapping) | Yes |
| Downstream dependencies are production | No (staging) | Partial (fall-through to baseline) | No | Yes | Yes |
| Write guards on downstream mutations | No | No | No | Read-only default | Yes |
| Automatic kill switch | No | No | No | TTL + manual | Yes |
| Service-owner-gated access | No | No | No | LDAP + service owner | Yes |
| Bounded TTL with auto-expiry | Timeout only | No | Admin-configurable | 2-day default | Yes |
| Compliance-grade audit trail | Usage monitoring (Team+) | Audit logs (Enterprise) | Enterprise | Internal LDAP logs | Yes |
| Approval workflow | No | No | No | Implicit (LDAP) | Yes |
The Governance Gap Is Real But Time-Limited¶
mirrord has $12.5M and 25 people. They are focused on developer experience, not compliance — but they could pivot. Estimate: 6-12 months before mirrord ships meaningful governance features. Signadot already has the routing-key architecture that naturally enables tenant scoping, but their governance layer is thin (audit logs are Enterprise-only, no write guards, no kill switch). Estimate: 12-18 months before Signadot's governance story catches up.
The window is real but finite. First-mover in governance-first production attach has 6-18 months of differentiation.
The AI Agent Angle¶
AI agent adoption is up 840x YoY (Oasis Security data). Every company adopting Cursor/Claude Code/Devin needs a way to validate agent-generated code against real environments.
Current state: - mirrord: "mirrord for CI" gives agents runtime connectivity. Good but no governance. - Signadot: MCP server lets agents create/manage sandboxes. Most integrated approach today. - Oasis Security: Cursor partnership for "intent-based access management" — governs what agents CAN do, not where their requests GO. - Coder: Markets "network-level boundaries for AI agent access." Environment management, not production routing.
The gap: Nobody provides governed production-neighbor access specifically for AI agents. Cerberus as "the safety layer for AI agents testing against production" is a timely, unoccupied position.
But: AI is a tailwind and distribution channel, not the primary differentiation. Lead with governance for human developers. Build the agent story as expansion.
Market Validation¶
Size¶
| Layer | Size | Source |
|---|---|---|
| Platform engineering market | $5.8B (2025) → $47B (2035) | SNS Insider, Cervicorn |
| IDP software sub-segment | $1.7-2.3B (2025) | DataIntelo |
| Production-attach/environment tooling | ~$250-460M TAM | 15-20% of IDP software |
| Governed production-attach (SAM) | ~$150M | ~10K qualifying companies × 30% × $50K ACV |
| Reachable Year 3 (SOM) | $3.6M-20M ARR | 60-150 customers × $60-100K ACV |
The Pain Is Documented¶
- 69% of developers lose 8+ hours/week on technical inefficiencies including environment waiting (Atlassian)
- 40% of K8s users report configuration drift impacts environment stability (Komodor)
- 2024 DORA Report (39K professionals): "fragile, slow, contentious staging environments" = primary negative DX driver
- A 100-person eng team losing 2% productivity to infra friction costs $300-400K/year
- Uber, DoorDash, Lyft each spent $1-3M+ in engineering salary building internal production-testing systems because no commercial product existed
Who Buys¶
- Primary buyer: Platform Engineering Lead / Director of DevEx
- Budget authority: VP Engineering or CTO
- End users: Developers, devpods, AI agents
- Best ICP: 100-1,000 engineers, 50+ services, K8s + programmable gateway/mesh, existing notion of test accounts or routing headers
- Bottom-up adoption falling: TechCrunch found engineers allowed to install tools in sandbox dev fell from 76% to 46% (2022→2023). Production-touching tools require platform team buy-in from day one.
Pricing¶
Recommended: Platform pricing, not per-seat.
| Tier | Price | Included |
|---|---|---|
| Free | $0 | 1 cluster, 10 sessions, 7-day audit log |
| Growth | $1,200/month ($14.4K/year) | 3 clusters, 50 sessions, 90-day audit, AI agent policy |
| Enterprise | $4,000-12,000/month | Unlimited, SSO, SOC 2 export, SLA |
LTV:CAC estimate: 3.4:1 conservative, 8:1 optimistic. Healthy at scale.
Pre-Mortem: Top 5 Failure Modes¶
| # | Failure Mode | Likelihood | Mitigation |
|---|---|---|---|
| 1 | mirrord ships governance features and closes the gap | HIGH | Move upmarket to regulated industries faster. Make audit trail and approval workflow so deep that mirrord's bolt-on feels inadequate |
| 2 | Market too small / too niche | MEDIUM | Expand to AI agent governance as standalone use case. Support staging, not just production |
| 3 | Enterprise sales cycle too long for seed-stage | MEDIUM-HIGH | Open-source core (proxy) + commercial governance layer. Free tier for evaluation |
| 4 | Integration complexity explodes across customer environments | MEDIUM-HIGH | Very narrow golden path: K8s + Envoy/Istio + header routing. Say no to customers outside the path |
| 5 | Uber pedigree attracts enterprise interest before product can deliver at scale | MEDIUM | Land-and-expand: single team/domain first, prove value, then expand |
What to Build (If Pursuing)¶
Architecture¶
┌──────────────────────────────────────────┐
│ Cerberus Control Plane (self-hosted) │
│ ├── Session broker (short-lived leases) │
│ ├── Policy engine (write guards, TTL) │
│ ├── Approval workflow │
│ ├── Audit trail (tamper-evident) │
│ └── Health guard (auto-cutoff) │
└──────────────────────────────────────────┘
↕ mTLS tunnel
┌──────────────────────────────────────────┐
│ Gateway Plugin (Envoy/Istio/NGINX) │
│ ├── Traffic selector (tenant key) │
│ ├── Route to tunnel endpoint │
│ └── Fallback to baseline on disconnect │
└──────────────────────────────────────────┘
↕ outbound mTLS tunnel
┌──────────────────────────────────────────┐
│ Local Agent (laptop/devpod/AI worker) │
│ ├── Outbound egress proxy │
│ ├── Heartbeat + health reporting │
│ └── Default-deny mutations │
└──────────────────────────────────────────┘
MVP (Weeks 3-8)¶
Three things no competitor has: 1. Write guards — block POST/PUT/DELETE to production downstreams by default, explicit allowlist by service/method/route 2. Audit trail — who attached, to what service, what traffic was routed, what happened, tamper-evident 3. Kill switch — auto-cut traffic back to baseline on disconnect, heartbeat failure, latency spike, or 5xx threshold
Start with: one service, one cluster, one routing context (Envoy/Istio + header-based tenant key), one attach session, strong governance.
What NOT to Build First¶
- General-purpose cluster VPN
- Full preview environments
- Database branching
- Queue splitting
- IDE plugins for everything
- "Works on every runtime and platform"
Competitive Positioning¶
| Tool | Position |
|---|---|
| Telepresence | Cluster connectivity + intercept toolbox |
| mirrord | Fastest local-process-in-K8s workflow with team controls |
| Signadot | Sandbox / preview / AI agent validation platform |
| Cerberus | Governed attach to production neighbors, for humans and agents, with tenancy-scoped routing and safety enforcement |
Where This Fits in the Overall Ranking¶
Updated Ranking (March 17, 2026)¶
| # | Opportunity | Score | Founder Fit | Sales Cycle | Capital | Key Risk |
|---|---|---|---|---|---|---|
| 1 | Self-hosted compliance ops for fintechs | A | Strongest (Cash App) | 3-6 mo | Low | Competition from Unit21/ComplyAdvantage front line |
| 2 | Privilege-safe legal matter workbench | B+ | Weaker | 6-12 mo | Medium | Harvey/Legora/CoCounsel incumbents |
| 3a | Cerberus: governed prod-attach | B+ | Exceptional (built this at Uber) | 3-6 mo | Low-Medium | mirrord closing governance gap |
| 3b | Private vision ops for Jetson fleets | B+ | Strong (Wendy Labs) | 12-18 mo | High | NVIDIA platform risk, long sales cycle |
| 4 | Air-gapped dev copilot (ITAR/CMMC) | B | Medium | 12-18 mo | High | Tabnine + Mistral Code |
| 5 | Edge agent runtime | B- | Strong | 12-18 mo | High | Capital-intensive |
| 6 | Generic sovereign AI platform | C | N/A | N/A | N/A | Dead as product |
Why Cerberus Ranks #3a (Tied With Vision Ops, Above Dev Copilot)¶
Pros vs. compliance ops (#1): - Perfect 5/5 founder fit (built this at Uber, literally the domain expert) - Faster to MVP (4-8 weeks vs 6 weeks for compliance) - Developer tool pricing is proven - AI agent angle is timely - Clean domain and story
Cons vs. compliance ops (#1): - Smaller SAM (~$150M vs larger compliance market) - No regulatory mandate driving urgency (compliance has OFAC/FinCEN/Treasury) - Higher competitive risk (mirrord has $12.5M and is actively shipping) - Narrower customer funnel (needs 50+ microservices + routing context) - Growth mechanics are weaker
Pros vs. vision ops (#3b): - Faster sales cycle (3-6 months vs 12-18 months) - Lower capital needs (bootstrappable vs seed required) - Faster to MVP (4-8 weeks vs months) - Stronger personal founder fit (literally built this) - Proven buyer persona (platform eng)
Cons vs. vision ops (#3b): - Smaller TAM ($150M vs $700M) - Higher competitive pressure (mirrord/Signadot vs. empty Layer 5) - Less structural moat (no regulatory mandate forcing on-prem)
The Strategic Question¶
Can Cerberus and compliance ops coexist as parallel bets?
Yes, if scoped right. Cerberus MVP is 4-8 weeks and targets a different buyer (platform eng) with a different sales motion (bottom-up PLG → platform team procurement). The compliance ops path targets fintech compliance officers with a different product entirely. A founder could validate Cerberus with 15-20 interviews (Weeks 1-3) while simultaneously running the compliance interview track.
But only if the founder has the bandwidth. Running two validation tracks is twice the work. If forced to choose one, compliance ops still wins on market size, regulatory tailwinds, and differentiation durability.
Next Steps (If Pursuing Cerberus)¶
| Week | Action |
|---|---|
| 1-3 | Interview 15-20 platform eng leaders. Ask: "What prevents you from adopting mirrord/Signadot for production-neighbor testing?" Listen for governance/compliance as the #1 blocker |
| 1-2 | Try mirrord yourself — feel its gaps firsthand |
| 2 | Decide open-source strategy (proxy OSS + governance commercial) |
| 3-8 | Ship narrow MVP: write guards + audit trail + kill switch on K8s + Envoy |
| 4-10 | Secure 3 design partners (use Uber alumni network) |
| 6+ | Build AI agent story as expansion (MCP server, agent identity) |
Kill Signals¶
- If governance is "nice-to-have" (#3+ blocker) not "must-have" (#1 blocker) in interviews
- If mirrord announces comprehensive governance features before you have design partners
- If first 3 design partners each need fundamentally different integrations
Go Signals¶
- If 12+ of 20 respondents cite governance/compliance as THE reason they haven't adopted existing tools
- If 3+ companies express willingness to pay for a pilot in the first 20 interviews
- If a major AI agent platform expresses interest in partnership
Sources¶
Competitive: MetalBear/mirrord (PR Newswire $12.5M, pricing page, architecture docs, security docs, Gartner Cool Vendor); Signadot (pricing page, architecture docs, DoorDash/Brex case studies, MCP server docs, Latka $1.7M ARR); Telepresence (GitHub, CNCF, Gravitee acquisition); Gefyra (GitHub); Tilt (Docker acquisition); DevSpace (CNCF donation); Skaffold (Google).
Market: SNS Insider/Cervicorn (platform eng market $5.8B); DataIntelo (IDP $1.7-2.3B); Gartner (80% platform teams by 2026); DORA 2024 Report; Atlassian/Wakefield (69% lose 8+ hrs/week); Komodor (40% drift impacts); Tigera (50K+ K8s companies).
SLATE/Internal builds: Uber SLATE blog (debugging with production neighbors); DoorDash multi-tenant architecture; Lyft staging overrides (Envoy context propagation).
AI Agents: Oasis Security (840x YoY agent growth, Cursor partnership); Box Cursor Plugin; Coder (network boundaries for agents); ISACA (auditing agentic AI); MarketsandMarkets (AI agents $7.84B → $52.62B by 2030).