IN ACTIVE DEVELOPMENT

Four layers.
Zero blind spots.

Cerberus is a next-generation anti-cheat engine that combines kernel-level protection, behavioral AI, hardware fingerprinting, and network-level sentinel analysis into a unified four-layer defense system. No rootkit. No telemetry. No compromise.

v0.4.2.0b Latest stable
0
Titles in Beta Testing
0
Threats Blocked
0
Sessions Protected
0
Pentest Scenarios Run
Engine --
Sigs: --
Regions: --/3 online
Last sync: --
True Positive Streak: -- days
Daily Digest
Today Yesterday 7-day trend

The gaps in current anti-cheat

Most solutions still rely on techniques designed for an earlier generation of cheats. Here's where they fall short.

Signature-Only Detection
Reactive • Always Behind

Most anti-cheat solutions rely primarily on signature databases — known cheat hashes that are matched at runtime. This means every new cheat version, every recompile, every obfuscation pass creates a window of zero detection. The cheat ecosystem moves faster than signature updates. Public cheats get caught, but paid providers deliver undetected builds within hours of each database update.

No Hardware-Layer Defense
Blind to Physical Attacks

DMA attack boards, firmware-spoofed devices, and external memory readers operate below the software layer entirely. No amount of kernel scanning can detect a cheat that reads game memory from a second machine over PCIe. This attack surface is growing — DMA hardware is cheaper and more accessible every year, and virtually no anti-cheat currently addresses it.

Privacy vs Protection Tradeoff
Always-On • Intrusive

Some solutions require boot-time kernel drivers that run 24/7 — even when you're not playing. This creates a permanent attack surface on every installed system, breaks third-party software like RGB controllers and overclocking tools, and raises serious privacy concerns. Players shouldn't have to choose between security and system integrity.

Four layers, every attack surface covered

Cerberus guards every layer of the stack — kernel, behavior, hardware, and network. No other anti-cheat operates across all four simultaneously.

01
🛡
Kernel Integrity
Deep ring-0 introspection that monitors every syscall, page table modification, and driver load in real-time. Detects threats before they touch game memory.
  • Hypervisor-assisted memory isolation
  • Syscall table tamper detection
  • Page table entry (PTE) manipulation detection
  • Vulnerable driver exploit blocking (BYOVD)
  • Manual map detection — PEB-unlinked executable memory scanning
  • Instrumentation callback & exception handler monitoring
  • Process hollowing & early bird APC injection detection
  • Driver stack integrity attestation
02
🧠
Behavioral AI
Multi-model ML pipeline analyzing input at 1000Hz+. Builds per-player behavioral fingerprints and detects anomalies no signature scanner can catch.
  • Temporal convolutional network (TCN) aim analysis
  • Micro-movement entropy scoring
  • Cross-session behavioral drift detection
  • Humanization bypass detection (jitter/noise)
  • Camera-movement correlation analysis
  • Trigger-timing spectral decomposition
  • Account-sharing & boosting detection
  • Adaptive model retraining per game title
03
🔍
Hardware Fingerprinting
Deep hardware interrogation — PCIe topology mapping, firmware attestation, IOMMU validation, and timing-based DMA detection that catches what device lists miss.
  • PCIe topology & BAR region mapping
  • IOMMU/VT-d configuration attestation
  • DMA timing-anomaly analysis
  • FPGA bitstream fingerprinting & TLP timing profiling
  • USB HID firmware attestation (KMBox/Arduino detection)
  • TPM 2.0 platform integrity attestation
  • GPU shader pipeline tamper detection
  • Multi-ban hardware identity linkage
04
🌐
Network Sentinel
Server-side traffic analysis and cross-player intelligence. Detects coordinated cheating, replay attacks, and packet manipulation that client-side systems can never see.
  • Real-time packet integrity validation
  • Server-side movement reconciliation
  • Cross-player statistical anomaly detection
  • Cheat-cluster & ring identification
  • Session replay forensic analysis
  • External AI inference pattern recognition (DMA + ML detection)
  • Global threat intelligence feed
  • Matchmaking integrity scoring

System architecture

Cerberus operates across four privilege layers — client and server — with zero persistent background processes. Each layer feeds into a unified verdict engine.

Ring 0 — Kernel Mode

WHQL-signed minifilter with hypervisor-assisted memory isolation. Monitors syscall tables, PTE modifications, and driver stacks. Loads on launch, unloads on exit — zero residual footprint.

Ring 3 — User Mode

Multi-model ML pipeline running TCN-based aim analysis, entropy scoring, and behavioral fingerprinting at 1000Hz+. Sub-2ms latency, minimal frame impact in beta testing.

Hardware Layer

Deep hardware interrogation — PCIe topology mapping, IOMMU attestation, TPM 2.0 integrity verification, and timing-based DMA detection that catches what device lists miss.

Network Layer

Server-side traffic validation, cross-player anomaly correlation, cheat-ring detection, and global threat intelligence. Catches what client-side systems can never see.

Protection from launch to exit

Continuous monitoring across the entire game session. Loads on launch, scans during play, unloads on exit.

Phase 1 — Game Launch
Pre-Session Scan
  • Hardware device enumeration and verification
  • System integrity baseline established
  • Driver and module integrity verified
  • Signature database synced
  • DRM license validation (if applicable)
Phase 2 — Active Session
Continuous Monitoring
  • Real-time behavioral AI analysis
  • Continuous system integrity verification
  • Hardware anomaly detection
  • Process and memory protection
  • Confidence-based threat scoring
Phase 3 — Detection Event
Evidence Collection & Response
  • Session snapshot captured for review
  • Detection metadata logged (type, confidence, head)
  • Ban callback fired to game server
  • Borderline cases escalated to manual review
  • Webhook event sent to partner dashboard

What sets us apart

Built from the ground up to cover every attack surface — software, behavioral, and hardware — in a single unified solution.

Capability Traditional AC Cerberus
Kernel-level integrity protection
DMA / hardware attack detection
Real-time behavioral AI~
Firmware-level device verification
Zero telemetry / zero PII
Runtime-only (no always-on driver)~
DRM integrity verification
No third-party driver conflicts

Certified hardware support

Cerberus is tested and validated across all major hardware platforms. Zero driver conflicts, zero broken peripherals.

Intel
CPU & Chipset
AMD
CPU & Chipset
NVIDIA
GPU & Drivers
ASUS
Motherboard & RGB
MSI
Motherboard & OC
Gigabyte
Motherboard & RGB
ASRock
Motherboard
Corsair
Peripherals & iCUE
Logitech
Peripherals & GHub
Razer
Peripherals & Synapse
SteelSeries
Peripherals & GG
Samsung
NVMe & Storage

Cerberus never blocks third-party drivers. No broken RGB software, no disabled fan controllers, no forced reboots. Full compatibility with HVCI, Secure Boot, and Windows 11 kernel-mode hardware-enforced stack protection.

Live cheat landscape

Real-time monitoring of known cheat providers. Detection status, activity level, and threat scoring updated continuously from our research pipeline.

Built for competitive framerates

Cerberus was engineered to be invisible to performance. Every scan, every inference, every check — under budget.

~78%
Blended Detection Rate
Across all cheat categories (beta)
0.14%
False Positive Rate
Borderline cases escalate to manual review
<0.4%
CPU Overhead
Avg across all layers
<3ms
Scan Latency
Per detection cycle
22MB
Memory Footprint
Total runtime allocation
0
Frame Impact
Measured at 240fps

Detection Coverage

Internal benchmark results from controlled pentest environments. Exact rates vary by cheat category and are continuously improving.

Known Signatures Hash-matched binaries, public cheat DBs
92.4%
Internal Cheats DLL injection, manual mapping, shellcode
84.7%
External Overlays Screen readers, pixel bots, GDI hooks
76.2%
Kernel Exploits Ring-0 rootkits, DKOM, callback removal
71.3%
DMA / Hardware PCIe devices, firmware-spoofed hardware
58.6%
DRM Tampering License bypass, binary patching, loader mods
79.1%
Auto-ban (>95%)
Flagged + secondary scan
Escalated to manual review
v0.4.2.0b · Internal pentest environment · Real-world rates vary by title

Protection that scales with you

From indie studios to AAA publishers. Every tier includes zero telemetry, runtime-only activation, and clean session exits.

Starter
Argus
Kernel-level protection for qualifying indie studios and early-access titles. Up to 10K CCU.
Free*
*Application reviewed manually — must demonstrate a shipped or near-launch title
  • Kernel integrity monitoring (ring-0)
  • Signature-based cheat detection
  • Memory permission auditing (RWX scan)
  • Process & module enumeration
  • Code-signing enforcement
  • Basic driver verification
  • Standard ban API + session events
  • SDK documentation & sample projects
  • Community Discord support
  • 10K concurrent player limit
  • Behavioral AI engine
  • Hardware fingerprinting
  • Network Sentinel
  • Threat intelligence reports
  • Dedicated support
Apply for Access
Professional
Aegis
Full AI-powered behavioral detection for competitive titles. Up to 100K CCU.
Contact Sales
Volume-based pricing — tailored to your CCU
  • Everything in Argus
  • Behavioral AI engine (TCN model)
  • 500Hz input sampling & analysis
  • Aim analysis & reaction timing
  • Input cadence anomaly detection
  • Micro-movement pattern recognition
  • Per-player behavioral baselines
  • Confidence-based flag tiers (auto-ban, flag, monitor)
  • ONNX Runtime inference (<2ms)
  • Advanced ban API + webhook events
  • Partner analytics dashboard
  • Priority email support (12hr SLA)
  • Monthly threat intelligence reports
  • 100K concurrent player limit
  • Hardware fingerprinting
  • DMA attack detection
  • Network Sentinel
Create Account
Complete
Cerberus
All four detection layers. Kernel + AI + hardware + network sentinel protection. Up to 500K CCU.
Contact Sales
Volume-based pricing — tailored to your CCU
  • Everything in Aegis
  • Hardware fingerprinting (full PCIe topology)
  • PCIe TLP timing anomaly detection
  • DMA attack board detection & blocking
  • External memory read detection
  • Firmware signature cross-referencing
  • Firmware spoof identification
  • IOMMU/VT-d attestation
  • Hypervisor-aware scanning
  • Network Sentinel (full)
  • Cross-player anomaly correlation
  • Cheat-ring & cluster detection
  • Session replay forensics
  • Matchmaking integrity scoring
  • Real-time threat dashboard
  • Dedicated threat analyst
  • Slack/Discord direct — 4hr SLA
  • 500K concurrent player limit
Create Account
Enterprise
Olympus
Custom-engineered protection for AAA publishers and live-service titles at any scale.
Custom
Volume pricing negotiated per title
  • Everything in Cerberus
  • Unlimited CCU — no player cap
  • Custom detection rule authoring
  • Title-specific AI model training
  • Private threat intelligence feed
  • On-premise deployment option
  • Dedicated red team penetration testing
  • Pre-launch cheat landscape audit
  • White-glove integration onboarding
  • Named account engineer
  • 24/7 engineering escalation hotline
  • SLA-backed uptime guarantee (98%)
  • Custom webhook & event schemas
  • Quarterly executive security briefings
Contact Sales

All plans include zero telemetry collection, runtime-only activation, clean session exits, and full SDK access. During closed beta, all partners receive Cerberus-tier access at no cost. Pricing tiers apply at general availability. CCU = Concurrent Users.

32
Engineers building the future of game security
Kernel & Hardware AI & Detection SDK & Platform QA & Stability Infrastructure & DevOps
Meet the Team

Common questions

No. The kernel driver loads only when your game launches and unloads when it exits. Cerberus has zero presence on the system outside of active game sessions. No boot-time driver, no background processes, no tray icon.

Detections below 95% confidence are never auto-banned — they enter the manual review queue. A threat analyst reviews the full session replay within 4 hours (Cerberus tier SLA). If a ban is issued and appealed, review completes within 24 hours. Current false positive rate: 0.14%.

Zero PII. Cerberus processes hardware IDs, input patterns, and memory state locally on the player's machine. Only detection events (ban/flag) with anonymized session metadata are sent to the API. We don't track playtime, game history, browsing, or anything outside the active session.

The driver requires ring-0 access to monitor memory permissions, detect mapped drivers, and enumerate PCIe devices. It's Microsoft WHQL-signed and undergoes third-party security audits quarterly. The driver uses ObRegisterCallbacks for process protection — it cannot read or modify game memory itself.

Under 2 hours for Unreal Engine and Unity with our plugins. The raw C++ SDK is 4 API calls: Init, StartSession, EndSession, Shutdown. Full integration guide is available in our documentation.

The driver binary uses multiple layers of code protection and integrity verification. Critical detection logic runs server-side and is never exposed to client machines. We rotate protection schemes with each update.

Yes. Cerberus includes DRM integrity verification as part of the pre-session scan. It detects binary patching, license bypass attempts, loader modifications, and tampered game executables. This works alongside your existing DRM solution (Denuvo, Steam DRM, etc.) as an additional layer of protection.

On detection, Cerberus captures a session snapshot including the detection type, confidence score, which detection layer triggered, and anonymized session metadata. This evidence package is sent to the partner dashboard for review. High-confidence detections trigger an immediate ban callback to your game server. All data is retained for appeal review.

Windows 10 20H2+ or Windows 11 (x64). Secure Boot must be enabled in BIOS for full hardware verification. TPM 2.0 is recommended but optional. Players should keep Windows and GPU drivers up to date. No special BIOS configuration beyond Secure Boot is required.

The kernel driver is EV code-signed (WHQL certification pending) and tested across 40+ hardware configurations. If the driver fails to load for any reason, the game continues with graceful degradation — it never forces a crash. In 8 months of beta testing, we've had no widespread BSOD issues. One incident involving Windows 11 24H2 preview was patched within 13 hours.

Players can submit ban appeals through your game's support flow. Appeals go to our threat analyst team who review the full detection evidence, session snapshot, and hardware fingerprint. Cerberus tier partners get 4-hour appeal SLA. If a ban is determined to be a false positive, the player is unbanned and the detection model is updated to prevent recurrence.

Ready to secure
your game?

Cerberus is currently in closed early access. Request access for your studio.

Cerberus is in active development. Features and specifications are subject to change.