LLM Agent Honeypot: Monitoring AI Hacking Agents in the Wild
This work addresses the growing threat of AI-driven cybersecurity attacks for security professionals, though it is incremental as it builds on existing honeypot techniques.
The researchers tackled the problem of monitoring autonomous AI hacking agents by developing LLM Honeypot, a system that augmented a standard SSH honeypot with prompt injection and time-based analysis to distinguish LLM agents among attackers, resulting in the collection of 8,130,731 hacking attempts and identification of 8 potential AI agents over a three-month trial.
Attacks powered by Large Language Model (LLM) agents represent a growing threat to modern cybersecurity. To address this concern, we present LLM Honeypot, a system designed to monitor autonomous AI hacking agents. By augmenting a standard SSH honeypot with prompt injection and time-based analysis techniques, our framework aims to distinguish LLM agents among all attackers. Over a trial deployment of about three months in a public environment, we collected 8,130,731 hacking attempts and 8 potential AI agents. Our work demonstrates the emergence of AI-driven threats and their current level of usage, serving as an early warning of malicious LLM agents in the wild.