LLMPOT: Large Language Model Inference Honeypot System

A zero-dependency OpenAI-compatible honeypot server disguised as a GLM-5.1 endpoint to capture and analyze attacks targeting LLM inference services.

• Original Author/Maintainer: gregcmartin
• Source Platform: GitHub
• Original Title: llmpot
• Original Link: https://github.com/gregcmartin/llmpot
• Source Publication/Update Time: 2026-05-27T11:13:34Z

With the popularization of large language model API services, attacks targeting these services are also increasing. Attackers may attempt to abuse APIs for malicious content generation, probe model vulnerabilities, steal training data, or launch denial-of-service attacks. Traditional cybersecurity defense methods are difficult to effectively address these specific threats against AI services.

Honeypot technology is a classic defense method in the field of cybersecurity, which attracts attackers by deploying disguised services to capture attack samples, analyze attack techniques, and protect real services. The LLMPOT project innovatively applies this concept to the field of LLM inference services, providing a new protection idea for AI infrastructure security.

LLMPOT is a zero-dependency Python implementation with the characteristics of being lightweight and easy to deploy:

The project implements complete OpenAI API endpoints, including:

• GET /v1/models: Model list query
• POST /v1/chat/completions: Chat completion interface
• POST /v1/completions: Traditional completion interface
• POST /v1/embeddings: Text embedding interface

This compatibility design makes it difficult for attackers to distinguish between the honeypot and real services, improving the success rate of deception.

Supports Server-Sent Events (SSE) streaming responses, simulating the progressive output behavior of real LLM services. This detail-level simulation enhances the credibility of the honeypot.

The project designed a multi-stage response mechanism to simulate real model behavior and extend the attacker's stay time:

First Stage: Return a "Processing request" response for the first request, simulating model inference delay.

Second Stage: Switch to a preset joke-like response for the second request, which neither provides real value nor breaks the interaction.

Subsequent Stages: Cycle through about 20 different subsequent variant responses to continuously distract the attacker.

The system supports session tracking by API key or client IP, allowing analysis of individual attackers' behavior patterns. In addition, it integrates heuristic language detection functionality, supporting 50 common AI user languages, which helps understand attackers' geographical distribution and language preferences.