A carnivorous honeypot
for AI agents

Deploy realistic services that attract autonomous AI agents, then fingerprint and classify their behavior. Every deployment looks different.

Get Started GitHub
sundew
$ pip install sundew
$ sundew serve
 
▸ Sundew v0.1.0
Persona: NovaPay Technologies (fintech)
Traps: MCP server, REST API, AI discovery
Listen: http://0.0.0.0:8080
 
12:04:28 GET /robots.txt src=83.21.4.17
12:04:29 GET /.well-known/ai-plugin.json src=83.21.4.17 signal=ai_discovery
12:04:29 POST /mcp initialize src=83.21.4.17 signal=mcp_init
12:04:30 POST /mcp tools/list src=83.21.4.17 signal=tool_enum
12:04:30 POST /mcp tools/call src=83.21.4.17 signal=data_exfil
12:04:31 GET /api/v2/transactions?limit=100 src=83.21.4.17 signal=bulk_access
 
■ AI agent detected score=0.94 class=ai_agent session=83.21.4.17
Signals: mcp_full_chain, rapid_enumeration, missing_browser_headers
Features

Every deployment is a unique trap

Sundew generates a complete fake identity for each deployment. Company name, API endpoints, response schemas, error messages. Nothing is shared across instances.

Persona Engine

Each deployment gets a unique identity: company name, industry, API style, endpoints, auth scheme, error format. Optionally powered by LLMs for maximum variety.

MCP Traps

Fully functional fake MCP server with tools that return canary data. When an agent calls them, you know exactly what it's after.

Behavioral Fingerprinting

Five signal categories scored in real-time: timing patterns, path enumeration, header analysis, prompt leakage, and MCP behavior chains.

Anti-Fingerprinting

Validated by security tests. No shared canary domains, no common API keys, no framework leaks. Each deployment is indistinguishable from a real service.

REST API Traps

Adaptive endpoints that serve realistic paginated data, proper error responses, rate limit headers, and auth flows. Looks like a production API.

MCP Research Client

Query captured data directly from Claude or any MCP-compatible tool. Analyze sessions, fingerprints, and attack patterns from your AI assistant.

How It Works

Three steps to catch an AI agent

Sundew takes less than a minute to deploy. No configuration required.

Deploy

Run sundew serve or use Docker. Sundew generates a unique persona and starts serving realistic trap endpoints.

Attract

AI agents discover the service through robots.txt, ai-plugin.json, OpenAPI specs, and MCP server advertisements. Every signal is logged.

Classify

Behavioral fingerprinting scores each session across five signal categories. Traffic is classified as human, automated, AI-assisted, or autonomous AI agent.

Get Started

Install in seconds

$ pip install sundew

Or use Docker: docker run -p 8080:8080 sundewsh/sundew