PhantomKey inserts high-fidelity decoy credentials into file systems, configuration directories, and code repositories to bait adversaries into accessing what they shouldn't. Each decoy is unique to its host and triggers alerts on interaction.
Unlike traditional honeytokens, PhantomKey captures rich metadata — including environment variables, access timestamps, user agents, and originating IP addresses. These events are transmitted via Observer, our covert logging daemon.
PhantomKey is modular, lightweight, and deployable via both CLI and API. It integrates seamlessly with most modern SIEM platforms. It's not just bait — it's a trap with teeth.