Speakers
Description
We demonstrate efforts to collect threat intelligence by provisioning honeypot infrastructure and the synergy between honeypots and Large Language Models. We show data from the GN5-2 honeynet, including Kibana-based visualisations, and our pipelines, including sandboxing infrastructure. Monitoring with T-Pot and LangFuse enables behavioural analysis by tracking session abandonments caused by LLM failures (e.g. unrealistic interaction). LLMs, besides opportunities, also bring risks. A honeypot designed to engage attackers may enable prompt injection attacks. Thus, we compare robust (secure) system prompts with poorly crafted ones that expose system details or allow instruction hijacking. Prompt quality influences detection accuracy and attack resistance.
