IoT agents (IoAs) encrypt message content but expose communication metadata, rendering them vulnerable to traffic analysis and surveillance attacks. To address this behavioral privacy gap, we propose the first unified covert event channel model that formally defines imperceptible communication across three dimensions: storage, timing, and behavioral patterns. Based on this model, we design and implement ΠCCAP—a protocol integrating event-driven architecture with a large language model (LLM)-resistant adversarial mechanism—to enable high-capacity, robust, and LLM-undetectable covert communication. Experimental evaluation demonstrates that ΠCCAP achieves over 98% concealment rate and sustains an effective payload throughput exceeding 1.2 kbps under diverse traffic analysis attacks. These results significantly enhance behavioral privacy protection for IoA systems operating in high-risk environments.

The emergence of the Internet of Agents (IoA) introduces critical challenges for communication privacy in sensitive, high-stakes domains. While standard Agent-to-Agent (A2A) protocols secure message content, they are not designed to protect the act of communication itself, leaving agents vulnerable to surveillance and traffic analysis. We find that the rich, event-driven nature of agent dialogues provides a powerful, yet untapped, medium for covert communication. To harness this potential, we introduce and formalize the Covert Event Channel, the first unified model for agent covert communication driven by three interconnected dimensions, which consist of the Storage, Timing,and Behavioral channels. Based on this model, we design and engineer ΠCCAP, a novel protocol that operationalizes this event-driven paradigm. Our comprehensive evaluation demonstrates that ΠCCAP achieves high capacity and robustness while remaining imperceptible to powerful LLM-based wardens, establishing its practical viability. By systematically engineering this channel, our work provides the foundational understanding essential for developing the next generation of monitoring systems and defensive protocols for a secure and trustworthy IoA.