Skip to main content
Every Panguard agent connects to the public Threat Cloud automatically. No configuration, no API key, no account required.

Default Connection

When you start Guard, it connects to tc.panguard.ai automatically: 
panguard guard start --dashboard
That’s it. Your agent is now part of the collective intelligence network.

What Happens Automatically

IntervalAction
On startupLoad bundled ATR rules from local install
Every 1 hourSync with Threat Cloud: download new rules, upload anonymized threats
On threat detectionSubmit anonymized event data to Threat Cloud
On skill auditReport safe/unsafe skill fingerprints

Custom Endpoint

To point your agent at a different Threat Cloud instance: 
panguard guard start --threat-cloud https://your-server:8080
Or set the environment variable: 
export TC_ENDPOINT=https://your-server:8080
panguard guard start
Or in ~/.panguard/config.json: 
{
  "threatCloudEndpoint": "https://your-server:8080",
  "threatCloudApiKey": "your-api-key"
}

Offline Mode

Guard works fully offline. If Threat Cloud is unreachable:
  • Bundled ATR rules (61) continue to function
  • Local AI (Ollama) handles analysis
  • Events queue locally and sync when connectivity returns
  • Protection never stops
# Explicitly disable Threat Cloud sync
panguard guard start --no-cloud

Private Instances

For organizations requiring isolated infrastructure or data sovereignty compliance, private Threat Cloud instances are available as a managed service.

Contact for Private Instance

Organizations can deploy dedicated Threat Cloud infrastructure with custom feeds, retention policies, and network isolation.

Verify Connection

Check your agent’s Threat Cloud status: 
panguard status --json

{
  "threatCloud": {
    "connected": true,
    "endpoint": "https://tc.panguard.ai/api",
    "lastSync": "2026-03-13T08:00:00Z",
    "rulesReceived": 247,
    "threatsSubmitted": 12
  }
}
Or view it in the dashboard at http://127.0.0.1:9100 (Threat Cloud page).