Decoy is the security
layer for AI agents.
Every protocol that becomes a platform gets its security layer. HTTP got WAFs. npm got Snyk. Containers got Twistlock. MCP is past the inflection point, and the tooling is the part we're writing.
Free and open for developers. Paid where it scales into teams and compliance. Shipping weekly.
Our story
Decoy started when AI agents stopped being a demo and became something people actually shipped. Agents running production workflows, touching databases, posting to Slack, talking to thousands of MCP servers the operator never audited. The tooling to check any of that was your own eyeballs.
Founded by Tony Jones. Eight years shipping identity and authorization at Auth0 and Okta. The pattern repeats every time: a new execution surface shows up, the security primitives are missing, and something has to fill the gap before the breaches land.
MCP is that surface now. Decoy is the gap filler. Small team, AI-first tooling, public changelog, weekly releases.
What we believe
Clarity over theater
We say what the product does, plainly. No vague visibility language, no threat-actor drama, no marketing flourishes dressed up as features.
Optimism, not fear
Cybersecurity defaults to fear. We don't. The web got safer because tooling made it easier to ship secure software. That's the posture we're taking for agents.
Open source first
Decoy Scan and Decoy Tripwire are free forever. The floor of agent security should be free, and one command away. The paid tier exists to fund the floor.