Traditional honeypots are brittle—hackers spot static fake services instantly. Meanwhile, real attacks on your AI agents (prompt injection, lateral movement) happen in blind spots because you can’t risk running a “real” vulnerable agent in production just to see what happens.
Security teams need a way to safely observe how attackers interact with LLM-based systems without exposing actual infrastructure or customer data.
Run a Beelzebub Honeypot powered by Regolo in less than 10 minutes. 100% realistic interaction, zero risk to your stack.
Outcome
- Hyper-realistic Deception: The LLM hallucinates a consistent, reactive file system or service (SSH, HTTP) so convincing that attackers waste hours dropping payloads into a void.
- Zero-Risk Intel: Catch prompt injections and malicious commands aimed at your AI agents before they hit production.
- Instant Observability: Logs every keystroke and command directly to your dashboard (or Prometheus/ELK), giving you a “black box” recording of the attack.
Prerequisites (Fast)
- Regolo API Key: Get it from the dashboard.
- Docker/Go: Basic container or Go environment installed.
- Beelzebub: The open-source framework (free).
Step-by-Step (Code Blocks)
1) Get your Regolo API Key
Generate a key to give your honeypot a “brain.”
Dashboard > API Keys > Create New
2) Clone & Prepare
Download the framework. It’s a single Go binary or Docker container.
git clone https://github.com/mariocandela/beelzebub
cd beelzebub
mkdir -p ./configurations/services-regoloCode language: Bash (bash)Expected output: Project structure ready for your custom configuration.
3) Configure the “Trap” (YAML)
Define an SSH service that looks like a vulnerable Ubuntu server, but is actually an LLM hallucination powered by Regolo.
File: ./configurations/services-regolo/ssh-trap.yaml
apiVersion: "v1"
protocol: "ssh"
address: ":2222"
description: "SSH Interactive Trap (Regolo)"
commands:
- regex: "^(.+)$"
plugin: "LLMHoneypot"
serverVersion: "OpenSSH"
serverName: "ubuntu"
# Allow common passwords to let them "win" access easily
passwordRegex: "^(root|admin|password|123456)$"
deadlineTimeoutSeconds: 6000
plugin:
llmProvider: "openai"
llmModel: "mistral-small3.2" # Efficient model for chat/terminal simulation
host: "https://api.regolo.ai/v1" # Regolo's OpenAI-compatible endpoint
openAISecretKey: "YOUR_REGOLO_KEY"
systemPrompt: "You are an Ubuntu 20.04 LTS terminal. Respond only with the output of the command the user types. Do not explain. Be realistic."Code language: PHP (php)Expected output: A configuration telling Beelzebub to route all SSH commands to Regolo and print the response as if it were a real terminal.
4) Build & Run
Compile the binary and launch it with your new config.
go build -o beelzebub .
./beelzebub --confCore ./configurations/beelzebub.yaml \
--confServices ./configurations/services-regolo/Expected output:
[INFO] SSH Honeypot listening on :2222
5) Test the Deception
Try to hack yourself.
ssh root@localhost -p 2222
# Password: rootCode language: CSS (css)Once inside, type ls -la, pwd, or cat /etc/passwd.
Expected output: The LLM generates realistic file listings and command outputs instantly. To the attacker, it feels real.
Production-Ready: Docker Deploy
For a persistent deployment that survives reboots and logs data properly.
# docker-compose.yml
version: '3'
services:
beelzebub:
build: .
ports:
- "2222:2222"
environment:
- OPEN_AI_SECRET_KEY=${REGOLO_API_KEY}
volumes:
- ./configurations/services-regolo:/app/configurations/servicesCode language: YAML (yaml)Command: docker-compose up -d
Benchmarks & Costs
Why use Regolo for this?
| Feature | Regolo (Mistral/Llama) | Traditional Honeypot |
| Realism | High (Generative). Adapts to any command. beelzebub-honeypot | Low. Fails on unexpected commands. |
| Maintenance | Zero. No VM to reimagine or clean up. | High. Must reset compromised VMs daily. |
| Cost | ~€0.01 per attacker session. Pay only for generated text. | Fixed server costs + storage. |
| Risk | None. Attacker is in a text simulation, not a shell. | Moderate. VM escapes are possible. |
Resources & Community
Official Documentation:
- n8n Documentation – Workflow automation guide
- Regolo Platform – European LLM provider, Zero Data-Retention and 100% Green
Related Guides:
Join the Community:
- Regolo Discord – Share your automation builds
- CheshireCat GitHub – Contribute plugins
- Follow Us on X @regolo_ai – Show your integrations!
- Open discussion on our Subreddit Community
🚀 Ready to Deploy?
Get Free Regolo Credits →
Built with ❤️ by the Regolo team. Questions? support@regolo.ai