cd /news/artificial-intelligence/wtf-is-llm-honeypotting · home topics artificial-intelligence article
[ARTICLE · art-63074] src=digiday.com ↗ pub= topic=artificial-intelligence verified=true sentiment=· neutral

WTF is LLM honeypotting?

Publishers and e-commerce brands are testing a new defensive tactic called 'LLM honeypotting' to fight back against AI crawlers from companies like OpenAI, Google, and Meta. The technique lures bots into useless content mazes or feeds them statistically coherent nonsense, aiming to raise scrapers' compute costs and degrade model quality. Early adopters include large e-commerce brands and news publishers, though the approach remains experimental and controversial.

read6 min views1 publishedJul 17, 2026
WTF is LLM honeypotting?
Image: Digiday (auto-discovered)

Join us on July 30 in NYC for a breakfast & panel

APPLY TO ATTEND Publishers and e-commerce brands under siege from AI crawlers are starting to fight back with an old security trick updated for the LLM era: “LLM honeypotting.”

The term refers to a deception tactic that lures bots into plausible-looking but ultimately useless information like content mazes, driving up their compute costs and polluting their models. The goal: break the economics of large‑scale scraping.

That’s the theory. The reality is messier.

It’s early and experimental, but it’s caught the eye of a small but growing number of publishers and e-commerce brands.

Here’s a bit more about it for those who are curious.

**Is this an old or a new tactic? **

It’s a new application of an old technique. As OpenAI, Google, Meta and a long tail of third‑party scrapers have stepped up crawling of publisher and brand sites, a parallel industry of defensive tools has started to form. One such tool is LLM honeypotting, which is a subset of a broader family of techniques known as deception.

As Simon Wistow, co‑founder of CDN vendor Fastly, explained, deception has long been used in security to “change the economics of attacking” rather than just blocking traffic. The idea is simple: if you can make it meaningfully more expensive for someone to abuse your systems than they stand to gain, entire business models start to fall apart.

Applied to LLMs and web scrapers, that means treating certain visitors as attackers, whether they’re obvious bad actors or simply unwanted bots.

**So how does it work? **

There are a bunch of variations. One is simply to force them to do extra work: using proof‑of‑work challenges or subtle slowdowns so large botnets suddenly face a real compute bill for every page they hit, while humans barely notice.

Another is trapping them in “infinite content mazes”: generating endless, highly plausible-looking but ultimately gibberish pages that only bots will ever see, wasting their time and compute budgets.

You can also poison their models or retrieval systems: feeding LLMs statistically coherent nonsense so that, when that data is ingested, it degrades the quality of answers or forces hallucinations, undermining trust in free-riding systems that never paid for access.

Does this just make the misinformation problem worse?

Not in the way people usually mean. Wistow argues LLM honeypots aren’t about pushing political or cultural narratives. Rather than pushing stories like “immigrants eat swans” they feed models statistically coherent nonsense, he noted. If that shows up in AI answers it’s a sign a free-riding model has been polluted, not evidence of a target disinformation campaign. It degrades quality, but it’s a different problem to classic misinformation campaigns.

“Hallucinations happen even with good data, just because of the way LLMs work,” said Wistow. “This is about changing the economics for the people abusing your site, not running some giant disinformation campaign.”

Who’s actually using this, and what are they trying to achieve?

So far, LLM honeypotting is mostly being tested by a small group of publishers and e-commerce brands, rather than the mass market. Wistow wouldn’t name specific customers beyond noting that some large e-commerce brands are using it with initial success and that interest is coming from both classic news publishers and e-commerce players.

The main objective is less about theatrically “punishing” big AI firms and more about changing the economics for a long tail of scrapers that currently crawl at near‑zero marginal cost. Instead of just blocking them, the aim is to make sure each request costs those scrapers real money while yielding less useful data.

Won’t shady scrapers just spin up new bots and dodge this?

Some industry execs argue that determined “gray” scrapers will simply abandon one botnet and spin up another, limiting how much pressure honeypots can really apply.

Frederick Jahn, co-founder of Centennal, and himself an AI builder, thinks LLM honeypotting is too easy to spot and work around. In practice, the maze or gibberish pages often don’t even get shown to stealth crawlers, because the protections fail to detect them as bots in the first place.

“I think it’s a good concept, but more on a marketing level, and like a gimmick, but not really getting anyone to the real goal,” he said. “The only real way to fight to change the position of publishers is to create friction on the protection level,” he added.

Others, like Wistow, counter that the point isn’t to wipe out scraping so much as to make the underlying business model uneconomic. “If they could burn through that 10 million funding in one crawl then suddenly those businesses aren’t viable and suddenly the whole market collapses, and that’s kind of what you’re going for,” he said.

What are the downsides for publishers? #

Infinite content mazes aren’t free and cost more to create than simply blocking the bot. “If you’ve got a particularly dumb bot and it breaches, you put it into an infinite content maze, and then you look back five days later, and it’s looked at 20 million pages. How much does that cost you? How much was the incremental cost…of keeping that fake thing going?”

So how sustainable is this really – and should more publishers be doing it?

Wistow stresses this is not a one‑size‑fits‑all solution or a switch every publisher needs to flip. If your site is simple and cheap to serve, the economics probably don’t stack up. For larger, more complex sites with expensive pages and real revenue at stake, the math looks different. There, the combination of raising costs for scrapers and the psychological benefit of “fighting back” can justify the experiment – especially if they’re already on an edge platform (like Fastly, Cloudflare of Akamai) that makes the extra compute cheaper.

But even then, he’s clear: this is early, bespoke and experimental, not table stakes. As he put it, publishers who are even thinking about these defences “are ahead of the curve,” not behind it.

For some publishers, it would only ever be an absolute last resort. “If a viable sustainable [ecosystem] doesn’t occur shortly… if something’s not done like that, then as a last hurrah, I can see publishers doing that,” said Chris Dicker, CEO of Candr Media. However, he added that, if that were to occur, the impact on the open web would be “horrendous.”

More in Media

[
Why a once-anonymous creator unmasked herself to build a bigger media brand ](https://digiday.com/media/why-a-once-anonymous-creator-unmasked-herself-to-build-a-bigger-media-brand/)

Kristi Cook used to YouTube anonymously. Once she revealed her face, her account became wildly popular.

[
Creators are crashing through Hollywood, but there’s a ceiling ](https://digiday.com/media/creators-are-crashing-through-hollywood-but-theres-a-ceiling/)

Hollywood is tapping creators for hit horror films, unique IP, and cameos, but there are limits to their star power in its current state.

[
Media Briefing: AI visibility is becoming publishers’ newest currency ](https://digiday.com/media/media-briefing-ai-visibility-is-becoming-publishers-newest-currency/)

Publishers are embracing AI visibility as the next must-have metric, using their prominence in AI answer engines to attract advertisers.

── more in #artificial-intelligence 4 stories · sorted by recency
── more on @openai 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/wtf-is-llm-honeypott…] indexed:0 read:6min 2026-07-17 ·