Trust & Security
Deadfall is designed with privacy and security as core principles.Security Guarantees
Local Processing
- Runs entirely locally — No cloud dependencies
- No telemetry — Usage data never leaves your machine
- No account required — No signup, no tracking
- Works offline — No internet required for core features
Open Source
Deadfall is fully open source under the MIT license:What Deadfall Stores
Configuration File (deadfall.json)
- File paths with traps
- Unique tokens for correlation
- Trap types and creation times
Alert Log (deadfall_alerts.log)
Plain-text log file with timestamps and alert details:Threat Model
What Deadfall Protects Against
| Threat | How |
|---|---|
| AI agent compromise | Cognitive honeypots detect instruction following |
| Credential-seeking agents | Honeypot tools attract and alert on access attempts |
| Unknown threats | AI-specific traps are read automatically by assistants |
What Deadfall Does NOT Protect Against
| Threat | Why | Mitigation |
|---|---|---|
| Real-time blocking | Deadfall detects, doesn’t prevent | Use Tollgate |
| Non-AI threats | Relies on instruction-following behavior | Use traditional honeypots |
| Disabled MCP server | Traps require the server running | Keep server running |
Trust Boundaries
Trusted
- Deadfall binary — Built from open source
- Local filesystem — OS-level security
- MCP client — Configured by user
Untrusted
- AI agents — May be compromised
- Network — Webhook delivery should use HTTPS
Best Practices
File Permissions
Git Ignore
Always add to.gitignore:
Webhook Security
If using webhook alerts, always use HTTPS URLs and keep webhook URLs secret.Reporting Security Issues
Report security vulnerabilities to:- GitHub Security Advisories: https://github.com/dotsetlabs/deadfall/security