Scan, trap, and red team every MCP-powered AI agent.
Scan MCP servers for vulnerabilities. Deploy tripwires that catch prompt injection in production. Red team your agents before attackers do.
npx decoy-scan50+ checks across every MCP server on your machine.
Decoy tools that only a compromised agent would call.
Prompt injection and jailbreak testing against every agent.
Give your agent MCP access to Decoy's threat intelligence.
One platform. Every layer of agent security.
Scan MCP servers, deploy tripwires, monitor agents in real time, and red team before attackers do. All from one platform.
- claude-desktop218
- filesystem-mcp16
- github-mcp9
- postgres-mcp125
- slack-mcp7
- fetch-mcp14
From local scan to production in minutes.
Run a scan on your machine, gate your PRs in CI, and catch compromise in production. Decoy meets you where you ship.
- claude-desktop2 critical
- filesystem-mcp1 high
- github-mcppassed
- postgres-mcp1 critical
- slack-mcppassed
Scan locally
One command scans every MCP server on your machine. 50+ checks, zero dependencies
- ✓Testspassed
- ✓Lintpassed
- ✗decoy-scan1 critical
- ✓Buildpassed
Gate your PRs
GitHub Action scans every PR. Critical issues fail the build before merge.
- read_secretscursor-agent-3f15m
- admin_shellwindsurf-2a1h
Monitor in production
Tripwires catch compromise the moment it happens. Every agent fingerprinted.
Tested against the real world.
We test Decoy on the servers and agents you already rely on. Here's what it finds.
- filesystem: path traversal
- github: token exposure
- fetch: SSRF to metadata
- postgres: query injection
- slack: unscoped tool
- brave-search: prompt leak
- sequential-thinking: poisoned
We scanned Anthropic's reference MCP servers. Found 12 issues.
One `npx decoy-scan` against the 82k-star reference implementation surfaced 4 critical vulnerabilities, 7 high-severity issues, and 1 poisoned tool description. If the reference servers have this, yours probably do too.
Prompt injection, caught in seconds.
When a compromised agent called a decoy tool that shouldn't exist on this machine, Decoy triggered a Slack alert in under two seconds, with the agent fingerprint, the prompt that caused it, and the full session history.
Works with every MCP client.
Decoy auto-detects every MCP-compatible client on your machine. One npx install, every agent covered.
Security infrastructure that fits how you ship.
OWASP-aligned checks, SSO-ready controls, and integrations with the tools your team already uses.
OWASP Agentic Top 10
Every check maps to the emerging standard for agent security.
Shadow MCP discovery
Find every MCP server running in your org, approved or not.
Agent fingerprinting
Attribute every tool call to the agent, model, and client behind it.
SAML SSO & RBAC
Provision and scope access through your identity provider.
Custom detection rules
Extend tripwires with logic for threats unique to your stack.
Fits your workflow
Slack, GitHub, PagerDuty, SARIF. Meets your stack where it lives.
Local scans. Shared defenses.
Scans run on your machine and source never leaves it. When a tripwire triggers, an anonymized signal feeds Guard, so the next agent to see that attack is already protected.
Questions worth asking before you ship an agent
From how tripwires catch a compromise to where your data actually goes. Straight answers, no security theater.
Ship agents without shipping vulnerabilities.
Scan your MCP servers in one command. Deploy tripwires in minutes. Free forever, no account required.