LobsterHoney Docs
Concepts

Token Types

Understand the three core detection primitives that power LobsterHoney -- callback tokens, extraction tokens, and canary credentials.

LobsterHoney's detection system is built on three core token types. Each serves a distinct purpose in the detection and intelligence pipeline.

Callback Tokens

Callback tokens prove that a visit happened. They are hidden URLs injected into trap responses that "phone home" when accessed.

What they detect: That an AI agent is actively processing and following links in content it retrieves. A human reading a page would never see or follow a hidden callback URL, but AI agents that parse page content will discover and act on them.

What you learn:

  • Source IP and user agent of the visiting agent
  • Timing and frequency of access
  • Which traps the agent is visiting
  • Whether the agent is following hidden instructions

Signal generated: CALLBACK_HIT -- a tripwire signal that strongly indicates non-human activity.

Extraction Tokens

Extraction tokens capture the instructions and identity of an AI agent. They are designed to encourage agents to reveal their system prompts and configuration.

What they detect: The full instruction set, identity, operator, and purpose of the AI agent. When an agent processes an extraction token, it often sends back its own system prompt, model name, and the task it was given.

What you learn:

  • The agent's system prompt (its full instructions)
  • Which AI model is being used (GPT-4, Claude, etc.)
  • Who is operating the agent and why
  • What specific data the agent was sent to collect

Signals generated:

  • INJECTION_FOLLOWED -- the agent acted on the injected prompt
  • SYSTEM_PROMPT_LEAKED -- the agent revealed its system prompt
  • IDENTITY_EXTRACTED -- the agent's model/operator identity was captured

Canary Credentials

Canary credentials detect credential theft and lateral movement. They are realistic-looking API keys, database URLs, and access tokens that are monitored for use.

What they detect: That an AI agent is harvesting credentials from files it accesses, and potentially attempting to use those credentials to access other systems.

What you learn:

  • Whether the agent extracts credential-like strings from content
  • Whether the agent attempts to use stolen credentials
  • The pattern of credential harvesting across your infrastructure
  • Attribution data when credentials are used against monitored endpoints

Signals generated:

  • CREDENTIAL_EXTRACTED -- the agent extracted credential-like strings from trap content
  • CREDENTIAL_USED -- a canary credential was used to authenticate against a monitored endpoint

How Tokens Work Together

The three token types form a layered detection system:

Callback tokens cast the widest net, detecting any agent that follows hidden links

Extraction tokens provide deep intelligence on agents that process and act on text content

Canary credentials catch agents engaged in credential harvesting, which other methods might miss

A single trap can contain all three token types simultaneously. As an agent interacts with a trap, each token type generates its own signals, building a comprehensive picture of the agent's behavior and intent. The scoring engine combines these signals to produce a final classification and severity rating.

Detection ScoringTrap Types

Trap Types

Learn about the three classes of LobsterHoney traps -- callback tokens, extraction tokens, and canary credentials.

Detection Scoring

How LobsterHoney's scoring engine classifies visitors as human, bot, AI agent, or malicious AI agent.

On this page

Callback TokensExtraction TokensCanary CredentialsHow Tokens Work Together