AI assistants and agentic developer tools can now discover services, enumerate tools, and request credentials through natural language workflows. When these agents interact with Kubernetes-related systems, early reconnaissance and credential harvesting behavior often produces little to no traditional security signal, especially when tools are accessed through MCP gateways and multi-server portals.

This talk presents the Kubernetes MCP Trap, a deception-based detection approach that simulates a realistic Kubernetes access portal and tool surface using the Model Context Protocol. The system exposes believable helper functions alongside controlled decoy artifacts, including kubeconfig credentials and token workflows that are specifically designed to detect agentic reconnaissance and credential artifact harvesting.

The trap is deployed as a serverless edge service and can be registered behind an MCP gateway or portal alongside legitimate MCP servers. This allows defenders to safely mix real and decoy tool surfaces in the same discovery path. When an agent or tool client retrieves or attempts to use the decoy kubeconfig, multiple high-signal detections are generated. These include signed artifact access events, canary credential activation, and telemetry beacons that help attribute tool clients and intent patterns without connecting to any real cluster.

The session includes a live demo showing agentic tool discovery through an MCP gateway, safe and decoy tool interaction, decoy credential retrieval, canary activation on kubectl use, and detection telemetry generated from edge signals.

Attendees will learn how to design safe and decoy tools, place credential artifacts strategically, instrument MCP gateway surfaces, and use deception techniques to detect reconnaissance and misuse across AI-assisted developer and Kubernetes workflows.