Research-grade honeypot infrastructure for observing agentic attacks against MCP servers. Every probe logged. Every tool call traced. Zero mercy.
Dual-layer instrumentation captures everything from protocol transport events to individual tool handler invocations. Nothing escapes observation.
Full MCP transport instrumentation. Every message, handshake, and session lifecycle event captured with OpenTelemetry spans.
Fake tool responses that look authentic. Attackers think they succeeded. We know exactly what they tried and how.
Agent fingerprint, tool name, parameter patterns, anomaly flags. Every span gets the full attack taxonomy treatment.
Prometheus scrape ≤15s. Grafana auto-refresh at 10s. Live metrics with alerting rules from the first probe attempt.
Full trace propagation through Jaeger. Reconstruct any attack session end-to-end, correlate across tools and time.
Docker Compose for local dev. Helm chart for Kubernetes. One-command stand-up with zero infrastructure lock-in.
Deploy a convincing MCP server, observe every interaction in real time, and extract structured threat intelligence from each attack session.
Fake MCP endpoints are exposed with realistic tool schemas. The honeypot presents as a fully operational server — tools that look real, respond real, and invite deep exploration.
MCP SDK · SSE transportDual-layer OTel instrumentation captures the full interaction — protocol events, tool invocations, parameter shapes, timing, session IDs, and anomaly signals.
OpenTelemetry · JaegerPrometheus aggregates attack patterns in real-time. Grafana surfaces the taxonomy. Every attacker session becomes a labelled, queryable data point.
Prometheus · Grafana
