Daily threat intelligence analysis generated by a local AI model running on the same Raspberry Pi 5 that operates the honeypots. No data leaves the device.
Honeypot Threat Analysis — April 20, 2026
High-severity day with 1,546 SSH connections and 196 post-auth commands from 91 unique IPs. Sustained exploitation activity.
Honeypot Threat Analysis — April 19, 2026
673 SSH connections from 90 unique IPs — the highest attacker diversity yet. Cisco credentials appear in password dictionaries.
Honeypot Threat Analysis — April 18, 2026
532 SSH connections from 78 IPs with Vietnamese IP clusters emerging as a dominant attack source.
Honeypot Threat Analysis — April 17, 2026
Medium-severity day with 351 SSH connections from 70 IPs. A brief respite in the storm of automated scanning.
Honeypot Threat Analysis — April 16, 2026
High-severity activity with 1,270 SSH connections. Attack volume cools from yesterday's critical peak but remains elevated.
Honeypot Threat Analysis — April 15, 2026
Critical threat level — 2,380 SSH connections and 365 commands from 72 IPs. The most intense attack day since deployment.
Honeypot Threat Analysis — April 14, 2026
High-severity day with 1,373 SSH connections and 195 post-auth commands. Attackers escalate from probing to active exploitation.