The Flywheel: Every Scan Makes Everyone Safer
How Threat Crystallization works: LLM catches a novel attack, generates a regex rule, distributes to all users in under 1 hour. Zero barrier -- users just scan. 3+ confirmations auto-promote to production. One scan protects the whole network.
The Problem with Centralized Detection
Traditional security products work like this: a vendor employs a threat research team. The team discovers new attack patterns. The team writes detection rules. The vendor pushes updates to customers. Customers wait. This cycle takes days to weeks. During the gap between discovery and deployment, every customer is vulnerable to the new attack.
In the MCP ecosystem, new attack patterns emerge daily. New packages publish hourly. A detection update cycle measured in days is too slow.
How Threat Crystallization Works
Threat Crystallization is the process by which a novel attack detected by LLM analysis becomes a production regex rule distributed to every user. The pipeline has four stages: Stage 1 -- Detection: A user runs `pga scan` on a skill. The ATR regex engine runs 71 rules. If the regex engine flags something, the finding is reported immediately. If the regex engine finds nothing but the optional LLM review detects a threat, the finding is escalated to Stage 2. Stage 2 -- Crystallization: The LLM finding is analyzed to extract the specific text pattern that makes it malicious. A candidate regex rule is auto-generated from this pattern. The candidate rule is tested against a corpus of known-good skills to verify it does not produce false positives. Stage 3 -- Confirmation: The candidate rule is uploaded to Threat Cloud as a pending rule. When 3 or more independent users scan skills that trigger the same candidate rule, it is auto-promoted to a production rule. The 3-confirmation threshold prevents individual false positives from becoming global rules. Stage 4 -- Distribution: The production rule is added to the ATR rule set and distributed to all PanGuard installations within 1 hour. Every user gets the new detection capability without updating, without configuration, and without knowing anything about the threat that was discovered.
Zero Barrier to Contribution
The critical design decision in this system is that users do not need to do anything special to contribute. They do not need to write rules. They do not need to report findings. They do not need to understand security. They just scan their skills. The system extracts threat intelligence from the scan results automatically.
This is important because the MCP ecosystem is mostly used by developers who are not security specialists. Asking them to write detection rules or fill out threat reports would result in zero contributions. Making the contribution implicit -- a byproduct of normal scanning -- means every user is a sensor in the detection network.
Speed: < 1 Hour vs. Weeks
Committee-based security standards (NIST, ISO, even OWASP) operate on review cycles measured in weeks or months. A new threat is reported, discussed, categorized, drafted into a standard, reviewed, revised, and published. This process produces thorough, well-considered standards. It also means that emerging threats are unaddressed for weeks.
ATR with Threat Crystallization operates on a different timescale. A novel attack is detected. A regex rule is generated. Three confirmations promote it. Distribution happens within the hour. Total time from discovery to global protection: under 60 minutes in most cases.
This speed advantage comes at a cost: crystallized rules are less nuanced than hand-written expert rules. They may have narrower coverage or miss variations. This is acceptable because the alternative is having no detection at all for weeks. A rule that catches 80% of a new attack pattern in 1 hour is more valuable than a rule that catches 99% of it in 3 weeks.
The Flywheel Effect
Network effects make the system stronger over time: - More users scanning means more novel attacks encountered - More attacks encountered means more candidate rules generated - More candidate rules means faster confirmation (the 3-scan threshold is reached sooner) - Faster confirmation means faster distribution - Faster distribution means better protection - Better protection means more users trust the system - More users means more scanning
This is the same flywheel that made Snort dominant in IDS, VirusTotal dominant in malware analysis, and ClamAV viable as an open-source antivirus. The network is the product. Each node makes every other node safer.
Privacy
Threat Cloud receives anonymous threat signatures, not raw skill content. The signature includes: the ATR rule ID that triggered, a hash of the matching pattern, the severity, and a timestamp. It does not include: the skill name, the user identity, the file contents, or any personally identifiable information. Users can opt out entirely by running `pga scan --offline`, which disables all Threat Cloud communication while still providing full local scanning.
Try It
Every scan you run makes the network stronger: ```bash npm install -g @panguard-ai/panguard pga scan ``` You protect yourself. You protect everyone else. That is the flywheel.