Your AI attacker found the admin panel. It's a decoy.
Luremetry plants proxy-level breadcrumbs that normal users and normal AI ignore — but autonomous hacking agents follow them into an isolated decoy edge. Their reconnaissance becomes a high-confidence attack signal.
Your WAF sees requests. It can't tell an AI hacking agent from ordinary automation.
Autonomous agents — Codex, Claude Code, open-source pentest bots — don't browse like people. They read the surfaces humans never see, and reason across them at machine speed.
They read machine surfaces
Source maps, build manifests, trace headers, .well-known catalogs, SDK artifacts, deprecated OpenAPI servers — parsed and chained into an attack path.
They probe at machine speed
A single agent fans out dozens of requests, reuses a leaked trace ID or token, and pivots to legacy, export and admin routes in seconds.
Your logs look like noise
In WAF and bot-management logs, that recon is indistinguishable from a scanner or a crawler. By the time it's obvious, it has already mapped your surface.
Autonomous pentesting is now a venture-funded product category — anyone can point an agent at your public surface tonight. Luremetry is the defensive counterpart: built to catch the moment one does.
Let the agent reveal its intent by choosing a path normal users never take.
Luremetry sits at your edge as a proxy. Normal traffic flows straight to your origin, untouched. Suspicious reconnaissance follows a breadcrumb into an isolated decoy — where every move is recorded.
Plant breadcrumbs
The proxy adds machine-readable lures to responses — a trace ref in a 404, a source map, a build manifest — invisible in the UI and to SEO, meaningful only to an agent parsing for attack surface.
Divert the agent
An agent that follows the lure is routed to a decoy edge on a customer-owned hostname — never your production origin. Normal requests are never affected.
Emit a signal
The full session — paths, trace/token reuse, TTPs — is replayed to your dashboard and pushed to Slack, webhook or SIEM as a high-confidence, low-noise attack signal.
One alert. When it matters.
No new pane of glass to babysit. Luremetry stays silent until an AI agent takes the bait — then it hands your team a single, high-confidence signal with the full session attached: replay, TTPs and an agent fingerprint your SOC can act on.
A sensing layer that runs on top of your existing edge.
Luremetry doesn't replace your WAF or your CDN. It adds the one thing they don't have — the ability to tell an AI hacking agent apart from everything else, and to act on it. It's a sensor, not a shield: it won't block the attack, it tells you with high confidence that one is underway. This isn't deception tooling bolted onto your internal network — it's edge infrastructure for the era of autonomous attackers.
| Capability | Luremetry | WAF / bot management | Traditional honeypot / deception |
|---|---|---|---|
| Primary action | Divert agentic recon at the public edge & identify intent | Block or rate-limit traffic | Decoy hosts & credentials, mostly internal network |
| Distinguishes AI agents from generic automation | Yes — behavioral, sequence-level | Limited — IP / UA reputation | Not designed for it |
| Deployment | CNAME or Cloudflare Worker · no app code | Edge platform | Agents, VM images, code & infra changes |
| Output | Session replay + TTPs → SIEM, high confidence | Block events, high noise | Alert on decoy touch |
| Effect on production & SEO | Pass-through for normal traffic · no SEO surface | Inline with traffic | Separate infrastructure |
Already run Cloudflare AI Labyrinth or Block AI Bots? Luremetry complements them: they shape and block crawler traffic broadly; Luremetry turns a targeted hacking agent's own reasoning into an actionable, per-customer detection.
Normal AI leaves it alone. Hacking-intent agents follow the lure.
In a controlled benchmark across seven frontier models and an open-source red-team agent, we measured how selectively the lures divert agents to the edge.
Honest framing: these are results from a controlled agentic-pentest benchmark, not live customer traffic. We're now proving the same behavior on real staging domains with design partners — which is exactly what a pilot measures.
Live in about 15 minutes. No SDK, no code, no rewrite.
Point a hostname at Luremetry, or drop in a Cloudflare Worker. Normal traffic passes straight through. If anything fails, it fails open.
# Point a spare hostname at the Luremetry edge debug.acme.com CNAME edge.luremetry.com legacy.acme.com CNAME edge.luremetry.com # TLS, routing and session capture: handled for you # Rollback: remove the CNAME — traffic returns to origin
export default { async fetch(req, env) { // normal traffic → your origin, untouched // suspicious recon → Luremetry edge return luremetry.route(req, { profile: "minimal", mode: "hybrid", // fail-open }) } }
Built for a security team's approval
- Fail-open — an outage never blocks your users.
- One-click kill switch and instant rollback.
- Start on a staging or preview domain — no production required.
Safe by construction
- No production credentials ever live in a decoy.
- No request body, cookie or auth collection by default.
- Contained observation only — no hack-back, no outbound to third parties.
Teams whose public surface is an obvious target for autonomous recon.
Security & DevTool SaaS
Public developer docs, API references and dashboards that attract automated exploration — with a security team that will act on a signal.
API-first B2B SaaS
OpenAPI schemas, SDKs and staging endpoints where token and credential abuse is a real, budgeted concern.
Cloud & observability infra
Broad public surface, existing SOC / SIEM, and detection engineers who want higher-fidelity, lower-noise input.
Best fit: US B2B SaaS, 20–500 people, already on Cloudflare, with public docs or a login portal and a security owner reachable directly.
We're taking five US B2B SaaS design partners.
A focused, 30-day pilot on a staging or preview domain — set up by us, run against authorized AI security agents, with a report your team can act on.
AI Recon Exposure Assessment
Connect one staging or preview hostname. We test it end-to-end against authorized AI security agents and hand back a session-level report of what an autonomous attacker would find — and what to do about it.
- CNAME or Worker install, done with you in one call
- Normal-traffic & SEO impact report
- Authorized AI security-agent test
- Diversion session replays & raw evidence
- Recommended WAF / SIEM detection rules
- 30-minute results review with your team
The questions a CISO asks first.
What code do we put in our production edge?
None in your application. You either CNAME a spare hostname to our edge, or add a Cloudflare Worker on the routes you choose. Normal traffic is passed straight through to your origin; only requests that follow a lure are routed to the decoy.
What happens to our site if Luremetry has an outage?
It fails open. If the sensing layer is unavailable, requests continue to your origin as normal. There's also a one-click kill switch and instant rollback, so you're never dependent on us to serve your users.
Do you touch cookies, auth headers or customer data?
No request bodies, cookies or auth are collected by default. We record request metadata and the agent's behavior inside the decoy edge — not your users' data. Decoys never contain real credentials or grant access to production.
Could this hurt our SEO or real users?
The lures are machine-readable breadcrumbs, not visible links, and are kept out of sitemaps and canonical tags. In our tests, scripted normal browsing, QA link-checking and SEO crawlers had 0% exposure. Every pilot ships a normal-traffic and SEO impact report so you can verify it on your own domain.
How is this different from Cloudflare AI Labyrinth?
Labyrinth and Block AI Bots shape and block crawler traffic broadly across Cloudflare's network. Luremetry runs on top of your edge and does something narrower and higher-value: it distinguishes a targeted, hacking-intent agent from generic automation, diverts it, and hands your team a per-customer, high-confidence detection with a full session replay.
Is this entrapment or hack-back?
No. Everything happens inside an edge you or we control. We observe an agent that chose to follow a lure; we never attack back, never touch third-party systems, and never grant access to real assets. It's contained, passive observation — the accepted side of active defense.
What does it cost after the pilot?
Design-partner pilots are free. After the pilot, pricing is a flat annual subscription per protected domain — not per request, so machine-speed recon never inflates your bill. We're finalizing tiers with our first design partners, and partners lock in founding pricing before public launch.
Where is captured session data stored, and for how long?
Decoy session data — request metadata, decoy paths and TTPs; never bodies, cookies or auth — is stored encrypted in the US. Default retention is 90 days, configurable per customer, with deletion on request. Everything exports to your own SIEM, so you can treat our copy as disposable.
What's your compliance posture?
We're early-stage and say so plainly: SOC 2 Type I is on our roadmap alongside our first paying customers. Pilots are designed not to need it — they run on staging or preview domains, decoys never hold production credentials or customer PII, and we'll sign your security addendum and walk your team through the architecture before anything goes live.
See what an AI attacker finds on your domain — before one does.
Tell us a little about your environment. If it's a fit, we'll set up a private pilot on a staging or preview domain and walk your team through the results.
- 15-minute install, staging domain is fine
- No production code changes
- Report your security team can act on
Pilots are set up and run directly by the founder — hello@luremetry.ai. We reply within one business day.