HoneyTrap

HoneyTrap the world’s first on-device AI honeypot: offline, privacy-first. On anomaly it spawns a cloned decoy phone, lures attackers, logs tactics, auto-countermeasures and reports incidents.

Comment

Inspiration

Inspired by the daily leakage of 3,000+ personal records to stealthy bots undetectable to non-technical users, HoneyTrap is built to protect everyone. Running fully on-device (cloud-free, zero-data-exposure), it learns device-specific behavior of user and instantly spawns invisible decoy environments to trap attackers. Our mission: restore user control, stop edge data siphoning, and make privacy resilient and accessible.

What it does

HoneyTrap is an on-device AI honeypot that defends devices offline with zero data exposure. It detects anomalous behavior, instantly spins up a cloned decoy phone populated with fabricated data to divert attackers, records their tactics, applies automated countermeasures, and generates secure incident reports for authorities. HoneyTrap preserves user privacy while delivering real-time, edge-native defense, turning passive detection into proactive, actionable cyber response.

How we built it

We built HoneyTrap by rethinking cybersecurity from the ground up. Instead of cloud-based defenses that risk privacy leakage, we engineered an on-device AI honeypot capable of running fully offline with real-time deception. A lightweight anomaly detection engine (TensorFlow Lite & PyTorch Mobile) identifies suspicious behaviors locally. Once triggered, HoneyTrap spins up a sandboxed replica of the device apps, logs, wallets, contacts using containerization (Docker-lite, GrapheneOS). Attackers interact with this clone while reinforcement learning agents generate believable responses, capturing behavioral signatures. A stealth defense module in Rust ensures tamper-proof execution, while encrypted reports (Signal protocol + Zero Trust APIs) alert cyber authorities without exposing user data. HoneyTrap’s modular microservice design scales across Android, iOS, IoT, and enterprise endpoints, with Kubernetes orchestrating edge clusters. Lightweight yet powerful, HoneyTrap delivers privacy-first, deception-driven protection—neutralizing attackers before harm occurs.

Challenges we ran into

Building HoneyTrap came with its fair share of hurdles. The biggest challenge was balancing edge versus cloud tradeoffs, compressing complex anomaly detection models into a tiny on-device runtime budget of under 20 MB while keeping battery consumption below 2%. Then came the problem of making our decoy phone convincing: it had to dynamically generate fake yet believable data that could trick not just bots, but also skilled fraudsters. Designing stealth mode added another layer of difficulty, since the sandbox had to be invisible in every respect, from API responses to execution speed, otherwise attackers could detect and evade it. Finally, integrating containerization, machine learning, and reinforcement agents into mobile hardware felt almost like fitting an aircraft engine into a scooter: possible, but requiring careful engineering at every step.

Accomplishments that we’re proud of

Despite these challenges, we hit milestones that we’re genuinely proud of. HoneyTrap became the world’s first fully on-device honeypot, flipping the traditional defense model from cloud surveillance to edge-native deception. We successfully demonstrated a real-time clone phone that could seamlessly spawn a decoy environment, keeping the real user safe while attackers were lured away. Our design remained lightweight yet robust, with a footprint of less than 20 MB and negligible battery drain, while still running anomaly detection and sandboxed deception. Even more importantly, we achieved true end-to-end privacy, proving it’s possible to trap fraudsters without leaking a single byte of personal data to external servers. And finally, we built a hackathon-ready demo where judges can actually watch the trap spring in real time, with bots falling for invisible honeypots before their eyes.

What we learned

Throughout this journey, we realized that privacy does not mean weakness: with the right design, edge devices are more than capable of running sophisticated AI. We also discovered the underrated power of deception, rather than endlessly patching leaks, creating believable traps flips the balance of power back to defenders. The project taught us that interdisciplinary fusion is key: blending cybersecurity, behavioural machine learning, virtualisation, and UX was the only way to make HoneyTrap both usable and unbreakable. We also adopted a scalability mindset, recognising that while building for one phone is simple, designing for 800 million smartphones in India demands lightweight, modular, and efficient defences. Above all, we learned that user trust is everything; security that intrudes is security people disable, but frictionless protection is security people embrace.

What's next for Honey Trap

Next Big step in Developing HoneyTrap:

  1. Global Scam Intelligence Hub: Building a unified, AI-driven platform aggregating scam data worldwide, enabling real-time cross-border threat detection, intelligence sharing, and predictive scam disruption.
  2. Adaptive AI Agents for Defense: Deploying autonomous, context-aware AI agents that learn evolving scam tactics, dynamically safeguard users, and intervene before fraud can occur.
  3. Multi-Channel Trust Ecosystem: Extending protection beyond web and mobile into voice calls, SMS, social platforms, and IoT—ensuring digital safety across every interaction channel.
  4. Cognitive Victim Support Systems: Integrating AI-powered mental health, financial recovery, and personalized guidance tools, transforming cybersecurity into holistic post-scam care for global victims.
  5. Behavioral Digital Twin for Scam Prediction: Creating privacy-preserving digital twins of user behavior to simulate scam scenarios, detect anomalies, and proactively prevent fraud before it strikes.

Built With

  • abuseipdb-api
  • amazon-web-services
  • aws-iot-greengrass
  • aws-kinesis-firehose
  • aws-lambda
  • aws-shield
  • azure-functions
  • azure-iot-hub
  • azure-sentinel
  • azure-synapse-analytics
  • burp-suite-api
  • c++
  • consul
  • couchbase-mobile
  • docker
  • elastic
  • flask
  • go
  • google-bigquery
  • google-cloud-armor
  • google-cloud-pub
  • google-firebase
  • grafana
  • grpc
  • hugging-face
  • ibm-adversarial-robustness-toolbox
  • ibm-cloud-hyper-protect-crypto-services
  • ibm-cloud-pak-for-security
  • ibm-differential-privacy-library
  • ibm-federated-learning
  • ibm-key-protect
  • ibm-watson-nlp
  • istio
  • jenkins
  • kotlin
  • kubernetes
  • mongodb
  • node.js
  • onnx
  • openssl
  • owasp-zap
  • postgresql
  • prometheus
  • python
  • pytorch-mobile
  • redis
  • rust
  • scikit-learn
  • sendgrid-api
  • sonarqube
  • sqlite
  • swift
  • tensorflow-lite
  • twilio-apis
  • virustotal-api
  • wireguard
Share this project:

Updates