The honeypi00 sensor has been collecting packets for over two years. Raw rotated syslog files, compressed, stacked on disk. A billion records of adversaries probing, scanning, spraying credentials, and dropping payloads against a machine that exists solely to watch them try. SensorGrind_AI, which landed in late May across five commits from initial checkin to performance-tuned pipeline, turns that corpus into structured, actionable threat intelligence without sending a single byte off the machine.
The pipeline starts with a problem most sensor operators quietly ignore: clock skew. The honeypi00’s hardware clock has been intermittently resetting to February 14, 2019 since late September 2025. The consolidator script detects per-file skew by anchoring against FortiGate timestamps and newsyslog ISO-UTC prefixes embedded in the same syslog stream, then rewrites every event to its real wallclock arrival time. Without this correction, two years of data would be hopelessly tangled across phantom dates.
From there, the parser converts the corrected merged log into four Parquet tables: per-packet observations, deduplicated payload blobs, layer-7 classified events, and extracted indicators of compromise. One billion packets collapse to 97 million distinct payload SHA-256 hashes. DuckDB provides the analytical query layer over these daily-partitioned tables.
The orchestrator, evolve.py, builds a dependency graph from explicit edges and inferred glob-overlap between each stage’s declared inputs and outputs, then dispatches independent stages across a process pool. A skip-if-fresh cache prevents redundant reruns. The result is a pipeline that processes the full corpus end-to-end in six and a half hours, or re-runs individual stages in minutes when only part of the analysis has changed.
“1,108,150,395 packets. 996,354 unique source IPs. 22,687,221 extracted IOCs. Six hours, thirty-five minutes.”
— Pipeline Run Statistics
Traditional honeypots simulate services with scripted response tables. Adversaries fingerprint them quickly. HoneyAI takes a different approach: each protocol handler is a thin transport layer in front of an LLM that plays a specific role—a Linux shell, an FTP server, a Telnet device. The model generates the responses the adversary sees, conditioned on persistent state about the fictional host. No adversary command is ever executed. The “filesystem,” “process table,” and “network state” are JSON structures the model has been told about.
The architecture is structured as six concentric defensive rings, each assuming the previous has been breached: code quality (AST lint, hash-pinned deps, fuzz, property tests), process posture (privilege drop, NO_NEW_PRIVS, dumpable=0), syscall sandbox (seccomp-bpf strict allowlist), filesystem and memory (Landlock, mount namespace, W^X), resources and network (setrlimit, no DNS at runtime, nftables on UID), and AI-layer defense (XML data envelope, censor model, schema validation). No containers. No systemd dependency. The isolation comes from native Linux primitives applied in-process.
The project shipped May 21st with 6,257 lines of Python, 69 tests, seven Architecture Decision Records, and 8,375 lines of documentation including a full threat model, defensive engineering spec, persona forge specification, and operations runbook. Multi-AI architecture reviews from Codex and Gemini validated the design before implementation began. Version 0.1 ships SSH only; Telnet, FTP, and HTTP expand the attack surface in later releases.
Existing LLM benchmarking tools target datacenters. They assume Kubernetes, Grafana, and a fleet. LocalLLMPerf_AI targets a Framework Desktop with a Ryzen AI Max+ 395 and 128 GB of unified RAM quietly serving agents through an OpenAI-compatible endpoint. Started and shipped to v0.1 on May 11th: 5,131 lines of Python, 44 unit tests, one integration test, verified end-to-end against a 120B model on a three-node llama.cpp RPC cluster connected via Thunderbolt.
The key architectural insight is the dual-channel design. The inference channel is standard OpenAI-compatible HTTP. The telemetry channel uses ZeroMQ REQ/REP with msgpack payloads, polling companion agents on each cluster node at 10 Hz for CPU, GPU, NPU, memory, network, and thermal snapshots. This lets the harness correlate what the user sees (TTFT, inter-token latency, throughput, goodput) with what the cluster is doing internally (which GPU is saturated, which Thunderbolt link is pinned). Every metric carries bootstrap confidence intervals.
The analysis stages group into six families. The foundation layer runs 16 base analyzers and builds per-IP feature vectors. The ML chain trains a LightGBM threat classifier with temporal train/test splits and SHAP explanations, then batch-scores every IP and computes composite risk from ML confidence, persistence, breadth, exploit signatures, botnet indicators, and infrastructure patterns.
The pattern and longitudinal family is where SensorGrind earns its name. FP-Growth discovers frequent itemsets with lift and conviction gates; Wilson lower-confidence-bound promotion filters noise. HDBSCAN clusters actors with persistence gating. PELT change-point detection with mBIC penalty identifies regime shifts. STL-detrended cross-correlation finds lagged relationships between signal types. Kaplan-Meier survival analysis tracks actor cohort lifetimes. Campaign detection isolates coordinated bursts.
Deep packet analysis covers payload decoding, protocol anomalies, pacing analysis, and comparison against SANS Internet Storm Center data. Leiden community detection on the cooperating-actor graph identifies infrastructure sharing patterns. AI-driven stages handle payload understanding and actor profiling for discovered communities.
The pipeline culminates in the cross-analyzer correlator: 18 hand-coded rules that look for multi-signal patterns (SS7 reconnaissance, synchronized campaign bursts, tight recent campaigns) and feed each finding to an LLM for structured conclusions covering what happened, why it matters, the threat model, risk assessment, and recommended defender actions. The final report runs 18+ sections with a TL;DR executive summary at the top.
RatCatcher_AI, checked in May 25th, runs a three-stage neural network pipeline on a Raspberry Pi 5 to identify birds by genus and species and detect pest animals at bird feeders in real time. Two Arducam 12MP cameras feed frames through MOG2 motion filtering (saving 90% of compute on empty frames), YOLOv8n object detection on a Hailo-8L NPU at 35 FPS, and MobileNet V2 INT8 species classification covering 965 known birds with 50 Western US feeder species mapped by name. All detections log to SQLite with thumbnails and optional video clips. The system runs 24/7 in an IP65 weatherproof enclosure powered by a UPS HAT and solar panel. 4,728 lines of Python, 51 tests.
··· “Frustrating adversaries since the dial-up era” · GitHub: rondilley · 47 Repositories and Counting ···
The May 31st pipeline run surfaced 1,867 distinct payload campaigns, with the largest coordinated burst peaking on May 19th as a multi-vector botnet push. SIGTRAN and SS7 probing of telco signaling planes appeared from CN-clustered infrastructure across 16 source IPs. An RDP credential spray campaign reused the “hello” mstshash cookie across 1,476 distinct IPs over six years of observations. Leiden community detection identified 2,153 actor communities of four or more cooperating members, and the cross-analyzer correlator flagged 19 cross-signal findings—seven critical, six high, six medium—each with LLM-generated conclusions explaining the threat model and recommended response.
HoneyAI does not hardcode system responses. A Persona Forge generates fictional but internally consistent host identities: bash histories, process tables, filesystem trees, network state, and login banners. Each persona is backed by a structured JSON document that the LLM consults on every adversary interaction. The Forge specification runs 961 lines. Renderer modules translate the LLM’s internal responses into protocol-correct wire format—SSH escape sequences, FTP status codes, Telnet IAC negotiations—so the adversary sees authentic protocol behavior even though the underlying “system” is entirely fictional.
The Framework LED Monitor Daemon—a C implementation that displays real-time CPU, memory, battery, disk I/O, and network metrics on Framework Laptop 16 LED input modules—received a minor update on May 17th correcting the attribution last name for the original Python implementation author. The daemon itself, which uses multi-threaded architecture with adaptive brightness and systemd integration, continues to run on Ron’s daily-driver laptop.
The month’s output tells a story about the detection side of security. SensorGrind grinds raw honeypot telemetry into structured threat intelligence. HoneyAI reimagines the honeypot itself as an AI-driven deception platform. RatCatcher applies neural network detection to a different kind of adversary entirely. LocalLLMPerf measures the local inference infrastructure that powers the AI in all of them. Four projects, four angles on the same question: what do you see, and how fast can you make sense of it?
The honeypi00 sensor’s real-time clock has been intermittently resetting to 2019-02-14 since September 2025. The consolidator detects per-file skew by finding FortiGate date= time= tz= lines and newsyslog ISO-UTC prefixes in the same syslog stream, then rewrites both the leading ISO timestamp column and each event’s embedded PacketTime: field. The skew dossier is preserved as both markdown and Parquet for auditability.
Adversary “commands” are never executed. They are evaluated as prompts, and the LLM’s output is returned verbatim as if it were the system’s response. This is a load-bearing safety property: the “filesystem” and “processes” are JSON, not real. The seccomp-bpf filter enforces a strict syscall allowlist; violations trigger SIGSYS. Landlock restricts filesystem visibility. Nftables rules scoped to the process UID block all outbound network except the protocol listeners.
HTTP telemetry scraping at 10 Hz across four cluster nodes means 40 round trips per second with kilobytes of header overhead wrapping 200 bytes of actual data. ZeroMQ REQ/REP with msgpack payloads eliminates the framing waste and, critically, allows the harness to poll on request-aligned timestamps rather than on the scraper’s clock. When a benchmark request arrives at T=0, the harness captures cluster state at exact 100ms offsets through the response lifecycle.
MOG2 background subtraction runs on every frame at 320×240 resolution with morphological cleanup (3×3 erode, 7×7 dilate) and a 0.5% minimum contour area gate. A grid-based cooldown system (8×6 cells, 2-second default) prevents duplicate detections from the same region. Optional ROI polygon masking restricts detection zones. The result: 90% of frames skip neural network inference entirely, preserving the RPi 5’s compute budget for frames that actually contain visitors.