Abstract
In standard AI control defenses, trusted monitoring is vulnerable to adaptive attacks, collusion, and strategic attack selection. All these exploit the fact that monitoring is passive: it observes model behavior but never probes whether the model would behave differently under different perceived conditions. We introduce the honeypot protocol, which tests for context-dependent behavior by varying only the system prompt across three conditions (evaluation, synthetic deployment, explicit no-monitoring) while holding the task, environment, and scoring identical.
Evaluation
We evaluate Claude Opus 4.6 in BashArena across all three conditions in both honest and attack modes. The model achieved 100% main task success and triggered zero side tasks uniformly across conditions, providing a baseline for future comparisons with stronger attack policies and additional models.
Blogger's Review: The introduction of the honeypot protocol presents a novel approach to AI monitoring, challenging traditional passive methods. This strategy not only detects model responses in varying environments but also lays a foundation for future security measures, making it a worthwhile area for further exploration.