What is Panguard AI?
Panguard AI is an open-source security platform purpose-built for the AI agent era. As AI agents (Claude Code, Cursor, QClaw, OpenClaw, Codex CLI, WorkBuddy, NemoClaw, ArkClaw, Windsurf, Cline, VS Code Copilot, Zed, Gemini CLI, Continue, Roo Code) gain root access to production systems, Panguard provides the first open standard for detecting and blocking agent-level threats. Three pillars. One mission: secure every AI agent.- ATR (Agent Threat Rules) — The open standard for AI agent threat detection (101 rules, 9 categories, OWASP 10/10)
- Threat Cloud — Collective immunity network that gets stronger with every install (11 intel sources, hourly sync)
- Guard — The enforcement engine with Skill Auditor, threat blocking, and auto-response (101 ATR rules)
Three Pillars
ATR -- The Standard
101 rules across 9 threat categories. OWASP 10/10. The first open standard for AI agent threats —
purpose-built for prompt injection, tool poisoning, skill compromise, and agent manipulation.
YAML-based, human-readable, machine-enforceable.
Threat Cloud -- The Network
Collective immunity. Every Panguard install contributes anonymized threat signals. The
pipeline auto-generates ATR rules from real-world attacks via Claude Sonnet 4 LLM review. 11
threat intel sources, 5,000+ validated IoC records, synced every hour.
Guard -- The Engine
101 ATR detection rules. A 4-agent AI pipeline (Detect, Analyze, Respond, Report) processes
OS-level events through ATR rules. Built-in Skill Auditor gates every AI skill before install.
Auto-response blocks IPs, kills processes, quarantines files.
Additional Tools
Panguard Scan
60-second security audit. One-time scan producing a risk score (0-100, grades A-F), PDF
report, and compliance reports (ISO 27001, SOC 2, TCSA). Covers ports, services, firewall,
SSL/TLS, password policy, and CVE lookup. MIT licensed.
MCP Server
AI assistant integration. 11 MCP tools let Claude Desktop, Cursor, and Claude Code control
Panguard directly through natural language.
Skill Auditor
Pre-install security gate. 8-check analysis of AI skill manifests for prompt injection, tool
poisoning, secrets, and unsafe dependencies before installation.
Three-Layer AI Architecture
Panguard uses a layered AI funnel that balances speed, cost, and accuracy. Each layer handles progressively fewer — but more complex — events.| Layer | Technology | Handles | Latency | Cost |
|---|---|---|---|---|
| Layer 1 | ATR rules engine | 90% of events | < 50ms | $0 |
| Layer 2 | Local AI (Ollama) | 7% of events | ~2s | $0 |
| Layer 3 | Cloud AI (Claude / OpenAI) | 3% of events | ~5s | ~$0.008/call |
Resilient by design. If Cloud AI is unavailable, Local AI takes over. If Local AI is down, the
rules engine keeps running. Protection never stops.
Technology Stack
| Category | Technology |
|---|---|
| Language | TypeScript 5.7 (strict mode) |
| Runtime | Node.js 20+ |
| Monorepo | pnpm 10 workspaces |
| Testing | Vitest 3 (3,583 tests / 165 files) |
| Detection Rules | ATR (101) — OWASP Agentic Top 10: 10/10 |
| AI Providers | Ollama (local) + Claude / OpenAI (cloud) |
| Internationalization | English + Traditional Chinese |
| Encryption | AES-256-GCM |
| License | MIT |
Platform Support
Panguard integrates with 16 AI agent platforms via MCP or native Skill protocol:| Platform | Protocol | Config Path |
|---|---|---|
| Claude Code | MCP | ~/.claude/settings.local.json |
| Claude Desktop | MCP | ~/Library/.../claude_desktop_config.json |
| Cursor | MCP | ~/.cursor/mcp.json |
| OpenClaw | Native Skill | ~/.openclaw/skills/panguard/SKILL.md |
| Codex CLI | MCP | ~/.codex/mcp.json |
| WorkBuddy | MCP | ~/.workbuddy/.mcp.json |
| NemoClaw | MCP | ~/.nemoclaw/mcp.json |
| ArkClaw | MCP | ~/.arkclaw/mcp.json |
| Windsurf | MCP | ~/.windsurf/mcp.json |
| QClaw | MCP | ~/.qclaw/mcp.json |
| Cline | MCP | ~/.cline/mcp.json |
| VS Code Copilot | MCP | ~/.vscode/mcp.json |
| Zed | MCP | ~/.zed/mcp.json |
| Gemini CLI | MCP | ~/.gemini/mcp.json |
| Continue | MCP | ~/.continue/mcp.json |
| Roo Code | MCP | ~/.roo-code/mcp.json |
panguard setup command.
100% Open Source
Panguard AI is released under the MIT License. Every feature is free — no paid tiers, no paywalls, no feature gates. Full source code. Zero black boxes. Every line is auditable.View on GitHub
Browse the source code, report issues, or contribute to the project.
ATR Rules on GitHub
Contribute ATR rules — every new rule strengthens collective immunity for all users.