Cerberus is a next-generation anti-cheat engine that combines kernel-level protection, behavioral AI, hardware fingerprinting, and network-level sentinel analysis into a unified four-layer defense system. No rootkit. No telemetry. No compromise.
Most solutions still rely on techniques designed for an earlier generation of cheats. Here's where they fall short.
Most anti-cheat solutions rely primarily on signature databases — known cheat hashes that are matched at runtime. This means every new cheat version, every recompile, every obfuscation pass creates a window of zero detection. The cheat ecosystem moves faster than signature updates. Public cheats get caught, but paid providers deliver undetected builds within hours of each database update.
DMA attack boards, firmware-spoofed devices, and external memory readers operate below the software layer entirely. No amount of kernel scanning can detect a cheat that reads game memory from a second machine over PCIe. This attack surface is growing — DMA hardware is cheaper and more accessible every year, and virtually no anti-cheat currently addresses it.
Some solutions require boot-time kernel drivers that run 24/7 — even when you're not playing. This creates a permanent attack surface on every installed system, breaks third-party software like RGB controllers and overclocking tools, and raises serious privacy concerns. Players shouldn't have to choose between security and system integrity.
Cerberus guards every layer of the stack — kernel, behavior, hardware, and network. No other anti-cheat operates across all four simultaneously.
Cerberus operates across four privilege layers — client and server — with zero persistent background processes. Each layer feeds into a unified verdict engine.
WHQL-signed minifilter with hypervisor-assisted memory isolation. Monitors syscall tables, PTE modifications, and driver stacks. Loads on launch, unloads on exit — zero residual footprint.
Multi-model ML pipeline running TCN-based aim analysis, entropy scoring, and behavioral fingerprinting at 1000Hz+. Sub-2ms latency, minimal frame impact in beta testing.
Deep hardware interrogation — PCIe topology mapping, IOMMU attestation, TPM 2.0 integrity verification, and timing-based DMA detection that catches what device lists miss.
Server-side traffic validation, cross-player anomaly correlation, cheat-ring detection, and global threat intelligence. Catches what client-side systems can never see.
Continuous monitoring across the entire game session. Loads on launch, scans during play, unloads on exit.
Built from the ground up to cover every attack surface — software, behavioral, and hardware — in a single unified solution.
| Capability | Traditional AC | Cerberus |
|---|---|---|
| Kernel-level integrity protection | ✓ | ✓ |
| DMA / hardware attack detection | ✕ | ✓ |
| Real-time behavioral AI | ~ | ✓ |
| Firmware-level device verification | ✕ | ✓ |
| Zero telemetry / zero PII | ✕ | ✓ |
| Runtime-only (no always-on driver) | ~ | ✓ |
| DRM integrity verification | ✕ | ✓ |
| No third-party driver conflicts | ✕ | ✓ |
Cerberus is tested and validated across all major hardware platforms. Zero driver conflicts, zero broken peripherals.
Cerberus never blocks third-party drivers. No broken RGB software, no disabled fan controllers, no forced reboots. Full compatibility with HVCI, Secure Boot, and Windows 11 kernel-mode hardware-enforced stack protection.
Real-time monitoring of known cheat providers. Detection status, activity level, and threat scoring updated continuously from our research pipeline.
Cerberus was engineered to be invisible to performance. Every scan, every inference, every check — under budget.
Internal benchmark results from controlled pentest environments. Exact rates vary by cheat category and are continuously improving.
From indie studios to AAA publishers. Every tier includes zero telemetry, runtime-only activation, and clean session exits.
All plans include zero telemetry collection, runtime-only activation, clean session exits, and full SDK access. During closed beta, all partners receive Cerberus-tier access at no cost. Pricing tiers apply at general availability. CCU = Concurrent Users.
No. The kernel driver loads only when your game launches and unloads when it exits. Cerberus has zero presence on the system outside of active game sessions. No boot-time driver, no background processes, no tray icon.
Detections below 95% confidence are never auto-banned — they enter the manual review queue. A threat analyst reviews the full session replay within 4 hours (Cerberus tier SLA). If a ban is issued and appealed, review completes within 24 hours. Current false positive rate: 0.14%.
Zero PII. Cerberus processes hardware IDs, input patterns, and memory state locally on the player's machine. Only detection events (ban/flag) with anonymized session metadata are sent to the API. We don't track playtime, game history, browsing, or anything outside the active session.
The driver requires ring-0 access to monitor memory permissions, detect mapped drivers, and enumerate PCIe devices. It's Microsoft WHQL-signed and undergoes third-party security audits quarterly. The driver uses ObRegisterCallbacks for process protection — it cannot read or modify game memory itself.
Under 2 hours for Unreal Engine and Unity with our plugins. The raw C++ SDK is 4 API calls: Init, StartSession, EndSession, Shutdown. Full integration guide is available in our documentation.
The driver binary uses multiple layers of code protection and integrity verification. Critical detection logic runs server-side and is never exposed to client machines. We rotate protection schemes with each update.
Yes. Cerberus includes DRM integrity verification as part of the pre-session scan. It detects binary patching, license bypass attempts, loader modifications, and tampered game executables. This works alongside your existing DRM solution (Denuvo, Steam DRM, etc.) as an additional layer of protection.
On detection, Cerberus captures a session snapshot including the detection type, confidence score, which detection layer triggered, and anonymized session metadata. This evidence package is sent to the partner dashboard for review. High-confidence detections trigger an immediate ban callback to your game server. All data is retained for appeal review.
Windows 10 20H2+ or Windows 11 (x64). Secure Boot must be enabled in BIOS for full hardware verification. TPM 2.0 is recommended but optional. Players should keep Windows and GPU drivers up to date. No special BIOS configuration beyond Secure Boot is required.
The kernel driver is EV code-signed (WHQL certification pending) and tested across 40+ hardware configurations. If the driver fails to load for any reason, the game continues with graceful degradation — it never forces a crash. In 8 months of beta testing, we've had no widespread BSOD issues. One incident involving Windows 11 24H2 preview was patched within 13 hours.
Players can submit ban appeals through your game's support flow. Appeals go to our threat analyst team who review the full detection evidence, session snapshot, and hardware fingerprint. Cerberus tier partners get 4-hour appeal SLA. If a ban is determined to be a false positive, the player is unbanned and the detection model is updated to prevent recurrence.
Cerberus is currently in closed early access. Request access for your studio.
Cerberus is in active development. Features and specifications are subject to change.