HoneyContent: Wrapping Deception Storyline Content to Warrant Human and LLM Agent Attacker Evaluations of Deception Functions and Effects

Authors

  • Tim Pappa Independent researcher
  • Darin Roberts Independent researcher

DOI:

https://doi.org/10.1609/aaaiss.v9i1.42942

Abstract

This position paper suggests that presenting deception storyline content could warrant or influence human and Large Language Model (LLM) Agent attackers’ evaluations of deception functions and effects as more authentic. While there is growing attention to the need for cyber deception design that is adaptive to the cognitive and behavioral vulnerabilities of attackers, there has been limited discussion of how content and communication presenting deception storylines could influence how attackers evaluate the authenticity of real and imagined deception functions and effects on a network or host. There is perhaps even less understanding of how deception storyline content could influence LLM Agent attackers. We introduce HoneyContent, our practiced industry cyber deception model for designing and creating deception storyline content to ‘wrap’ or embed our deception functions. We will introduce warranting theory and signaling theory as the foundational content and communication frameworks we integrate to design and create our deception storyline content. We will also discuss recent findings from researchers modeling LLM Agent behaviors in response to introduction of content to misdirect their functions, namely related to informing these LLM Agents that a task was completed or that there is no need to perform a task. We recognize the similarity to presenting deception storyline content to influence humans and LLM Agent attackers. We will visualize the use of HoneyContent based on an industry cyber deception scenario that demonstrated anecdotally how this integrated design and content creation model could make deception functions look more real. We suggest that the use of generative artificial intelligence and LLM Agent defenders could further enhance warranted evaluations of these deception storylines and the embedded or wrapped deception functions and effects, because this presentation of deception storyline content is based on the behavioral vulnerabilities of these attackers.
2026 AAAI Summer Symposium Proceedings Cover

Downloads

Published

2026-06-23

How to Cite

Pappa, T., & Roberts, D. (2026). HoneyContent: Wrapping Deception Storyline Content to Warrant Human and LLM Agent Attacker Evaluations of Deception Functions and Effects. Proceedings of the AAAI Symposium Series, 9(1), 281–287. https://doi.org/10.1609/aaaiss.v9i1.42942

Issue

Vol. 9 No. 1: Proceedings of the 2026 AAAI Summer Symposium Series

Section

Human-Aware AI Agents for the Cyber Battlefield: From Human Models to Autonomous Defense (Full Papers)