Skip to main content

What is Panguard AI?

Panguard AI is an open-source cybersecurity platform designed for developers and small businesses who do not have a security team. It combines rule-based detection, local AI, and cloud AI into a single CLI tool that protects endpoints automatically. The user experience mirrors tools like Claude Code:
  1. Website — Browse plans, sign up, manage subscriptions at panguard.ai
  2. CLIpanguard login opens the browser for authentication; the token is stored locally
  3. Usage — Features are gated by subscription tier; daily operation is zero-effort

Product Suite

Panguard AI includes 8 products. Each works independently, but together they form a complete Security Operations Center in one command.

Panguard Scan

60-Second Security Audit — One-time scan producing a risk score (0-100, grades A-F) and PDF report. Covers ports, services, firewall, SSL/TLS, password policy, and more.

Panguard Guard

AI Real-Time Monitoring — Always-on protection with a 4-agent AI pipeline (Detect, Analyze, Respond, Report). 7-day learning period, 3,155 Sigma rules, 5,895 YARA rules, and auto-response capabilities.

Panguard Chat

AI Security Notifications — Translates technical alerts into plain language. Delivers via Telegram, Slack, Email, Webhook, or LINE with three tone modes: boss, developer, and it_admin.

Panguard Trap

Smart Honeypots — 8 decoy services (SSH, HTTP, FTP, SMB, MySQL, RDP, Telnet, Redis) that lure attackers, collect intelligence, and profile attacker skill levels.

Panguard Report

Compliance Reports — Auto-generate audit-ready reports for Taiwan TCSA (10 controls), ISO 27001 (30 controls), and SOC 2 (10 controls) in 60 seconds.

Panguard MCP

Model Context Protocol — Integrate Panguard security data with AI assistants and LLM-powered workflows through the MCP server.

Panguard Manager

Multi-Endpoint Management — Centralized dashboard for managing multiple Panguard agents across a fleet with policy enforcement and lifecycle management.

Threat Cloud

Collective Threat Intelligence — Anonymized threat signature sharing across the Panguard network. RESTful API with SQLite backend, automatic Sigma rule generation, and IP/domain reputation scoring.

Three-Layer AI Architecture

Panguard uses a layered AI funnel that balances speed, cost, and accuracy. Each layer handles progressively fewer — but more complex — events.
LayerTechnologyHandlesLatencyCost
Layer 1Sigma / YARA rules engine90% of events< 50ms$0
Layer 2Local AI (Ollama)7% of events~2s$0
Layer 3Cloud AI (Claude / OpenAI)3% of events~5s~$0.008/call
Resilient by design. If Cloud AI is unavailable, Local AI takes over. If Local AI is down, the rules engine keeps running. Protection never stops.
For a deep dive into the AI architecture, see Three-Layer AI.

Technology Stack

CategoryTechnology
LanguageTypeScript 5.7 (strict mode)
RuntimeNode.js 20+
Monorepopnpm 10 workspaces
TestingVitest 3 (3,017 tests / 142 files)
Detection RulesSigma (3,155) + YARA (5,895) + Suricata + Falco
AI ProvidersOllama (local) + Claude / OpenAI (cloud)
AuthenticationGoogle OAuth (PKCE) + scrypt hashing
InternationalizationEnglish + Traditional Chinese
EncryptionAES-256-GCM

Subscription Tiers

FeatureCommunitySoloProBusiness
PriceFree$9/mo$29/mo$79/mo
Machines131025
Scan (unlimited)YesYesYesYes
Guard (Layer 1 rules)YesYesYesYes
Guard (Full 3-layer AI)YesYesYes
Chat notificationsYesYesYes
Local AI (Ollama)YesYesYes
Cloud AI analysisYesYes
Trap (8 honeypots)YesYes
Compliance reportsYesYes
SIEM integrationYes
SSO and RBACYes
Dedicated supportYes

Compliance Report Pricing

Compliance reports are available as one-time purchases on Pro and Business plans:
ReportPriceControls
Taiwan TCSA$29910
ISO 27001$49930
SOC 2$69910
Bundle (all 3)$99950
Annual billing receives a 20% discount on all subscription plans. Manage your subscription at panguard.ai/pricing.

Open Source

Panguard AI is released under the MIT License. Full source code. Zero black boxes. Every line is auditable.

View on GitHub

Browse the source code, report issues, or contribute to the project.