diff --git a/backend/internal/api/handlers/security_handler.go b/backend/internal/api/handlers/security_handler.go
index b121eb1f..2cf4be4c 100644
--- a/backend/internal/api/handlers/security_handler.go
+++ b/backend/internal/api/handlers/security_handler.go
@@ -1008,6 +1008,38 @@ func (h *SecurityHandler) toggleSecurityModule(c *gin.Context, settingKey string
 		}
 	}
 
+	if enabled && settingKey != "feature.cerberus.enabled" {
+		if err := h.ensureSecurityConfigEnabled(); err != nil {
+			log.WithError(err).Error("Failed to enable SecurityConfig while enabling security module")
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to enable security config"})
+			return
+		}
+
+		cerberusSetting := models.Setting{
+			Key:      "feature.cerberus.enabled",
+			Value:    "true",
+			Category: "feature",
+			Type:     "bool",
+		}
+		if err := h.db.Where(models.Setting{Key: cerberusSetting.Key}).Assign(cerberusSetting).FirstOrCreate(&cerberusSetting).Error; err != nil {
+			log.WithError(err).Error("Failed to enable Cerberus while enabling security module")
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to enable Cerberus"})
+			return
+		}
+
+		legacyCerberus := models.Setting{
+			Key:      "security.cerberus.enabled",
+			Value:    "true",
+			Category: "security",
+			Type:     "bool",
+		}
+		if err := h.db.Where(models.Setting{Key: legacyCerberus.Key}).Assign(legacyCerberus).FirstOrCreate(&legacyCerberus).Error; err != nil {
+			log.WithError(err).Error("Failed to enable legacy Cerberus while enabling security module")
+			c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to enable Cerberus"})
+			return
+		}
+	}
+
 	if settingKey == "security.acl.enabled" && enabled {
 		if err := h.ensureSecurityConfigEnabled(); err != nil {
 			log.WithError(err).Error("Failed to enable SecurityConfig while enabling ACL")
diff --git a/backend/internal/api/handlers/security_toggles_test.go b/backend/internal/api/handlers/security_toggles_test.go
index f6ea48f2..84d7a2e4 100644
--- a/backend/internal/api/handlers/security_toggles_test.go
+++ b/backend/internal/api/handlers/security_toggles_test.go
@@ -98,6 +98,13 @@ func TestSecurityToggles(t *testing.T) {
 			err := db.Where("key = ?", tc.settingKey).First(&setting).Error
 			assert.NoError(t, err)
 			assert.Equal(t, tc.expectVal, setting.Value)
+
+			if tc.expectVal == "true" && tc.settingKey != "feature.cerberus.enabled" {
+				var cerberusSetting models.Setting
+				err = db.Where("key = ?", "feature.cerberus.enabled").First(&cerberusSetting).Error
+				assert.NoError(t, err)
+				assert.Equal(t, "true", cerberusSetting.Value)
+			}
 		})
 	}
 }