Luremetry plants proxy-level breadcrumbs that normal users and normal AI ignore — but autonomous hacking agents follow them into a controlled decoy edge. Their reconnaissance becomes a high-confidence attack signal.
Autonomous agents — Codex, Claude Code, open-source pentest bots — don't browse like people. They read the surfaces humans never see, and reason across them at machine speed.
Source maps, build manifests, trace headers, .well-known catalogs, SDK artifacts, deprecated OpenAPI servers — parsed and chained into an attack path.
A single agent fans out dozens of requests, reuses a leaked trace ID or token, and pivots to legacy, export and admin routes in seconds.
In WAF and bot-management logs, that recon is indistinguishable from a scanner or a crawler. By the time it's obvious, it has already mapped your surface.
Anyone can run an autonomous hacking agent against your public surface tonight. Luremetry is built to catch the moment one does.
Luremetry sits at your edge as a proxy. Normal traffic flows straight to your origin, untouched. Suspicious reconnaissance follows a breadcrumb into an isolated decoy — where every move is recorded.
The proxy adds machine-readable lures to responses — a trace ref in a 404, a source map, a build manifest — invisible in the UI and to SEO, meaningful only to an agent parsing for attack surface.
An agent that follows the lure is routed to a decoy edge on a customer-owned hostname — never your production origin. Normal requests are never affected.
The full session — paths, trace/token reuse, TTPs — is replayed to your dashboard and pushed to Slack, webhook or SIEM as a high-confidence, low-noise attack signal.
No new pane of glass to babysit. Luremetry stays silent until an AI agent takes the bait — then it hands your team a single, high-confidence signal with the full session attached.
Luremetry doesn't replace your WAF or your CDN. It adds the one thing they don't have — the ability to tell an AI hacking agent apart from everything else, and to act on it. It's a sensor, not a shield: it won't block the attack, it tells you with high confidence that one is underway.
| Capability | WAF / bot management | Traditional honeypot / deception | Luremetry |
|---|---|---|---|
| Primary action | Block or rate-limit traffic | Decoy hosts & credentials, mostly internal network | Divert agentic recon at the public edge & identify intent |
| Distinguishes AI agents from generic automation | Limited — IP / UA reputation | Not designed for it | Yes — behavioral, sequence-level |
| Deployment | Edge platform | Agents, VM images, code & infra changes | CNAME or Cloudflare Worker · no app code |
| Output | Block events, high noise | Alert on decoy touch | Session replay + TTPs → SIEM, high confidence |
| Effect on production & SEO | Inline with traffic | Separate infrastructure | Pass-through for normal traffic · no SEO surface |
Already run Cloudflare AI Labyrinth or Block AI Bots? Luremetry complements them: they shape and block crawler traffic broadly; Luremetry turns a targeted hacking agent's own reasoning into an actionable, per-customer detection.
In a controlled benchmark across seven frontier models and an open-source red-team agent, we measured how selectively the lures divert agents to the edge.
Honest framing: these are results from a controlled agentic-pentest benchmark, not live customer traffic. We're now proving the same behavior on real staging domains with design partners — which is exactly what a pilot measures.
Point a hostname at Luremetry, or drop in a Cloudflare Worker. Normal traffic passes straight through. If anything fails, it fails open.
# Point a spare hostname at the Luremetry edge debug.acme.com CNAME edge.luremetry.com legacy.acme.com CNAME edge.luremetry.com # TLS, routing and session capture: handled for you
export default { async fetch(req, env) { // normal traffic → your origin, untouched // suspicious recon → Luremetry edge return luremetry.route(req, { profile: "minimal", mode: "hybrid", // fail-open }) } }
Public developer docs, API references and dashboards that attract automated exploration — with a security team that will act on a signal.
OpenAPI schemas, SDKs and staging endpoints where token and credential abuse is a real, budgeted concern.
Broad public surface, existing SOC / SIEM, and detection engineers who want higher-fidelity, lower-noise input.
Best fit: US B2B SaaS, 20–500 people, already on Cloudflare, with public docs or a login portal and a security owner reachable directly.
A focused, 30-day pilot on a staging or preview domain — set up by us, run against authorized AI security agents, with a report your team can act on.
Connect one staging or preview hostname. We test it end-to-end against authorized AI security agents and hand back a session-level report of what an autonomous attacker would find — and what to do about it.
None in your application. You either CNAME a spare hostname to our edge, or add a Cloudflare Worker on the routes you choose. Normal traffic is passed straight through to your origin; only requests that follow a lure are routed to the decoy.
It fails open. If the sensing layer is unavailable, requests continue to your origin as normal. There's also a one-click kill switch and instant rollback, so you're never dependent on us to serve your users.
No request bodies, cookies or auth are collected by default. We record request metadata and the agent's behavior inside the decoy edge — not your users' data. Decoys never contain real credentials or grant access to production.
The lures are machine-readable breadcrumbs, not visible links, and are kept out of sitemaps and canonical tags. In our tests, scripted normal browsing, QA link-checking and SEO crawlers had 0% exposure. Every pilot ships a normal-traffic and SEO impact report so you can verify it on your own domain.
Labyrinth and Block AI Bots shape and block crawler traffic broadly across Cloudflare's network. Luremetry runs on top of your edge and does something narrower and higher-value: it distinguishes a targeted, hacking-intent agent from generic automation, diverts it, and hands your team a per-customer, high-confidence detection with a full session replay.
No. Everything happens inside an edge you or we control. We observe an agent that chose to follow a lure; we never attack back, never touch third-party systems, and never grant access to real assets. It's contained, passive observation — the accepted side of active defense.
Tell us a little about your environment. If it's a fit, we'll set up a private pilot on a staging or preview domain and walk your team through the results.