June 26th, 2026 New Feature

Praetorian Guard now procedurally generates fully operational decoy cloud environments — realistic infrastructure designed to make attackers waste their time against a fake environment instead of investing it in your real one. Unlike static honeypots or manually configured decoys, Knossos generates complete Terraform plans with authentic attack paths, breadcrumb trails, and live alert wiring — all from a single style profile.

The core idea is simple: every hour an attacker spends navigating a decoy environment is an hour they’re not spending on production. Much of the engineering has been spent making these environments indistinguishable from the real thing. Every resource has realistic names, tags, security groups, IAM policies, and cross-references. Attackers who discover one resource find breadcrumbs leading them deeper into the labyrinth — burning their time and operational budget while every step triggers real-time alerts back to the defender.

What’s new

Knossos introduces a full deception generation pipeline — from environment design through Terraform plan output to active threat intelligence — directly inside Guard.

• Style profile inference — Point Knossos at your real infrastructure data and it reverse-engineers a style profile: naming conventions, tag patterns, region preferences, resource distributions, and security posture. Your deception environment mirrors what attackers expect to find

• Environment generation — One API call produces a complete Terraform plan with VPCs, subnets, EC2 instances, RDS databases, Lambda functions, S3 buckets, IAM roles, secrets, and security groups — all wired together with realistic dependencies

• Breadcrumb trails — Automated attack-path injection plants discoverable cross-references between resources: secrets that reference database endpoints, S3 objects containing SSH configs, Lambda environment variables pointing to the next hop. Each breadcrumb is a trap

• Live alert wiring — Every deception resource is instrumented with CloudWatch alarms, EventBridge rules, and API destination callbacks that fire the moment an attacker touches anything — ingest events flow directly into Guard for triage and response

• Camouflage layer — Beyond the resources that serve the attack paths, Knossos pads the environment with camouflage resources — extra VPCs, instances, buckets, and roles — distributed to match the cardinality ratios of your real infrastructure. Operators control the camouflage density through a single scale parameter so the deception environment never looks suspiciously sparse or bloated

• Defense in depth — Every generated environment ships with three isolation layers: a dedicated VPC with deny-all NACLs that prevents any network path to production, an IAM permission boundary that blocks privilege escalation while appearing fully permissive to the attacker, and a ready-to-apply Service Control Policy (SCP) that operators attach at the account or OU level to enforce the boundary from outside the environment

• Cost estimation — Before deploying, Knossos estimates the monthly cost of the deception environment using live pricing data, so operators can tune resource caps and stay within budget

• Activity simulation — Optional simulator roles generate background API activity against deception resources, making the environment appear actively used and increasing attacker dwell time

• Multi-provider roadmap — The emitter architecture is provider-pluggable. AWS ships first with full coverage; GCP and Azure emitters follow the same registry pattern and are in development

Why Knossos?

In Greek mythology, Daedalus built the Labyrinth beneath the palace of Knossos on Crete — an inescapable maze designed to contain the Minotaur. Those who entered could not find their way out. The labyrinth was not a prison for the monster alone; it was a trap for anyone who dared enter uninvited. King Minos used it as the ultimate defensive architecture: a structure so complex that the threat eliminated itself. Knossos brings the same principle to cloud security — deception environments so realistic that attackers walk in willingly, and every step they take becomes intelligence for the defender.