Skip to main content
Panguard Threat Cloud is a community-driven threat intelligence platform built around ATR (Agent Threat Rules) proposals and consensus. When any scanner (CLI, Website, or Guard) detects a suspicious pattern in an MCP skill, it submits a proposal to Threat Cloud. Other scanners that encounter the same pattern confirm it. Once a proposal reaches 3 or more confirmations, it is automatically promoted to a confirmed rule and distributed to all connected scanners.

The Flywheel

The core loop that makes Threat Cloud increasingly effective over time: 
Scan skill ──> Findings ──> TC proposal ──> Community consensus ──> Confirmed rule ──> Distributed to all scanners
                                                    ^                                           |
                                                    └───────────────────────────────────────────┘
  1. Scan — Any scanner (CLI panguard audit skill, Website, or Guard skill watcher) scans a skill
  2. Propose — High-severity findings generate an ATR proposal with a pattern hash
  3. Confirm — Other scanners encountering the same pattern hash increment the confirmation count
  4. Promote — At 3+ confirmations, the proposal is auto-promoted to a confirmed rule
  5. Distribute — Confirmed rules are served via GET /api/atr-rules to all scanners
  6. Strengthen — Scanners load confirmed rules, improving detection, which generates more proposals
Each cycle through the flywheel adds detection capability to the entire network.

ATR Proposals

ATR proposals are the primary mechanism for community threat intelligence in Threat Cloud.

Pattern Hash

Every proposal is identified by a pattern hash — a deterministic identifier computed from the scan findings:
  • Format: scan:{skillName}:{findingSummary} hashed with SHA-256, truncated to 16 hex characters
  • The scan: prefix ensures CLI, Website, and Guard all produce identical hashes for the same threat pattern
  • Hash computation is handled by @panguard-ai/scan-core so all scanner implementations agree

Proposal Lifecycle

StageDescription
PendingNew proposal submitted, awaiting community confirmation
Confirmed3+ independent scanners have confirmed the same pattern hash
PromotedConfirmed proposal converted to a distributable ATR rule
RejectedLLM reviewer flagged the proposal as a false positive

Submitting a Proposal

Proposals are submitted automatically when a scanner detects high-severity findings. The endpoint is POST /api/atr-proposals. Each submission includes the pattern hash, the proposed rule content, and the LLM model that generated the self-review verdict. If the pattern hash already exists, the submission counts as a confirmation rather than a new proposal.

Community Consensus

Threat Cloud uses a simple, transparent consensus mechanism:
  • Each unique scanner instance (identified by an anonymous client ID) can confirm a proposal once
  • When a proposal reaches 3 or more confirmations, it is automatically promoted to confirmed status
  • No manual review is required for community consensus — the process is fully automated
  • The promoteConfirmedProposals() function handles promotion on each sync cycle
This means a threat pattern must be independently detected by at least 3 separate scanners before it becomes a confirmed rule. This reduces false positives while keeping the pipeline fully automated.

LLM Reviewer

Threat Cloud includes an automated LLM reviewer (Claude Sonnet 4) that evaluates ATR proposals for production readiness. The LLM reviewer assesses:
CriterionWhat It Checks
False positive riskWhether the pattern would flag legitimate skills (low / medium / high)
Coverage scoreHow well the rule covers the intended threat category
Detection specificityWhether the rule is precise enough to avoid noise
Response proportionalityWhether the suggested severity matches the actual risk
YAML validityWhether the proposed rule is well-formed
LLM review runs automatically on new proposals via the POST /api/analyze-skills endpoint. A proposal can be promoted through either path:
  • Community consensus alone: 3+ confirmations, even without LLM review
  • LLM approved + community confirmed: Highest confidence promotion
If the LLM reviewer explicitly rejects a proposal, community consensus cannot override the rejection.

Rule Distribution

Confirmed ATR rules are distributed to all scanners via a single endpoint: 
GET /api/atr-rules
GET /api/atr-rules?since=2025-01-01T00:00:00Z
The ?since= parameter allows incremental fetching — scanners only download rules confirmed after their last sync. Guard agents sync automatically every hour. CLI and Website fetch rules on each scan invocation.

IoC Feeds

In addition to ATR rules, Threat Cloud also distributes traditional IoC feeds:
EndpointFormatDescription
GET /api/feeds/ip-blocklisttext/plainKnown malicious IPs (one per line)
GET /api/feeds/domain-blocklisttext/plainKnown malicious domains (one per line)
GET /api/skill-blacklistJSONCommunity-reported unsafe skills
Both feed endpoints accept an optional ?minReputation= parameter to filter by confidence level.

What Gets Synced

Every hour, your Guard agent exchanges data with Threat Cloud:
DirectionDataDescription
UploadATR proposalsPattern hash + proposed rule content for new threat patterns
UploadScan eventsAnonymized scan results from CLI, Website, or Guard
UploadSkill threatsAnonymized skill audit findings
DownloadConfirmed ATR rulesCommunity-confirmed detection rules
DownloadIP blocklistKnown malicious IPs
DownloadDomain blocklistKnown malicious domains

Quick Start

No configuration needed. Guard automatically connects to the public Threat Cloud when started: 
panguard guard start --dashboard
Threat Cloud sync happens automatically every hour in the background. Your agent contributes anonymized threat data and receives updated ATR rules and IoC feeds.
Zero configuration required. The public Threat Cloud at tc.panguard.ai is free for all Panguard users. No API key needed for standard agent sync.

API Endpoints

MethodEndpointDescription
POST/api/atr-proposalsSubmit or confirm an ATR proposal
GET/api/atr-rulesFetch confirmed ATR rules (supports ?since= filter)
POST/api/skill-threatsSubmit skill threat from audit
POST/api/analyze-skillsSubmit scan results for server-side LLM analysis
POST/api/scan-eventsReport scan events (bulk/CLI/web)
GET/api/feeds/ip-blocklistIP blocklist feed
GET/api/feeds/domain-blocklistDomain blocklist feed
GET/api/skill-blacklistCommunity skill blacklist
GET/api/statsThreat statistics
GET/api/metricsAggregated metrics (cached 60s)
GET/healthHealth check

Private Instances

For organizations requiring isolated threat intelligence infrastructure, private Threat Cloud instances are available. Contact us for deployment options.

Contact for Private Instance

Organizations can deploy dedicated Threat Cloud infrastructure.

Privacy

Anonymized data, zero telemetry, and opt-out controls.

API Reference

REST API for querying and submitting threat intelligence.