7-LAYER AGENT SECURITY

Agent defense is not a single product

5 layers ship today (L2 Audit / L3 Protect / L4 Detect / L5 Deceive / L6 Respond). L1 Discover lands Q2 2026, L7 Govern Q2/Q3 2026. We mark the gaps openly — no fake checkmarks.

Discover

Gap

Central inventory of every agent, skill, MCP tool

You cannot protect what you cannot count. F500 CISOs are being asked this week by their boards: "how many AI agents are running in our environment?" Most cannot answer. Shadow agents — agents spun up by individual engineers outside IT procurement — are already the majority by install count.

Q2 2026

Audit

Shipped

Pre-deploy scanning of skills, MCP configs, npm packages

One malicious skill install = agent hijack. The postmark-mcp incident silently forwarded 15,000 emails/day for months before detection. Scan before you trust the code an agent is about to run.

311 rules · 97.1% Garak recall · 0.48% FP

Protect

Shipped

Runtime prompt / tool / output defense

Even audited skills can be prompt-injected at runtime via external content (web pages, emails, docs). And skills that pass static audit can still be compromised mid-session via tool-response poisoning. Static scan is necessary; runtime enforcement is sufficient.

50ms median · inline MCP proxy

Detect

Shipped

Behavioral anomaly detection with a 3-layer AI funnel

Rules catch the 90% of attacks you have seen before. The other 10% need AI — but if you call a cloud LLM on every request, cost and latency explode. The funnel keeps P50 under 50ms, P99 under 5s, at 95% cheaper than naive "always call GPT" architectures.

90/7/3 funnel · 7-day baseline

Deceive

Shipped

Honeypot integrated in Guard daemon

Passive defense is half the story. Honeypots convert the attacker's actions into your intelligence: tactics, tools, timing, infrastructure. You learn without leaking real data. The detections crystallize into rules that protect everyone on the TC network.

Integrated in Guard · zero-config

Respond

Shipped

Auto-block, alert, playbook execution

Detection without response is noise. Agent attacks move in seconds — by the time a SOC analyst reads the alert, credentials are already exfiltrated. The loop has to close without a human for the 90th-percentile case.

11 actions · threshold policy

Govern

Partial

AIAM + 4-framework compliance reporting

EU AI Act enforces 2026-08-02. Colorado AI Act 2026-06-01. F500 RFPs are asking for per-rule framework mapping, not just "we scan." Auditors need a path from detected event → triggered rule → controlled article. Compliance teams need SOC2 Type II attestation. We publish honest timelines and commit to them.

Audit log live · compliance Q2/Q3 2026

Click any layer for attack examples, architecture, benchmarks, ecosystem links · See full 7-layer architecture

311

ATR rules

666

Garak prompts

97.1%

Garak recall

67,799

Skills scanned

Trusted by security teams

Microsoft AGTATR example merged

Cisco AI Defense34 ATR rules merged

NVIDIA Garak97.1% recall · PR open

This is not hypothetical.

Real CVEs. Real attacks. Real victims.

MCPJam InspectorCRITICALCVSS 9.8

Default 0.0.0.0 binding, one HTTP request = RCE. All versions before v1.4.3.

CVE-2026-23744

Claude Code (Anthropic)CRITICALCVSS 8.7

Hooks + MCP config exploited for arbitrary shell execution and API key theft.

CVE-2025-59536 + CVE-2026-21852

Azure MCP ServerHIGHCVSS 7.5

SSRF steals managed identity tokens. Attacker gains Azure resource access.

CVE-2026-26118

postmark-mcpHIGH

Clean for 15 versions. v1.0.16 added silent BCC forwarding 3K-15K emails/day.

ATR ClawHub scan

We scanned 67,799 MCP skills. 1.9% have CRITICAL or HIGH security risks.

COVERAGE MAP

Every competitor covers 1-2 layers. We cover 6.

Industry reality across the 7-layer stack. PanGuard is the first full-stack Agent Security Platform (ASP).

Platform	L1	L2	L3	L4	L5	L6	L7
Sage (GenDigital)	—	—	✓	—	—	—	—
Rubrik SAGE	—	—	✓	✓	—	—	—
Cisco AI Defense	—	✓	—	✓	—	—	—
Microsoft AGT	—	✓	—	—	✓	—	—
Straiker	—	—	—	✓	—	✓	—
Apono	—	—	—	—	—	✓	✓
PanGuard	✓	✓	✓	✓	✓	✓	—

L1 Discover · L2 Audit · L3 Protect · L4 Detect · L5 Deceive · L6 Respond · L7 Govern. Source: official product docs, audited 2026-04.

See it in action

One command. Full protection.

Install PanGuard, and your AI agents are protected in under 60 seconds.

PanGuard Guard Dashboard — 188 rules active, real-time protection status, 3-layer detection

Real-time dashboard showing active rules, event monitoring, and 3-layer detection status.

Threat Crystallization

AI understands new threats. Crystallizes them into regex rules. Executes in 0ms. Protects everyone.

Scan

Pattern-match against 311 ATR rules

3ms

Every skill is checked against the full ATR rule set. Known patterns are caught instantly with zero false negatives on matched signatures.

Detect + Block

CRITICAL threats blocked immediately

< 1s

High-confidence matches trigger instant response: block, quarantine, or alert. No human intervention needed for known threats.

Crystallize

LLM generates a new regex rule

< 1 hour

When the LLM discovers a new attack pattern, it crystallizes the understanding into a deterministic regex rule. From probabilistic AI to deterministic defense.

Protect Everyone

New rule distributed to all users

all users

The crystallized rule flows through Threat Cloud to every PanGuard installation. One discovery protects the entire network.

PRICING

4 tiers from community to enterprise

Community is free and open source forever. Team / Business / Enterprise launching Q2 2026.

Community

Open source CLI + 311 ATR rules

Get Started

Team

$500/mo

Up to 5 seats · Threat Cloud dashboard

Join Waitlist

Business

Custom

Unlimited seats · on-prem · SLA

Contact Sales

Enterprise

$150K+/yr

AIAM · airgap · 4-framework compliance

Contact Sales

Full feature comparison and FAQ at /pricing

npm install -g @panguard-ai/panguard && pga up

60 seconds. 17 platforms. 311 rules. Free forever.

The Mission: Decentralized AI Agent Security

Every device that installs PanGuard becomes a sensor.

Every scan discovers new threats.

Every threat crystallizes into a rule that protects everyone.

The more people use it, the safer the entire ecosystem becomes.

Install NowGitHub

MIT Licensed / Paper published (Zenodo DOI)

Before you install that MCP skill
— scan it.

We scanned 67,799 skills. 1 in 25 is dangerous.

postmark-mcp v1.0.16 silently forwarded 15,000 emails/dayMCPJam Inspector CVSS 9.8 remote code executionClaude Code hooks exploited for API key theftAzure MCP Server SSRF stole managed identity tokens43% of public MCP servers vulnerable to command executionpostmark-mcp v1.0.16 silently forwarded 15,000 emails/dayMCPJam Inspector CVSS 9.8 remote code executionClaude Code hooks exploited for API key theftAzure MCP Server SSRF stole managed identity tokens43% of public MCP servers vulnerable to command execution

Check any MCP skill before you install

Scans run server-side. No code is stored. Only content hash is cached.

311 ATR Rules97.1% Garak recallMicrosoft + Cisco mergedMIT Licensed

Works with 17 platforms:

Claude CodeClaude DesktopCursorOpenClawCodex CLIWorkBuddyNemoClawArkClawWindsurfQClawClineVS Code CopilotZedGemini CLIContinueRoo CodeClaude CodeClaude DesktopCursorOpenClawCodex CLIWorkBuddyNemoClawArkClawWindsurfQClawClineVS Code CopilotZedGemini CLIContinueRoo Code

7-LAYER AGENT SECURITY

Agent defense is not a single product

5 layers ship today (L2 Audit / L3 Protect / L4 Detect / L5 Deceive / L6 Respond). L1 Discover lands Q2 2026, L7 Govern Q2/Q3 2026. We mark the gaps openly — no fake checkmarks.

Discover

Gap

Central inventory of every agent, skill, MCP tool

Q2 2026

Audit

Shipped

Pre-deploy scanning of skills, MCP configs, npm packages

One malicious skill install = agent hijack. The postmark-mcp incident silently forwarded 15,000 emails/day for months before detection. Scan before you trust the code an agent is about to run.

311 rules · 97.1% Garak recall · 0.48% FP

Protect

Shipped

Runtime prompt / tool / output defense

50ms median · inline MCP proxy

Detect

Shipped

Behavioral anomaly detection with a 3-layer AI funnel

90/7/3 funnel · 7-day baseline

Deceive

Shipped

Honeypot integrated in Guard daemon

Integrated in Guard · zero-config

Respond

Shipped

Auto-block, alert, playbook execution

11 actions · threshold policy

Govern

Partial

AIAM + 4-framework compliance reporting

Audit log live · compliance Q2/Q3 2026

Click any layer for attack examples, architecture, benchmarks, ecosystem links · See full 7-layer architecture

311

ATR rules

666

Garak prompts

97.1%

Garak recall

67,799

Skills scanned

Trusted by security teams

Microsoft AGTATR example merged

Cisco AI Defense34 ATR rules merged

NVIDIA Garak97.1% recall · PR open

This is not hypothetical.

Real CVEs. Real attacks. Real victims.

MCPJam InspectorCRITICALCVSS 9.8

Default 0.0.0.0 binding, one HTTP request = RCE. All versions before v1.4.3.

CVE-2026-23744

Claude Code (Anthropic)CRITICALCVSS 8.7

Hooks + MCP config exploited for arbitrary shell execution and API key theft.

CVE-2025-59536 + CVE-2026-21852

Azure MCP ServerHIGHCVSS 7.5

SSRF steals managed identity tokens. Attacker gains Azure resource access.

CVE-2026-26118

postmark-mcpHIGH

Clean for 15 versions. v1.0.16 added silent BCC forwarding 3K-15K emails/day.

ATR ClawHub scan

We scanned 67,799 MCP skills. 1.9% have CRITICAL or HIGH security risks.

COVERAGE MAP

Every competitor covers 1-2 layers. We cover 6.

Industry reality across the 7-layer stack. PanGuard is the first full-stack Agent Security Platform (ASP).

Platform	L1	L2	L3	L4	L5	L6	L7
Sage (GenDigital)	—	—	✓	—	—	—	—
Rubrik SAGE	—	—	✓	✓	—	—	—
Cisco AI Defense	—	✓	—	✓	—	—	—
Microsoft AGT	—	✓	—	—	✓	—	—
Straiker	—	—	—	✓	—	✓	—
Apono	—	—	—	—	—	✓	✓
PanGuard	✓	✓	✓	✓	✓	✓	—

L1 Discover · L2 Audit · L3 Protect · L4 Detect · L5 Deceive · L6 Respond · L7 Govern. Source: official product docs, audited 2026-04.

See it in action

One command. Full protection.

Install PanGuard, and your AI agents are protected in under 60 seconds.

Real-time dashboard showing active rules, event monitoring, and 3-layer detection status.

Threat Crystallization

AI understands new threats. Crystallizes them into regex rules. Executes in 0ms. Protects everyone.

Scan

Pattern-match against 311 ATR rules

3ms

Every skill is checked against the full ATR rule set. Known patterns are caught instantly with zero false negatives on matched signatures.

Detect + Block

CRITICAL threats blocked immediately

< 1s

High-confidence matches trigger instant response: block, quarantine, or alert. No human intervention needed for known threats.

Crystallize

LLM generates a new regex rule

< 1 hour

When the LLM discovers a new attack pattern, it crystallizes the understanding into a deterministic regex rule. From probabilistic AI to deterministic defense.

Protect Everyone

New rule distributed to all users

all users

The crystallized rule flows through Threat Cloud to every PanGuard installation. One discovery protects the entire network.

PRICING

4 tiers from community to enterprise

Community is free and open source forever. Team / Business / Enterprise launching Q2 2026.

Community

Open source CLI + 311 ATR rules

Get Started

Team

$500/mo

Up to 5 seats · Threat Cloud dashboard

Join Waitlist

Business

Custom

Unlimited seats · on-prem · SLA

Contact Sales

Enterprise

$150K+/yr

AIAM · airgap · 4-framework compliance

Contact Sales

Full feature comparison and FAQ at /pricing

npm install -g @panguard-ai/panguard && pga up

60 seconds. 17 platforms. 311 rules. Free forever.

The Mission: Decentralized AI Agent Security

Every device that installs PanGuard becomes a sensor.

Every scan discovers new threats.

Every threat crystallizes into a rule that protects everyone.

The more people use it, the safer the entire ecosystem becomes.

Install NowGitHub

MIT Licensed / Paper published (Zenodo DOI)

Agent defense is not a single product

Discover

Audit

Protect

Detect

Deceive

Respond

Govern

This is not hypothetical.

Every competitor covers 1-2 layers. We cover 6.

One command. Full protection.

Threat Crystallization

Scan

Detect + Block

Crystallize

Protect Everyone

4 tiers from community to enterprise

Community

Team

Business

Enterprise

The Mission: Decentralized AI Agent Security

Before you install that MCP skill — scan it.

Agent defense is not a single product

Discover

Audit

Protect

Detect

Deceive

Respond

Govern

This is not hypothetical.

Every competitor covers 1-2 layers. We cover 6.

One command. Full protection.

Threat Crystallization

Scan

Detect + Block

Crystallize

Protect Everyone

4 tiers from community to enterprise

Community

Team

Business

Enterprise

The Mission: Decentralized AI Agent Security

Before you install that MCP skill — scan it.

Before you install that MCP skill
— scan it.

Before you install that MCP skill
— scan it.