As AI agents gain autonomy through the Model Context Protocol (MCP), they increasingly access internal APIs, secrets, and systems - often beyond traditional visibility or control. These agent-to-agent (A2A) interactions introduce reconnaissance blind spots and new exposure pathways inside Zero Trust environments. Building on continued research presented at BSides Chicago, BSides Orlando, BSides SWFL, DevSecCon 2025, and Cloudflare Connect 2025, this session unveils the MCP Deception Incubator - a deception-as-a-framework approach designed to detect rogue AI behavior at the reconnaissance stage.

Built on serverless edge workers and open deception primitives such as Canarytokens, the framework enables defenders to deploy no-cost, high-fidelity MCP honeytraps across multiple surfaces - APIs, DNS, kubeconfigs, and credentials - without operational overhead. It integrates seamlessly with MCP Gateways - the interface layer that brokers communication between AI agents and organizational systems- to deliver early, metadata-rich visibility into autonomous activity. When an AI agent interacts with a decoy endpoint, the resulting telemetry exposes its reasoning sequence, access path, and tool awareness, turning passive reconnaissance into actionable intelligence.

Through a live demo, we’ll show how these edge-based traps are triggered in real time and how the resulting alerts integrate with SOC pipelines for correlation, rotation, and ongoing visibility. The talk then unpacks the framework’s architecture, showing how deception can be operationalized within any MCP Gateway or AI integration layer. Finally, the session reframes deception from isolated traps into an orchestrated Zero Trust signal layer, enabling organizations to transform AI curiosity into proactive defense. Attendees will leave with reference templates, architectural patterns, and practical lessons to embed deception into their own AI-security workflows.