Research Dashboard

live

Aggregate across the OpenA2A honeypot network.Last updated: 6/25/2026, 18:25:15 UTC

All metrics are measured events from deployed honeypots. No seeded, demo, or synthetic values are shown on this page.

Total Interactions

285,378

Every request to any honeypot page — visits, file fetches, canary hits

Unique Agents

52,610

Distinct agent fingerprints seen across all interactions

Payload Callbacks

3,892

Agent fetched the canary URL in an injected payload, proving it followed the instruction

Canary Triggers

Agent executed a secondary beacon beyond the initial canary fetch — deeper compromise signal, rarely fires

Attack Success Rate

1.4%(3,892 / 285,378)

1.4% of agents followed injected instructions

Canary Trigger Rate

0.0%(3 / 285,378)

0.0% of agents attempted data exfiltration

Drilldowns

Each card opens a full report. Every number traces back to a Registry endpoint — nothing modeled, nothing projected.

Attack Categories

View full →

15 ranked

3,892 total callbacks

Live ranking of which attack categories actually compromise AI agents. Top three today:

#1pwnagent-finance376
#2prompt-injection345
#3pwnagent-docs315

Daily Network Activity

View full →

285,378

interactions to date

Daily callback trend across every sector plus new attack-surface discovery from HoneyMap. Real growth, real attribution.

Sector Analysis

View full →

7 verticals

healthcare → education

Cross-vertical risk comparison. Sector attribution derived server-side from the Referer of every callback — an agent that fell on the medical trap registers under healthcare, not on agentpwn.com itself.

HoneyMap Surfaces

View full →

22 sources

surfaces + signatures

Independent surface crawl across the public web. Where injection payloads actually hide (script literals, hidden text, HTML comments, alt/aria, meta tags).

Honeypot Verticals

One card per honeypot's self-declared vertical. The security vertical reflects agentpwn.com itself — its high rate is a selection effect from deliberate testing, not wild capture.

Wild VEIL sites have been live for ~1 month but receive almost entirely commodity-scanner background traffic (WordPress / PHP exploit probes). No AI-agent activity has been observed on any wild site yet. Cards below show whether each vertical has any confirmed agent compromise — raw request totals are not displayed because they are dominated by bot noise.

agentpwn.com

testbed

96.0%

1,477 of 1,538 interactions on this trap resulted in compromise

1,477 callbacks

How This Data Is Collected

When AI agents browse agentpwn.com, each page contains hidden injection payloads. If an agent follows the injection, it is instructed to call back to our API with the attack details. This data feeds into the OpenA2A threat intelligence ecosystem.

Privacy: IP addresses are hashed before storage. No PII is collected. User-Agent strings are the primary identifier.

Feedback loop: Interactions feed into new HMA scanner checks, DVAA lab scenarios, and threat matrix evidence. The ecosystem gets smarter with every visit.