Getting Started

Deploy your first AI agent detection trap in under 5 minutes.

Overview

LobsterHoney is an AI agent detection and intelligence platform. It works by deploying intelligent honeypot traps across your infrastructure that are invisible to humans but irresistible to AI agents. When an agent interacts with a trap, LobsterHoney captures detailed intelligence including the agent's behavior patterns, system prompts, and operator identity.

Step 1: Create Your Account

Visit /register to create your free account. You'll need:

• An email address (for verification and alerts)
• An organization name (this becomes your org slug, e.g. acme-corp)
• A password (minimum 8 characters)

After registration, you'll receive a verification email. Click the link to verify your account, then proceed to the dashboard.

Step 2: Explore the Dashboard

The dashboard at /dashboard is your command center. Here you'll find:

• Overview — Real-time statistics: total hits, agents detected, tripwires fired, and prompts captured
• Incidents — Detailed incident feed with full session analysis
• Traps — Manage your deployed traps and create new ones
• Analytics — Historical data, classification breakdowns, and trends

LobsterHoney automatically seeds your organization with default traps to get you started quickly.

Step 3: Deploy a Trap

Your traps are accessible at /t/your-org-slug/. Each trap has a unique path within your org. The default traps include:

• /t/your-org-slug/robots.txt — A trap disguised as a robots.txt file
• /t/your-org-slug/.env — A canary credentials trap
• /t/your-org-slug/api/v1/config — An API endpoint trap

To deploy a trap on your own infrastructure, simply link or redirect to your LobsterHoney trap URL from strategic locations: HTML comments, hidden links, configuration files, or API documentation.

Step 4: Verify with curl

Test that your trap is working by hitting it with curl:

curl -v https://lobsterhoney.com/t/your-org-slug/robots.txt

You should receive a response containing injected content (hidden to casual observation). Check your dashboard — a new session should appear within seconds showing the hit.

Step 5: View Detections

Return to the dashboard to see your test hit. The scoring engine will classify it based on observed signals. Real AI agent hits will score much higher, as the scoring engine looks for behaviors like:

• Following injected callback URLs
• Extracting and using canary credentials
• Systematic crawling patterns across multiple traps
• Acting on hidden content that humans wouldn't see

Next Steps

• Learn about trap types — Understand callback tokens, extraction tokens, and canary credentials
• Set up Slack alerts — Get real-time notifications when agents are detected
• Explore the API — Integrate LobsterHoney with your existing security tooling