sundew-sh/sundew
A carnivorous honeypot for AI agents. Every deployment generates a unique persona so no two instances look alike. Detects, fingerprints, and classifies autonomous agent attacks in real time.
Based on the README, here's a technical summary: Sundew uses a **persona engine** to generate unique deployment identities at runtime—shaping endpoint paths, response formats, timing profiles, and server headers so agents gain no transferable knowledge between instances. Real-time fingerprinting scores five behavioral signals (timing consistency, enumeration patterns, headers, MCP protocol usage, prompt leakage) through a classification pipeline to distinguish human visitors from autonomous agents with ~0.9+ confidence. The honeypot exposes both **MCP server traps** with persona-appropriate tools and **REST API traps** with OpenAPI specs and AI plugin manifests—the actual attack surfaces agents target—with optional pre-generated caching via local Ollama or cloud LLMs.
Stars
6
Forks
2
Language
Python
License
Apache-2.0
Category
Last pushed
Mar 01, 2026
Commits (30d)
0
Get this data via API
curl "https://pt-edge.onrender.com/api/v1/quality/agents/sundew-sh/sundew"
Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.
Higher-rated alternatives
Nebulock-Inc/agentic-threat-hunting-framework
ATHF is a framework for agentic threat hunting - building systems that can remember, learn, and...
AgentSeal/agentseal
Security toolkit for AI agents. Scan your machine for dangerous skills and MCP configs, monitor...
cosai-oasis/secure-ai-tooling
The CoSAI Risk Map is a framework for identifying, analyzing, and mitigating security risks in...
HeadyZhang/agent-audit
Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis....
oasm-platform/open-asm
Open-source platform for cybersecurity Attack Surface Management (OASM).