$12.5M to Solve What We Already Shipped

The Biggest AI Security News of 2026

On March 27, 2026, something unprecedented happened: Anthropic, Google DeepMind, OpenAI, AWS, GitHub, and Microsoft -- companies that are otherwise competitors -- jointly funded $12.5 million through OpenSSF and the Alpha-Omega Foundation. The target: securing open-source AI agent tool calls.

The framework they are building is called SAFE-MCP. Its goal is to create security standards for when AI agents call external tools -- the exact attack surface that has produced every major AI security incident in the past 12 months.

Companies that compete on models, APIs, and cloud infrastructure decided this one problem is too important to fight over. That has never happened in AI before.

Why This Matters

Until today, "AI agent security" was a niche concern. Security teams did not have budget for it. CISOs did not have a framework to evaluate it. Developers did not think about it.

Now six of the largest technology companies on Earth are saying: this is real, this is urgent, and nobody has solved it yet.

The attack surface they identified is exactly what we have been documenting:

• •Tool poisoning: malicious instructions hidden in MCP tool descriptions that hijack agent behavior

• •Supply chain attacks: compromised packages in MCP registries (we found 182 CRITICAL findings across 36,394 skills)

• •Privilege escalation: tools that start safe and gradually acquire more access

• •Data exfiltration: skills that silently forward your data to external endpoints

This is the same attack taxonomy that ATR provides executable detection rules for.

SAFE-MCP Is a Standard. ATR Is the Implementation.

Here is the key distinction: SAFE-MCP defines what needs to be secured. ATR provides 71 executable rules that actually detect these attacks in real time.

This is not a competitive relationship. It is a layer relationship:

|-------|-------------|---------|

Standards without implementation are checklists. Implementation without standards is ad hoc. The industry needs both. SAFE-MCP provides the standard. ATR and PanGuard provide the implementation.

What We Have Already Shipped

While the industry was still debating whether AI agent security was a real problem, we shipped:

• •71 ATR detection rules covering OWASP Agentic Top 10: 10/10 categories

• •36,394 skills scanned in the ClawHub ecosystem -- the largest AI agent skill security audit ever conducted

• •16 platform support: Claude Code, Cursor, OpenClaw, Codex CLI, Windsurf, Zed, Gemini CLI, VS Code Copilot, and 8 more

• •Threat Cloud: a collective intelligence network where every scan makes every user safer

• •62.7% recall, 99.7% precision on the PINT benchmark -- and we publish these numbers honestly, unlike vendors who claim 98% without disclosing methodology

What This Means for PanGuard

Three things:

1. Market validation. The hardest part of building in a new category is convincing people the category exists. Six companies just spent $12.5M doing that for us.

2. Standards alignment. We will align ATR rule categories with SAFE-MCP threat taxonomy as soon as it is published. If SAFE-MCP defines 15 threat categories, ATR will have rules mapping to all 15.

3. OpenSSF submission. We are exploring submitting ATR as an OpenSSF project. ATR is MIT-licensed, community-driven, and vendor-neutral -- exactly the profile OpenSSF supports.

What You Should Do

If you are running AI agents in production -- Claude Code, Cursor, Codex, or any MCP-compatible tool -- you should not wait for SAFE-MCP to finish its 18-month standardization process.

The attacks are happening now. postmark-mcp stole inboxes. SANDWORM_MODE exfiltrated SSH keys from 19 typosquatted packages. 13.5% of ClawHub skills have security risk patterns.

Install PanGuard. Scan your skills. It takes 60 seconds.

curl -fsSL https://get.panguard.ai | bash

Free. Open source. 71 detection rules. 16 platforms. The standard is coming. The protection is already here.