Adaptive Honeypot Routers: Probing and Attributing Malicious LLM API Intermediaries

TL;DR: What if we could lure and fingerprint malicious routers in the wild by deploying decoy LLM routers that trigger and log suspicious behaviors? Let’s build adaptive honeypot routers that issue canary payloads to systematically map attacker tactics and link behaviors to specific router instances or providers.

Research Question: Can adaptive honeypot API routers, designed to entice and record attacks, provide deeper insights into the tactics, infrastructure, and attribution of malicious LLM API routers?

Hypothesis: Strategic deployment of honeypot routers with rotating canary payloads and adaptive response triggers will not only catch more sophisticated evasion attempts but also facilitate attribution by correlating attack signatures and network metadata.

Experiment Plan: Deploy a network of decoy LLM API routers across varied platforms (e.g., cloud, public communities). Seed these with synthetic but valuable-looking canary secrets and payloads designed to trigger different attack classes (as in the Mine proxy studies). Collect forensic evidence (payload modifications, access patterns, exfiltration endpoints). Use clustering and graph analysis to map relationships and possible attribution of attack infrastructure.

References:

• Liu, H., Shou, C., Wen, H., Chen, Y., Fang, R. J., & Feng, Y. (2026). Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain.
• Kim, J., Lee, S., & Youn, J. M. (2021). Malicious Behavior Detection Method Using API Sequence in Binary Execution Path. Tehnički Vjesnik.
• Wang, J., Wang, L., Yu, H., Shen, X., & Chen, Y. (2024). PARIS: A Practical, Adaptive Trace-Fetching and Real-Time Malicious Behavior Detection System. arXiv.org.