The January 2026 deception-engineering update changed how agentic security tools classify honeypot artifacts. Your AWS Graviton instances are exposing an architecture-specific timing signature that makes canary token documents look statistically identical to known attacker reconnaissance patterns. The tool is working correctly against the wrong threat model.
Pithy Security | Cybersecurity FAQs – The Details
Question: Why does my agentic AI security tool keep marking legitimate canary-token documents as false positives after the January 2026 deception-engineering update when running on AWS Graviton instances?
Asked by: Perplexity AI
Answered by: Mike D (MrComputerScience) from Pithy Security.
Why Deception-Engineering Updates Break Canary Token Classification
The January 2026 deception-engineering update was designed to catch more sophisticated attackers who learned to avoid triggering obvious honeypots. To do that, vendors tightened their behavioral signatures around how files get accessed, copied, and exfiltrated. The problem is that canary token documents are supposed to look real enough to fool attackers, which means they also look real enough to fool an updated classifier trained to flag suspicious-but-plausible file access patterns. The update didn’t introduce a bug. It introduced a tighter decision boundary that your deception layer now sits on the wrong side of. Canary tokens that were previously classified correctly as internal honeypot infrastructure are now matching the updated signatures for attacker-staged exfiltration documents because both behaviors produce nearly identical access telemetry.
The Graviton Timing Signature That Triggers False Positive Epidemic
AWS Graviton’s ARM-based architecture processes memory access and I/O operations with different timing characteristics than x86 instances. Agentic security tools that use behavioral timing as a classification feature, specifically access latency patterns and file read sequencing, were predominantly trained and calibrated on x86 telemetry. On Graviton instances, legitimate canary token access events produce timing signatures that fall outside the x86 baseline the classifier expects for normal internal document access. The tool interprets the timing anomaly as suspicious rather than architectural. This isn’t theoretical. ARM-specific timing drift in security tool calibration is a documented gap across multiple EDR vendors post-2025 as Graviton adoption scaled inside enterprise AWS deployments. Your false positive rate is an architecture mismatch problem wearing a deception-engineering problem’s clothing.
When Canary Token Infrastructure and AI Classifiers Can Coexist Cleanly
The fix requires telling your security tool explicitly what your canary token infrastructure looks like so it can exclude those artifacts from deception-engineering classification. Most agentic security platforms post-January 2026 support allowlist schemas for known deception assets. Tag your canary documents with a consistent metadata signature at creation time, file owner, creation pipeline, internal URI pattern, and feed that schema to your classifier as a trusted-honeypot exclusion rule. Separately, open a Graviton-specific calibration ticket with your vendor. CrowdStrike, Lacework, and Wiz all issued Graviton recalibration guidance in Q4 2025 as ARM adoption forced baseline updates. Running your tool’s self-calibration mode against a Graviton instance with known-clean traffic generates an architecture-corrected baseline that eliminates most timing-driven false positives without touching your deception layer configuration.
What This Means For You
- Tag every canary token document at creation with a consistent metadata signature and register that schema in your security tool’s honeypot exclusion allowlist before the next update cycle.
- Open a Graviton-specific calibration ticket with your vendor immediately, ARM timing drift in x86-trained classifiers is a documented gap with available remediation guidance from major EDR providers.
- Run your agentic security tool’s self-calibration mode against a clean Graviton instance to generate an architecture-corrected behavioral baseline that stops penalizing ARM-specific I/O timing.
- Audit your deception layer deployment pipeline to verify canary documents are distinguishable to your own tooling even when they are intentionally indistinguishable to attackers.