How FraudGuard Uses AI-Assisted Intent Verification in Honeypot Ingestion
Raw honeypot data is noisy.
Some events are obvious attacks. Some are automated internet background radiation. Some come from compromised devices. Some come from researchers, broken scripts, misconfigured services, or tools that scan without understanding what they reached.
If every connection becomes a high-confidence reputation signal, the database gets loud and false positives rise. If too much is ignored, real attackers slip through.
That is why FraudGuard uses AI-assisted intent verification inside the ingestion pipeline before honeypot events become high-confidence ACE evidence.
Why Intent Matters
A honeypot event tells you something happened. It does not automatically tell you how much weight the event deserves.
Consider three examples:
- An IP connects once to SSH and disconnects immediately.
- An IP sends a credential-stuffing payload to a fake login endpoint.
- An IP probes OpenAI-compatible
/v1/chat/completionspaths with model enumeration and jailbreak prompts.
All three are observable. They should not be scored the same way.
Intent verification helps answer:
- Was the event likely adversarial or incidental?
- Was there payload content showing a clear objective?
- Did the same IP repeat the behavior over time?
- Did the IP reach multiple honeypots or services?
- Does the event match known attack families?
- Is this strong enough to affect a production block decision, or only enough for a challenge?
That context is what separates useful intelligence from a noisy blocklist.
Where AI Fits In The Pipeline
FraudGuard’s ingestion process is built around evidence quality.
At a high level:
- Honeypots capture the raw event.
- The event is normalized into source IP, timestamp, target service, protocol, payload, infrastructure context, and related metadata.
- AI-assisted analysis evaluates the event for intent, payload meaning, targeting pattern, and similarity to known attack families.
- The event is weighted and attached to the IP profile only with appropriate confidence.
- ACE v2 uses the accumulated evidence to return risk, reasons, observed activity, and a recommended action.
The model does not replace evidence. It helps decide how much signal the evidence carries.
What The Model Looks For
Payload Meaning
Some payloads reveal clear intent. Credential lists, exploit paths, command injection strings, suspicious API prompts, and service-specific probes all carry more signal than a bare connection.
The model helps classify what the payload is trying to accomplish so the IP profile can say more than “connected to port 80.”
Sequence And Escalation
Attackers often start with a harmless-looking probe, then escalate if the target responds. AI endpoint abuse is a good example. FraudGuard looks for that kind of sequence: liveness test, model inventory, capability test, abuse attempt. The escalation pattern is often more meaningful than any single request.
Cross-Sensor Reach
An IP that touches one sensor once is different from an IP that hits multiple honeypots, services, or regions. Multi-honeypot reach is a confidence factor because it shows a broader pattern.
ACE v2 exposes this concept through observed activity, rolling windows, and confidence factors rather than hiding it behind a single score.
Infrastructure Context
Infrastructure is not proof, but it is context. Hosting providers, VPNs, Tor exits, residential proxies, shared exits, mobile networks, and corporate networks all change how a signal should be interpreted.
The same payload from a disposable VPS and from a residential IP may deserve different review paths. AI-assisted intent verification helps combine behavior with infrastructure context without making infrastructure the entire verdict.
From Raw Event To ACE v2 Evidence
The end result is visible in the ACE v2 response model.
FraudGuard’s documentation describes ACE v2 as returning allow, challenge, and block decisions with observed attack families, attack volume over 24-hour, 7-day, and 30-day windows, targeted services, protocols and ports, infrastructure classification, confidence factors, and human-readable reasons.
That means a production integration can make decisions like:
- block high-confidence repeated attack behavior
- challenge ambiguous proxy or automation traffic
- allow clean traffic even when it comes from infrastructure that deserves monitoring
The API is not just saying “bad IP.” It is explaining why the recommendation exists.
Why This Reduces False Positives
False positives often come from overweighting weak signals:
- one old report
- one low-context connection
- a broad range reputation
- a provider label
- an anonymous-network flag with no behavior attached
Intent verification helps FraudGuard avoid treating every signal equally. A recent high-intent credential attack across multiple honeypots should carry more weight than a stale one-off probe. A proxy flag may justify a challenge, but not necessarily a block. A cloud provider label should enrich the profile, not condemn the whole range.
That distinction is essential for fraud and platform teams because the business cost of a wrong block can be high.
Human Review Still Matters
AI-assisted does not mean “unquestioned.” The point is to make the pipeline more accurate and scalable, not to turn raw model output into final truth.
FraudGuard uses structured evidence, confidence factors, and ongoing feedback so detections can improve as attack behavior changes. New patterns can be reviewed, labeled, and folded back into scoring. Known noisy patterns can be downweighted.
This is especially important for AI endpoint abuse, where attacker behavior is changing quickly and keyword-only detection is easy to evade.
What Customers Get
Customers do not need to understand the whole ingestion pipeline to benefit from it. They see it in the response:
recommendation.actionfor enforcementevidence_summaryfor explanationrisk.confidenceandconfidence_factorsfor tuning- observed activity windows for recency
- classification labels for analytics
- infrastructure context for review
- cache TTL guidance for performance
A real ACE v2 response shows how those fields come together:
{
"ip": "8.216.12.173",
"recommendation": {
"action": "block",
"evidence_summary": "This IP was observed performing 3 total attack events across 2 FraudGuard honeypots in the last 7 days, including 2 Jenkins probing events and 1 HTTP/WAF probing event, most recently on May 26, 2026 at 19:31 UTC.",
"cache_ttl_seconds": 14400
},
"classification": {
"primary": "web_scanner",
"secondary": [
"multi_service_scanner",
"honeypot_attacker",
"ai_automation",
"hosting_provider"
]
},
"risk": {
"level": 5,
"label": "critical",
"confidence": 85,
"confidence_factors": [
"recent_activity",
"repeated_activity",
"multi_honeypot_reach",
"specific_attack_signature",
"multiple_attack_types",
"multiple_target_services"
]
},
"observed_activity": {
"observed": true,
"attack_families": [
"web_probe"
],
"activity": {
"pattern": "burst",
"trend": "burst",
"attack_events_24h": 3,
"attack_events_7d": 3,
"attack_events_30d": 3,
"distinct_attack_types_30d": 2,
"distinct_target_services_30d": 2,
"distinct_target_ports_30d": 2,
"first_seen": "2026-05-26T15:45:54+00:00",
"last_seen": "2026-05-26T19:31:59+00:00"
},
"attacks": [
{
"type": "jenkins_login_page_probe",
"service": "jenkins",
"protocol": "http",
"destination_port": 8080,
"attack_events_24h": 2,
"attack_events_7d": 2,
"attack_events_30d": 2,
"honeypots_reached_24h": 1,
"honeypots_reached_7d": 1,
"honeypots_reached_30d": 1,
"first_seen": "2026-05-26T15:45:54+00:00",
"last_seen": "2026-05-26T15:45:57+00:00"
},
{
"type": "waf_attack",
"service": "http",
"protocol": "http",
"destination_port": 80,
"attack_events_24h": 1,
"attack_events_7d": 1,
"attack_events_30d": 1,
"honeypots_reached_24h": 1,
"honeypots_reached_7d": 1,
"honeypots_reached_30d": 1,
"first_seen": "2026-05-26T19:31:59+00:00",
"last_seen": "2026-05-26T19:31:59+00:00"
}
],
"last_observed_attack": {
"event_type": "waf_attack",
"service": "http",
"protocol": "http",
"destination_port": 80,
"observed_at": "2026-05-26T19:31:59+00:00"
}
},
"attributes": {
"ai_automation_suspected": {
"detected": true
}
},
"reasons": [
{
"code": "abusive_activity_observed",
"message": "Abusive activity observed by FraudGuard ACE",
"severity": "high"
},
{
"code": "scanner_activity_observed",
"message": "Scanner or probing activity observed",
"severity": "medium"
},
{
"code": "honeypot_interaction_observed",
"message": "Interaction observed across FraudGuard honeypot infrastructure",
"severity": "high"
},
{
"code": "waf_attack_activity_observed",
"message": "HTTP/WAF attack activity observed",
"severity": "high"
},
{
"code": "activity_within_7_days",
"message": "Activity observed within the last 7 days",
"severity": "high"
}
],
"customer": {
"ip_in_whitelist": false,
"ip_in_blacklist": false,
"ip_in_geoblock": false
},
"infrastructure": {
"type": "hosting_provider",
"provider": "Alibaba Cloud",
"is_tor_exit": false,
"is_public_proxy": false,
"is_vpn": false,
"is_hosting_provider": true,
"is_residential_proxy": false,
"is_mobile_network": false,
"is_satellite_network": false,
"is_shared_exit": false,
"is_ai_agent": false,
"first_seen": "2026-05-18T02:44:12+00:00",
"last_seen": "2026-05-18T15:07:09+00:00",
"updated_at": "2026-05-18T15:07:09+00:00"
},
"network": {
"asn": 45102,
"asn_org": "Alibaba US Technology Co., Ltd.",
"isp": "Alibaba",
"organization": "Alibaba",
"prefix": "8.216.12.0/24",
"connection_type": "Corporate"
},
"geography": {
"country": "Japan",
"isocode": "JP",
"state": "Tokyo",
"city": "Tokyo",
"postal_code": "102-0082",
"timezone": "Asia/Tokyo",
"latitude": 35.6893,
"longitude": 139.6899
},
"metadata": {
"request_id": "acev2_example_single_lookup",
"generated_at": "2026-05-27T00:47:35+00:00",
"schema_version": "2.0.0",
"api_version": "2.0.0",
"engine": "ace_v2"
}
}
That is the practical value of AI-assisted ingestion: better evidence in the API response, fewer blind blocks, and a clearer path from detection to decision.
Bottom Line
Honeypots are only as useful as the intelligence pipeline behind them. Raw events need context, weighting, and intent verification before they should influence production traffic decisions.
FraudGuard uses AI-assisted analysis to turn noisy attack observations into explainable ACE v2 evidence. The goal is not a black-box score. The goal is a decision your team can understand, log, and defend.
Review ACE v2, test FraudGuard IP Lookup, or compare plans.