The work introduces and partially evaluates seven cross-domain prompt injection detectors, reporting F1 gains on benchmarks like deepset/prompt-injections and indirect-injection sets via local alignment, stylometry, and fatigue tracking.
LLM Agent Honeypot: Monitoring AI Hacking Agents in the Wild
4 Pith papers cite this work. Polarity classification is still indexing.
4
Pith papers citing it
fields
cs.CR 4verdicts
UNVERDICTED 4representative citing papers
A systematization of knowledge paper that taxonomizes honeypot detection vectors, synthesizes LLM-honeypot literature into canonical architecture and evaluation methods, and proposes a roadmap for autonomous deception systems.
Large-scale SSH honeypot deployment shows 99.23% of authenticated sessions are non-interactive, suggesting most attacks do not involve shell interaction.
AdvancedShelLM deploys a manager-worker multi-LLM architecture and stateful filesystem for SSH honeypots, reporting up to 99% unit-test pass rates and evidence that its outputs alter real attacker behavior in deployment.
citing papers explorer
-
Beyond Pattern Matching: Seven Cross-Domain Techniques for Prompt Injection Detection
The work introduces and partially evaluates seven cross-domain prompt injection detectors, reporting F1 gains on benchmarks like deepset/prompt-injections and indirect-injection sets via local alignment, stylometry, and fatigue tracking.
-
Ghost Without Shell: Measuring Non-Interactive SSH Attacks on Honeypots
Large-scale SSH honeypot deployment shows 99.23% of authenticated sessions are non-interactive, suggesting most attacks do not involve shell interaction.
-
AdvancedShelLM: A Stateful Multi-Agent LLM Honeypot for SSH Deception
AdvancedShelLM deploys a manager-worker multi-LLM architecture and stateful filesystem for SSH honeypots, reporting up to 99% unit-test pass rates and evidence that its outputs alter real attacker behavior in deployment.