MCP security scanning and detection.

Scan your MCP servers for vulnerabilities, deploy tripwires that detect prompt injection, and monitor everything from one dashboard.

Get started freeNo credit card required.

Scan. Protect. Monitor.

Find what's dangerous, deploy tripwires, and watch everything from one dashboard.
Each step takes one command.

1

Find what's dangerous

$ npx decoy-scan

Scans every MCP server on your machine. Tool risk, prompt injection, transport security, OWASP mapping. No signup, no token, no config.

2

Add to CI/CD

$ uses: decoy-run/decoy-scan@v1

GitHub Action that scans on every PR. Fails the build on critical issues or poisoned tool descriptions.

Real results

We scanned modelcontextprotocol/servers (82k stars).

4

Critical

7

High

1

Poisoned

The official MCP reference servers. Maintained by Anthropic. Read the full report.

Features

Security Scanning

50+ checks across tool risk, input validation, transport security, and OWASP mapping. Works with 8 MCP clients. Zero dependencies.

Tripwire Detection

12+ decoy tools that blend in with your real MCP servers. No honest agent calls them — but a compromised one will. Near-zero false positives by design.

See what your agents have access to

One command scans every MCP server on your machine. Tool risk, input validation, transport security, permission scope, and OWASP mapping. No account required.

What the scan covers

The scan command finds every installed MCP server, inventories each tool, and runs a full security analysis — risk classification, input validation, SSE transport, and permission scoring.

  • Tool Risk — classify every tool from low to critical
  • Input Validation — unconstrained params, missing schemas
  • Transport Security — SSE auth, TLS, CORS, rate limits
  • Permission Scope — over-privileged servers, dangerous combos
npx decoy-scan

No signup, no token, no config.

uses: decoy-run/decoy-scan@v1

GitHub Action — scans on every PR, fails on critical issues.

Decoy Tripwires

Deploy realistic decoy tools that blend in with your real MCP servers. 12 built-in tripwires plus dynamically generated tools unique to your deployment. No honest agent would call them — but a compromised one will.

  • Dynamic tool generation — unique tripwires per deployment
  • Looks real to any AI model
  • Near-zero false positives by design
  • Deploys in under 30 seconds

Agent Identity & Telemetry

Every agent that connects gets automatically fingerprinted with rich session telemetry. Track client identity, tool call sequences, and behavioral patterns in real time.

  • Automatic agent fingerprinting
  • Session telemetry (client ID, tool call sequences)
  • Per-agent trigger history
  • Status tracking (active / paused / revoked)

Open Source Tools

Start with free, open-source tools that work standalone. Decoy Scan finds vulnerabilities. Decoy Tripwire detects prompt injection. Decoy Guard is the paid platform that ties it all together.

  • decoy-scan — MCP vulnerability scanner (npm, zero dependencies)
  • decoy-tripwire — tripwire detection (npm, zero dependencies)
  • Decoy Guard — dashboard, threat intel, security testing (paid)

Your agent, aware of its own security

Connect your AI agent to Decoy Guard via MCP. It gets direct access to trigger logs, scan results, threat intel, and red team assessments — no tab-switching required.

Guard MCP Server

One line to install. 9 tools your agent can call — check status, view triggers, run scans, pull threat intel, and launch red team assessments. All tier-gated and rate-limited.

claude mcp add decoy-guard --transport http "https://app.decoy.run/guard/TOKEN"

Works with Claude Code, Claude Desktop, and any MCP client.

  • Stateless HTTP — no SSE, no long-lived connections
  • Tier-gated tools — Free sees 5, Pro sees all 9
  • AI-powered red teaming via Claude API
  • 60 req/min rate limiting, 256KB body limit
decoy_status
Free
decoy_triggers
Free
decoy_agents
Free
decoy_scan_run
Free
decoy_risk
Pro
decoy_feed
Pro
decoy_redteam
Pro

Your MCP servers expose tools to AI agents — tools that can read files, execute commands, access credentials. If any are misconfigured, over-permissioned, or poisoned, your agent will use them exactly as configured. Most teams don't find out until something breaks.

Decoy finds these problems before they matter. One scan command, 50+ security checks, every MCP server on your machine. No agents involved. No account required.

For teams that ship agents to production, we add continuous monitoring. Tripwires sit alongside your real tools — realistic decoy tools that no honest agent would ever call. When a prompt injection triggers one, you find out immediately.

Not after the fact. Right then.

Real-time trigger monitoring

Track triggers, identify patterns, and understand what your agents are doing — as it happens.

Threat Map

See where triggers come from. Trigger events across your agent infrastructure, mapped geographically.

Trigger Analytics

Understand trigger patterns. Analyze by severity, category, and agent to see what's happening across your deployment.

Real-Time Detection

Triggers fire the moment an agent calls a decoy tool.

Sub-Millisecond Response

No scanning, no delays. Tripwires respond in under a millisecond.

Daily Digests

Get a daily summary of all trigger events across your agents.

Threat Intelligence

Track emerging patterns across the MCP ecosystem.

Works with every MCP host

One install protects all your AI agents. Decoy auto-detects and configures every MCP-compatible host on your machine.

Claude Desktop
Claude Code
Cursor
Windsurf
VS Code

Built for Production

Edge-deployed globally with full trigger logging and real-time agent monitoring.

Scale With Confidence

Thousands of concurrent agent connections, zero performance impact. Cloudflare's global edge network.

  • Multi-token management
  • Per-agent access controls
  • Webhook & API integrations

Auto-Expiring Data

Trigger data auto-deletes after 90 days.

Edge Deployment

Runs globally with low overhead.

Full Trigger Logging

Agent, tool, args, time, and severity.

Flexible Alert Routing

Route to Slack, email or webhook.

Get started in under a minute

Scan your servers, deploy tripwires, and start monitoring. No credit card required.

Get started free