Hello Reader,

I’ve always found honeypots fascinating. There’s something deeply satisfying about reviewing logs of frustrated attackers and uncovering their latest tactics. However, setting up a convincing honeypot has traditionally required a lot of effort—crafting realistic environments, files, and services to appear valuable while ensuring they couldn’t be exploited for real attacks.

AI has changed the game once again. There are now AI-powered honeypots (at least two that I know of) that leverage large language models to simulate entire systems. These models dynamically generate file listings, process lists, file contents, and other system artifacts, making fingerprinting much harder for attackers. I think this is incredibly cool! In fact, I once asked ChatGPT to pretend to be a Linux system—and the results were hilarious!

Here are two AI-powered honeypots worth checking out:

• Splunk AI Honeypot (DECEIVE) – SSH Honeypot

🔗 GitHub: splunk/DECEIVE

• Galah – HTTP Honeypot

🔗 GitHub: 0x4D31/galah

Hope you find these as interesting as I do!