LLM Agent Honeypot v2
Launching Soon
A new version of the LLM Agent Honeypot is in development.
My plan is to expand it beyond SSH to cover additional attack surfaces (e.g., email and web honeypots) and to add better detectors for catching AI agents in the wild.
If you have any ideas or suggestions (e.g., where else to deploy honeypots, any improvements), please reach out:
Open questions
What other attack surfaces could I expand to? I am especially interested in the places where LLM agents are already being used in real attacks today.
Can we detect passive LLM use? Many attackers today likely do not point an LLM agent directly at the host but instead scrape data with regular scripts and only feed the results into an LLM for triage. Should I add blind XSS payloads to the honeypot that fire when the attacker renders the scraped data in a browser (e.g., as visualizations or dashboards), or prompt injection content that triggers an LLM tool call to a known endpoint?