honeyprompt
Disclaimer & data notice

What this is

honeyprompt is an independent security-research project. It observes and classifies the automated traffic that probes exposed AI services on the public internet — credential recon, inference abuse, SSRF probes, MCP exfiltration attempts, and untargeted scanning.

The dashboard publishes an aggregated classification of that observed activity. It is a measurement of automated behaviour — it is not an accusation against any identified person or organisation, and it does not assert that any specific party engaged in wrongdoing.

How data is handled

  • We publish classification, not raw captures. Displayed targets are defanged; raw observed content is not republished.
  • Source IP addresses are treated as personal data under the GDPR. Processing is on the basis of legitimate interest (operating and reporting on defensive security research). Geolocation is derived offline and only at the country/network (ASN) level for aggregate display.
  • No third-party exposure. The site uses no analytics, no cookies, no third-party scripts, no external fonts, and sends no referrer (strict Content-Security-Policy). All assets load from this origin only, so your browser contacts no outside provider. The dashboard makes zero external runtime requests.

Independence & naming

honeyprompt is an independent project and is not affiliated with, endorsed by, or connected to any other project, product, service, or domain bearing a similar name. Any resemblance in name is coincidental. References to third-party tools, models, or protocols are for descriptive purposes only and imply no affiliation.

Abuse & data requests

Reports of abuse originating from, or requests concerning data observed by, this project's infrastructure should be directed to the hosting provider's abuse contact for the relevant IP address. Data-subject requests under applicable privacy law will be handled in line with the legitimate-interest basis described above.

This notice describes current practice for a research project and is provided for transparency; it is not legal advice. Last reviewed on publication.