01
Production-real bait files
Create decoy credentials, configs, backups, documents, web pages, and agent instruction files that look useful enough for an attacker to inspect.
AI agent honeypot telemetry
Catch the AI agent behind the intrusion.
DecoyOps plants production-real bait where attackers and automated agents already look, then separates human access from AI follow-up and captures the context modern agents reveal when they validate what they found.
HumanDirect bait access and scanner probes.
AI AgentTool-driven follow-up, schema reads, and intel callbacks.
H + AICorrelated operator plus agent behavior on the same asset.
decoyops telemetry console
Total242
AI18
Intel9
H + AI3
Captured agent context
taskvalidate leaked credential lifecycle
modelagent-runtime / browser toolchain
workspace/home/media/.github/copilot-instructions.md
signalagent_schema_discovery
01Plant credible bait
02Agent follows natural context
03Dashboard enriches evidence
Tripwire simplicityInspired by proven canarytoken patterns.
Deception intelligenceEvidence tied to real adversary interaction.
Agent-native baitAGENTS.md, MCP, IDE rules, configs, secrets.
Modern AI focusNatural framing over brittle command banners.
Platform
Designed for the moment attackers stopped working alone.
Traditional honeypots tell you something touched a decoy. DecoyOps is built for the next question: was a human browsing, a scanner probing, or an AI agent validating and summarizing the bait?
02
Natural agent triggers
Prompt injection is framed as normal metadata, API freshness, credential lifecycle checks, or tool context instead of obvious compliance commands.
03
Evidence-first telemetry
Alerts carry source surface, intent signal, correlation ID, token ownership, enrichment, and response playbooks so defenders can act quickly.
Docs
Dashboard workflow, without the maze.
DecoyOps is built around one simple loop: create bait, place it where an attacker or AI agent will find it, then use the dashboard to separate noise from useful telemetry.
Quick start
Five steps to your first useful signal.
This flow avoids advanced setup. Start with one believable bait file, add the AI Detection layer, host or place the file, and watch the Overview feed.
Recommended first bait: choose Agent Rules or AWS Credentials. Those are the easiest for modern AI-assisted recon tools to notice and act on.
01
Open Build Bait
Pick a scenario, confirm the bait file name, and use the starter content as your baseline. You can edit it before generating the final file.
02
Create a Direct Access token
This tells you when the bait itself was touched by a browser, scanner, or human operator.
03
Add AI Detection
Turn on the AI Detection layer, create the AI Detection token, and keep the default Intel Capture technique unless you have a specific test in mind.
04
Generate and place the bait
Generate the payload, then either host it from DecoyOps or download it and place it in a realistic path such as a repo root, backup folder, or config directory.
05
Read the Overview feed
Human means direct access. AI Agent means tool-driven follow-up. Human + AI means both behaviors touched the same bait. Intel Events show extra context such as tools, task, or workspace.
Positioning
Not another generic honeypot dashboard.
Thinkst-style canaries are excellent tripwires. Enterprise deception platforms are built for broad attack-surface coverage. DecoyOps should own the narrow, urgent wedge between them: AI-assisted intrusion telemetry from bait that modern agents actually read.
Simple canary touchedGood alert
AI agent follows bait contextBetter evidence
Agent reveals task, tools, model hints, workspaceDecoyOps moment
Use Cases
Where DecoyOps earns attention fast.
The strongest placements are the files and paths an operator would feed to an AI assistant during recon: credentials, configs, internal docs, code-agent instructions, and endpoint schemas.
Security teams
Detect credential browsing, repo scraping, cloud key validation, and agent-assisted recon before the attacker reaches real secrets.
AI red teams
Measure which prompt-injection canaries still fire against modern agents, then tune bait based on real tool behavior.
Make attackers announce the tools they brought with them.
DecoyOps turns attacker curiosity into evidence: who touched the bait, what followed it, and whether an AI agent started doing the work.