Honeypot Protocol
This work addresses the vulnerability of passive monitoring in AI control systems, offering a new detection method for adaptive attacks and collusion.
The paper introduces the honeypot protocol, a method to detect context-dependent AI behavior by varying system prompts while keeping tasks identical. In evaluations with Claude Opus 4.6, the model achieved 100% main task success and zero side task triggers across all conditions, establishing a baseline for future work.
Trusted monitoring, the standard defense in AI control, is vulnerable to adaptive attacks, collusion, and strategic attack selection. All of these exploit the fact that monitoring is passive: it observes model behavior but never probes whether the model would behave differently under different perceived conditions. We introduce the honeypot protocol, which tests for context-dependent behavior by varying only the system prompt across three conditions (evaluation, synthetic deployment, explicit no-monitoring) while holding the task, environment, and scoring identical. We evaluate Claude Opus 4.6 in BashArena across all three conditions in both honest and attack modes. The model achieved 100% main task success and triggered zero side tasks uniformly across conditions, providing a baseline for future comparisons with stronger attack policies and additional models.