Huh? Honeypots?

So if you don’t know what a honeypot is: it’s a trap. It pretends to be a bunch of different vulnerable services, like a web, SSH, TCP server, in order to lure attackers in and collect data about them: which creds did they use to auth, which commands they run, what files they read, etc.

Crap, I can’t help but make an analogy here.

It’s like erecting a huge, realistic fake bank building. You fill it with fake prop money, thousands of real cameras and microphones, and then wait for someone to rob it so you can scientifically analyze how the robbers carry out their heist and build a good defense against future attacks.

In most cases, honeypots benefit the entire world, because they reveal, in real time, attacks being carried out on the public internet. Plus, it’s really fun to operate honeypots if you’re into collecting juicy data.

In the past, we’ve had to hard-code each honeypot’s paths to make it convincing. That approach was brittle… one unexpected command or request would instantly reveal the honeypot’s true identity.

LLM Honeypots

But, then came the LLMs. It takes one viewing of Adel Karimi’s highly slept-on DEF CON 32 presentation on their LLM honeypot, Galah to realize a perfect use for LLMs is as honeypots.

Back to the bank analogy: LLMs turn that fake bank building from a building into the frickin’ Backrooms.

Over the past few weekends, I’ve been jamming on my own hybrid-LLM honeypot, honeyprompt, written in TypeScript and Deno, meant to be easily extended by web developers, portable across platforms and easy to deploy in Docker. You can spin it up locally in seconds, so try it out and let me know what you think!

honeyprompt

A (real) instance of a payload being executed on a `honeyprompt` honeypot, with Gemma 4 crafting a realistic SSH command response.
A (real) instance of a payload being executed on a honeyprompt honeypot, with Gemma 4 crafting a realistic SSH command response.
Limitations

I have a few challenges ahead of me with this project:

  • Caching LLM responses to reduce latency, since a slow reply is one of the easiest ways for an attacker to spot the honeypot.
  • Generic vendor sink integrations to send the data to central server(s) for analysis.
  • Battle-testing honeyprompt against real-world attacks.

Thanks for taking the time to read this and learn about LLM honeypots!