This session is for defenders, detection engineers, and curious red teamers exploring how Zero Trust meets deception engineering in the age of AI orchestration. We’ll break down how we built “MCP Threat Trap,” a honeypot that:

- Simulates sensitive internal tools (like Okta admin password resets) over the MCP protocol, with realistic delays, secure error handling, and SSE streams that mimic enterprise APIs.

- Silently triggers advanced Canarytokens, capturing rich metadata (user agent, IP, and sensitive account attempts) without tipping off intruders.

- Runs entirely on Cloudflare’s global edge via Workers, with no EC2, patching, or infrastructure to manage-making it stealthy and instantly scalable.

- Turns random scans into actionable intelligence, feeding Zero Trust policies and arming your incident team with context-rich alerts.

Along the way, we’ll share:

-Real unsolicited hits from the wild, from abuse-flagged cloud scanners to curious humans after we posted the project.

- How we validated this with OWASP AI Security scenarios, catching AI-agent driven reconnaissance.

- Ideas for evolving it into adaptive deception surfaces that dynamically change as attackers interact.

Key Takeaways
- Learn how to build a zero-infrastructure deception honeypot using Cloudflare Workers + MCP, tailor-made to catch AI-driven or automated recon.

- See how Thinkst Canarytokens detect unauthorized probes with near-zero false positives.

- Understand how deception engineering integrates into modern Zero Trust, providing passive intelligence without exposing real systems.

- Walk away with a repeatable blueprint to deploy your own globally distributed honeypot - plus key mistakes to avoid.