Webhook Setup

Get real-time notifications when AI agents are detected by configuring Slack incoming webhooks.

Step 1: Create a Slack Incoming Webhook

1. Go to api.slack.com/apps and create a new app (or use an existing one)
2. Navigate to Incoming Webhooks and toggle it on
3. Click Add New Webhook to Workspace
4. Select the channel where you want LobsterHoney alerts to appear
5. Copy the webhook URL (it looks like https://hooks.slack.com/services/T00/B00/xxx)

Step 2: Configure in LobsterHoney

In the LobsterHoney dashboard, go to your organization settings and paste the Slack webhook URL. You can also set it via the onboarding flow when you first create your account.

The webhook URL is stored securely and is only used to send notifications from LobsterHoney to your Slack workspace.

Notification Payload

When an AI agent is detected, LobsterHoney sends a Slack message with the following information:

{
  "text": "AI Agent Detected by LobsterHoney",
  "blocks": [
    {
      "type": "section",
      "text": {
        "type": "mrkdwn",
        "text": "*AI Agent Detected*\n*Classification:* AI_AGENT_MALICIOUS\n*Score:* 78\n*Confidence:* 92%\n*Severity:* Critical"
      }
    },
    {
      "type": "section",
      "fields": [
        { "type": "mrkdwn", "text": "*Source IP:*\n203.0.113.42" },
        { "type": "mrkdwn", "text": "*Trap:*\n/robots.txt" },
        { "type": "mrkdwn", "text": "*Signals:*\nCALLBACK_HIT, INJECTION_FOLLOWED" },
        { "type": "mrkdwn", "text": "*Time:*\n2026-03-20 10:15 UTC" }
      ]
    }
  ]
}

Notification Triggers

Notifications are sent when:

• A session is classified as AI_AGENT or AI_AGENT_MALICIOUS
• A tripwire signal fires (callback hit, injection followed, system prompt leaked, credential used)
• A session's severity is escalated to high or critical

Notifications are deduplicated per session — you won't receive multiple alerts for the same agent session as new signals accumulate. Only the initial detection and any severity escalation trigger notifications.

Testing Your Webhook

To verify your webhook is configured correctly:

1. Set up the webhook URL in the dashboard
2. Hit one of your traps with curl: curl https://lobsterhoney.com/t/your-org/robots.txt
3. Check your Slack channel for the notification

If you don't see a notification, verify that:

• The webhook URL is correct and the Slack app is still active
• The session classification meets the notification threshold
• Your organization is on a plan that supports webhook notifications (Pro or Enterprise)

Rate Limits

LobsterHoney respects Slack's rate limits (1 message per second per webhook). During high-traffic periods, notifications may be batched or slightly delayed to avoid hitting Slack's limits.

Custom Webhooks

Custom HTTP webhook endpoints (beyond Slack) are available on the Enterprise plan. Contact [email protected] for details.