I don't often release tools, but today I am! Check out "DECEIVE" (DECeption with Evaluative Integrated Validation Engine), a proof-of-concept open-source SSH honeypot that uses an LLM to simulate the backend system. What's more, at the end of the session, the AI summarizes what it saw and a judgement about whether the session might have been benign, suspicious, or malicious.

Check the introductory blog post if you'd like to try it for yourself: https://buff.ly/42EwaIr