Articles on Deception

Below are my perspectives on Deception, drawn from my work as a security leader and practitioner.

• Tools Build a Decoy MCP Server to Catch AI Agent Attackers
  Your AI agent's MCP config can be a target for an attacker who reaches your machine. A decoy MCP server entry pointing at a Cloudflare Worker can reveal the attacker's presence and their intent.
• Tools Plant Honeytokens to Detect Intrusions
  Plant decoy credentials, configs, and URLs to surface an attack the rest of your stack might miss. Deployment scenarios include MCP server entries, AWS API keys, and Cloudflare Workers serving fake...
• Malware Analysis Contemplating Malware Vaccination via Infection Markers
  Some malware checks for infection markers like mutexes, registry keys, or processes to avoid infecting systems twice. Preemptively creating these markers can vaccinate systems against specific...
• Deception Plant Decoy Personas to Detect Impersonation Attacks
  Decoy personas extend honeytoken thinking to user accounts and public profiles. The technique gives defenders a tripwire on the identity surface that other detection layers don't cover.
• Deception Reflections Upon Deception-Based Security Tactics
  Deception in defense predates computing, yet each generation of attacker tooling has forced defenders to invent fresh decoys to keep their edge. From WW2 misdirection to today's decoy AI-agent...
• Deception Building Deception Into Your Security Architecture
  Decoys add strategic asymmetry to your security architecture, strengthening your advantage against the attacker. Plant tripwires across network, identity, data, and AI agent configs for high fidelity...