Why we built Decoy
Every protocol eventually gets its dedicated security layer. MCP is a year in and doesn't have one yet. That's the gap.
I spent most of 2025 building MCP integrations. By the end of the year, I was using agents that could touch my filesystem, query my databases, post to my Slack, and deploy code. Often all in the same session. Often against servers I hadn't personally audited. The tooling to check any of that was my own eyeballs.
That's the gap Decoy fills.
The thesis
Every protocol that becomes a platform gets a security layer. HTTP got WAFs and DAST scanners. npm got Snyk. Containers got Twistlock. The pattern is always the same: protocol ships, adoption hockey-sticks, attack surface becomes obvious, tooling emerges.
MCP is at step three. Adoption is through the roof. The attack surface is now obvious. Step four is what we're building.
The product, in three lines
- Scan —
npx decoy-scanruns 50+ checks against every MCP server on your machine. No account required. - Trap — Tripwire tools installed alongside real servers that only a compromised agent would call.
- Red Team — Adversarial testing: prompt injection, jailbreaks, tool abuse, caught in staging.
Free forever for individual developers. Paid for teams that want continuous monitoring, threat intel, and compliance.
What's next
We're shipping weekly. The team is small on purpose. The protocol is young and the right moves change fast. If you're seeing MCP-specific threats in the wild and want to compare notes, email [email protected].