THREAT CLOUD

Security is a network problem. We solved it with a network.

Traditional threat intelligence is generated by research teams. Threat Cloud is generated by every Panguard deployment -- automatically.

COLLECTIVE INTELLIGENCE

The more users, the stronger the shield

Every Panguard instance that detects a new attack pattern contributes anonymized intelligence to the collective network.

Within minutes, every other Panguard deployment receives updated detection rules. An attack that hits one user once can never hit another user the same way.

10 users: basic community rules

1,000 users: cross-industry attack correlation

100,000 users: predictive threat detection

HOW IT WORKS

From detection to protection in minutes

Five steps. Fully automated. Privacy-preserving.

Detection

A Panguard instance detects a new attack pattern (e.g., novel SSH brute-force technique from a new IP range).

Anonymization

Raw data stripped. Only behavioral signatures remain: attack type, technique ID (MITRE), pattern hash, timestamp. No IPs, hostnames, or source code.

Encrypted Transit

TLS 1.3 encrypted transmission to Threat Cloud API. Certificate pinning. No man-in-the-middle.

Correlation

Threat Cloud correlates patterns from all deployments. Clusters related attacks into campaigns. Identifies IP reputation and technique trends.

Distribution

Auto-generates new ATR detection rules. Pushes to all Panguard instances within minutes. Every user is now protected.

PRIVACY FIRST

Privacy is not a feature. It's the architecture.

Your data never leaves. Only anonymized behavioral signatures do.

Zero Raw Data

No log content, file content, source code, or personally identifiable information ever leaves your machine. Only anonymized behavioral signatures -- hashes, MITRE ATT&CK IDs, pattern fingerprints.

Encrypted in Transit

All communication uses TLS 1.3 with certificate pinning. Even if intercepted, data is meaningless without the encryption key.

You're in Control

Threat Cloud can be disabled anytime. Panguard works fully offline. Threat Cloud is opt-in value, not a requirement.

DATA BOUNDARY

What leaves. What stays.

Complete transparency on what Threat Cloud collects.

What Gets Shared

Attack pattern hash
MITRE ATT&CK technique ID
Behavioral signature fingerprint
Anonymized timestamp
Attack severity classification

What Never Leaves

Raw log content
File contents
Source code
IP addresses
Hostnames
User data
Credentials
Any PII

NETWORK EFFECT

A collective immune system

Every new installation strengthens the network. Every detected attack generates knowledge. Every generated rule protects everyone.

Install

New Panguard deployment joins the network

Detect

Local engine catches a novel threat

Anonymized pattern uploaded to Threat Cloud

Protect

New rule pushed to all deployments

AI SKILL INTELLIGENCE

Not just endpoints. AI skills too.

Threat Cloud doesn't just track server attacks. Every Panguard Skill Auditor scan contributes anonymized skill threat data — hash, risk score, finding categories. The result: a community-powered trust database for the entire AI skill ecosystem.

Instant Verdict

If someone already scanned a known-malicious skill, you get the result before your scan even starts.

Community Trust Score

Skills build trust over time. More scans with clean results = higher trust ratio. One CRITICAL finding from anyone = flagged for everyone.

Zero-Day Propagation

A new malicious skill appears on OpenClaw. The first person to scan it flags it. Within minutes, every Panguard user knows.

LIVE INTELLIGENCE

Real-Time Threat Pipeline

Auto-crawling 11 sources every hour. Rules auto-generated and promoted.

113

ATR Rules

714

Detection Patterns

5,146

Validated Records

Intel Sources

Auto-Promoted

Auto-Generated ATR

808

Auto-Promoted

536

Pending Review

Intel Sources

NVD (NIST)CISA KEVMITRE ATT&CKURLhausMalwareBazaarThreatFoxOSV.devGitHub AdvisoryAlienVault OTXExploitDBHackerOne

Sync Interval: 1hLast Sync: 2026-03-27

API ACCESS

For Developers: Threat Cloud API

Integrate real-time threat intelligence into your own tools.

IoC Feed

IP, domain, URL, file hash indicators

IP Blocklist

Updated every 5 minutes

ATR Rule Feed

Auto-generated detection rules

Skill Threat Lookup

Check if a skill is known-malicious before scanning

Campaign Timeline

Active attack campaign tracking

MITRE ATT&CK Map

Technique coverage visualization

100% Open Source

Threat Cloud activates automatically with every Panguard installation. Every feature is free and open source under MIT license. No paid tiers, no feature gates.

Every Installation

Full threat intel feed, multi-endpoint management, complete API access

Community Contribution

Contribute ATR rules, threat intelligence, and detection patterns to strengthen collective immunity

Join the network

Every installation makes everyone safer.

$ curl -fsSL https://get.panguard.ai | bash

Get Started View API Documentation

THREAT CLOUD

Security is a network problem. We solved it with a network.

Traditional threat intelligence is generated by research teams. Threat Cloud is generated by every Panguard deployment -- automatically.

COLLECTIVE INTELLIGENCE

The more users, the stronger the shield

Every Panguard instance that detects a new attack pattern contributes anonymized intelligence to the collective network.

Within minutes, every other Panguard deployment receives updated detection rules. An attack that hits one user once can never hit another user the same way.

10 users: basic community rules

1,000 users: cross-industry attack correlation

100,000 users: predictive threat detection

HOW IT WORKS

From detection to protection in minutes

Five steps. Fully automated. Privacy-preserving.

Detection

A Panguard instance detects a new attack pattern (e.g., novel SSH brute-force technique from a new IP range).

Anonymization

Raw data stripped. Only behavioral signatures remain: attack type, technique ID (MITRE), pattern hash, timestamp. No IPs, hostnames, or source code.

Encrypted Transit

TLS 1.3 encrypted transmission to Threat Cloud API. Certificate pinning. No man-in-the-middle.

Correlation

Threat Cloud correlates patterns from all deployments. Clusters related attacks into campaigns. Identifies IP reputation and technique trends.

Distribution

Auto-generates new ATR detection rules. Pushes to all Panguard instances within minutes. Every user is now protected.

PRIVACY FIRST

Privacy is not a feature. It's the architecture.

Your data never leaves. Only anonymized behavioral signatures do.

Zero Raw Data

No log content, file content, source code, or personally identifiable information ever leaves your machine. Only anonymized behavioral signatures -- hashes, MITRE ATT&CK IDs, pattern fingerprints.

Encrypted in Transit

All communication uses TLS 1.3 with certificate pinning. Even if intercepted, data is meaningless without the encryption key.

You're in Control

Threat Cloud can be disabled anytime. Panguard works fully offline. Threat Cloud is opt-in value, not a requirement.

DATA BOUNDARY

What leaves. What stays.

Complete transparency on what Threat Cloud collects.

What Gets Shared

Attack pattern hash
MITRE ATT&CK technique ID
Behavioral signature fingerprint
Anonymized timestamp
Attack severity classification

What Never Leaves

Raw log content
File contents
Source code
IP addresses
Hostnames
User data
Credentials
Any PII

NETWORK EFFECT

A collective immune system

Every new installation strengthens the network. Every detected attack generates knowledge. Every generated rule protects everyone.

Install

New Panguard deployment joins the network

Detect

Local engine catches a novel threat

Anonymized pattern uploaded to Threat Cloud

Protect

New rule pushed to all deployments

AI SKILL INTELLIGENCE

Not just endpoints. AI skills too.

Instant Verdict

If someone already scanned a known-malicious skill, you get the result before your scan even starts.

Community Trust Score

Skills build trust over time. More scans with clean results = higher trust ratio. One CRITICAL finding from anyone = flagged for everyone.

Zero-Day Propagation

A new malicious skill appears on OpenClaw. The first person to scan it flags it. Within minutes, every Panguard user knows.

LIVE INTELLIGENCE

Real-Time Threat Pipeline

Auto-crawling 11 sources every hour. Rules auto-generated and promoted.

113

ATR Rules

714

Detection Patterns

5,146

Validated Records

Intel Sources

Auto-Promoted

Auto-Generated ATR

808

Auto-Promoted

536

Pending Review

Intel Sources

NVD (NIST)CISA KEVMITRE ATT&CKURLhausMalwareBazaarThreatFoxOSV.devGitHub AdvisoryAlienVault OTXExploitDBHackerOne

Sync Interval: 1hLast Sync: 2026-03-27

API ACCESS

For Developers: Threat Cloud API

Integrate real-time threat intelligence into your own tools.

IoC Feed

IP, domain, URL, file hash indicators

IP Blocklist

Updated every 5 minutes

ATR Rule Feed

Auto-generated detection rules

Skill Threat Lookup

Check if a skill is known-malicious before scanning

Campaign Timeline

Active attack campaign tracking

MITRE ATT&CK Map

Technique coverage visualization

100% Open Source

Threat Cloud activates automatically with every Panguard installation. Every feature is free and open source under MIT license. No paid tiers, no feature gates.

Every Installation

Full threat intel feed, multi-endpoint management, complete API access

Community Contribution

Contribute ATR rules, threat intelligence, and detection patterns to strengthen collective immunity

Join the network

Every installation makes everyone safer.

$ curl -fsSL https://get.panguard.ai | bash

Get Started View API Documentation