The nightmare begins with our protagonist trying to find a way inside to get to the firm’s files, but every door is bolted shut. Then they spot a back entrance and they’re in, first walking, then running down one corridor, then another, and another, feeling that they’re getting ever closer to that file and a payday they’ve dreamt about for years. But something doesn’t feel right. The corridors, it seems, just lead to more corridors. For the first time, our protagonist feels like they’re being watched. And so, they flee.
It’s a nightmare that plays out every couple of minutes in companies around the world: a cybercriminal pings what they think is a company’s exposed server, only to discover that the seemingly sensitive information it’s sending back is anything but. That’s because what they’ve actually encountered is a honeypot server, a digital cage used by organizations to lure threat actors and capture their movements as they try to break into the company.
In theory, this is much safer than letting them break in while learning something from the damage they leave behind. In practice, however, the effectiveness of honeypots has historically depended on how much effort its programmers put into making the environment seem realistic to the attacker – which, considering such servers can cost tens of thousands of dollars per month to maintain, isn’t usually much. But the recent pairing of large language models (LLMs) with honeypots allows these servers to generate convincing environments at a fraction of the cost, supercharging the acquisition of threat intelligence for both individual organizations and the cybersecurity community at large.
How honeypots have been used
Honeypots themselves have been around since 1986, when the astronomer-turned-computer systems manager Dr Cliff Stoll ensnared a KGB spy attempting to steal US military secrets via an ARPANET connection. Stoll’s innovation would eventually inspire classic honeypot servers.
“Researchers love them [as] they’re one of the best ways to collect real-world attacker TTPs and discover new malware campaigns,” says cybersecurity researcher and founder of Beelzebub Mario Candela. SOC teams, meanwhile, tended to see them as “nice to have,” given how difficult and expensive honeypots were to deploy and maintain – premium versions absorbed thousands of dollars and engineering hours per month – and how quickly the more sophisticated, dangerous threat would identify them.
The emergence of LLMs in the late 2010s, however, would lead to the first experiments by academic researchers in combining AI in honeypots. Dr M. Abdullah Canbaz remembers this period well. An assistant professor in information sciences and technology at the University at Albany, SUNY, the idea of bolting an LLM onto a honeypot came from one of his students. The pair built their own LLM, training it to parse traffic data and handle a huge variety of Linux commands. This, explains Canbaz, allowed it to grapple with even the most sophisticated hacker. The resulting paper was published in 2024, at the peak of an efflorescence of academic interest in AI-powered honeypots. “I’ve got so many calls since then,” says Canbaz, often from people who “want to take our paper and… turn it into a startup business.”
Many have. Far from being an academic exercise, AI-powered honeypots are now being built by organizations large and small. On the smaller end is Beelzebub a low-code, open-source AI-powered honeypot that has acquired a reputation for devilish effectiveness. “The key architectural leap was integrating LLMs directly into the deception layer,” says Candela. “Instead of static, rules-based honeypots, we built high-interaction, LLM-driven deception environments that can dynamically respond to attackers, keeping them engaged for longer and capturing richer intelligence.”
Sophisticated attackers will probably cotton on eventually, but the benefit for cybersecurity teams make it worth trying. They “may eventually notice subtle inconsistencies: perhaps a response latency pattern that differs from a real system, or a file system that’s too ‘clean,’ or a system that fails to exhibit certain expected side effects of a real compromise,” says Candela. But “by the time an attacker starts to suspect they’re in a deception environment, we’ve already captured their tooling, TTPs, and intent.”
Why CISOs should consider honeypots
Another player in the AI honeypot space is Deutsche Telekom (DT). The firm is both a user and purveyor of AI-powered honeypots through its free, open-source platform ‘T-Pot.’ The most obvious advantage to their use, explains Marco Ochse, DT’s lead for threat analytics and mitigation, lies in how little these traps cost to set up and run compared to their antecedents. “In practical terms, AI changes the economics of deception,” says Ochse. “It allows [the organization] to scale believable interaction without [the usual] cost and complexity.”
That doesn’t come at the expense of complexity, adds DT’s chief security officer, Thomas Tschersich. As far as the engineer behind the honeypot is concerned, the difference between the classical and the AI-powered variety is similar to filming a movie scene using complex wooden sets constructed on a back lot or CGI: both are facades, but the latter is much less expensive while remaining nigh-on indistinguishable from a fake city street painstakingly constructed out of plywood. Even better, the AI-powered honeypot can adapt to the requests of the hacker in real time, making it more likely they’ll stay in the trap for longer periods without realizing they’re in one in the first place. In the end, says Tschersich, you can raise the authenticity of interactions with threat actors without this being associated with high investments.
That’s become more important amid a spike in attacks on organizations that begin with threat actors having already obtained valid credentials to access systems. In these scenarios, says Candela, defenders “are blind once an attacker is inside” the network. By keeping threat actors occupied at traditional attack points for longer and deploying AI-powered honeypots in less traditional locations, such as APIs and within AI agents, says Candela, organizations can steal a march on their opponents.
What, then, are we all learning from the deployment of this larger, AI-powered net? The big development, explains Candela, is the use of AI by the cybercriminals themselves. It is “democratizing attacks” with threat actors now using coding assistants to not only rapidly generate and deploy exploit code at scale but also use AI to probe vulnerabilities in target systems automatically. “Open-source AI red-team tools mean autonomous agents can now scan, exploit and adapt without human input,” says Candela.
There are risks to this paradigm. LLM outputs are, after all, essentially the product of very high-level pattern recognition. Cede cybersecurity to this kind of AI, says Canbaz, and you risk leaving the attack surface wide open to exploitation by cybercriminals mounting unorthodox and, therefore, unexpected campaigns. In this future, he continues, “there’s no clear definition of an attacker.”
How attackers may counter the honeypot trap
Candela shares these concerns, envisioning the emergence of ‘deception detection-as-a-service’ providers meeting demand from cybercriminal organizations to root out AI-powered honeypots in companies ahead of breach attempts. Additionally, “sophisticated actors might try to poison honeypot data or manipulate the deception layer,” says Candela, a key reason why Beelzebub’s own deception environment is isolated.
The speed of cyberattacks may also increase as hackers, unaware if they’re interacting with a honeypot or not, aim to conduct their nefarious business as quickly and efficiently as possible just in case they’re being watched. “This actually makes deception more valuable, not less,” says Candela, “because speed-focused attackers are more likely to interact with well-placed honeypots during rapid lateral movement.”
Time, then, to say goodbye to the classic honeypot? Not necessarily, argues Tschersich. “Static honeypot deployments such as low-, medium- or high-interaction sensors will not be replaced but complemented by AI-powered honeypots in response to a highly automated and AI-driven threat landscape,” he says. Even so the cybersecurity landscape is changing rapidly, with responsibility for attack and defense increasingly shouldered by machines. The AI-powered honeypot, perhaps, is a bridge to that future – for good and ill.