Panguard AI is the commercial reference implementation of ATR (Agent Threat Rules), the open standard for detecting attacks on AI agents — the CVE and Sigma of the agent world. ATR is MIT-licensed, machine-readable, and already adopted by Microsoft, Cisco and MISP. PanGuard turns the free standard into signed, audit-ready compliance evidence.
The open standard for AI agent security
The open security standard for the age of AI agents.
Open, MIT-licensed detection rules for attacks on AI agents — the CVE and Sigma of the agent world. 650+ rules across 10 categories, already adopted by Microsoft, Cisco and MISP.
Free forever · MIT-licensed · no account · runs as your own Threat Cloud sensor
npm install -g @panguard-ai/panguard && pga upBUSINESS MODEL
The shape the agent-security market is taking
As agents move into the regulated economy, the world needs two things at once: an open language everyone can detect threats in, and signed proof that you actually did. The first is spreading for free. The second is what regulated buyers now require.
The standard is spreading
New agent attacks surface in the wild and become open ATR rules — MIT-licensed, growing roughly twice a day. Already adopted by Microsoft, Cisco and MISP. The wider the agent world adopts it, the more it becomes the default way to describe an agent threat.
Detection is becoming an obligation
Audit pressure is mounting from every side — the EU Cyber Resilience Act, semiconductor SEMI E187, financial regulators. As agents move into regulated workflows, detecting a threat is no longer enough; you have to prove to an auditor that you did. That demand lands on everyone wiring agents into their stack.
Proof is becoming the product
A free standard tells the world what good looks like; on its own it does not prove to a regulator that you did it. That is the gap the market now reaches into — PanGuard is the commercial reference implementation that turns ATR detection into signed, audit-ready evidence, with a live rule feed that updates as new attacks surface. The standard stays free and open.
Run the open standard for free. Move up when an auditor asks for proof.
Our mission
How the world will trust AI agents.
Every install adds a sensor; every sensor strengthens the open standard everyone detects against.
Threat Crystallization
AI understands new threats. Crystallizes them into regex rules. Executes in 0ms. Protects everyone.
Scan
Pattern-match against 650+ ATR rules
3msEvery skill is checked against the full ATR rule set. Known patterns are caught instantly with zero false negatives on matched signatures.
Detect + Block
CRITICAL threats blocked immediately
< 1sHigh-confidence matches trigger instant response: block, quarantine, or alert. No human intervention needed for known threats.
Crystallize
LLM generates a new regex rule
< 1 hourWhen the LLM discovers a new attack pattern, it crystallizes the understanding into a deterministic regex rule. From probabilistic AI to deterministic defense.
Protect Everyone
New rule distributed to all users
all usersThe crystallized rule flows through Threat Cloud to every PanGuard installation. One discovery protects the entire network.
652
ATR rules
650
Garak prompts
98%
Garak recall
67,799
Skills scanned
Trusted by security teams
7-LAYER AGENT SECURITY
Agent defense is not a single product
5 layers ship today (L2 Audit / L3 Protect / L4 Detect / L5 Deceive / L6 Respond). L1 Discover lands Q2 2026, L7 Govern Q2/Q3 2026. We mark the gaps openly — no fake checkmarks.
Click any layer for attack examples, architecture, benchmarks, ecosystem links · See full 7-layer architecture
COVERAGE MAP
Every competitor covers 1-2 layers. We cover 6.
Industry reality across the 7-layer stack. PanGuard is the first full-stack Agent Security Platform (ASP).
| Platform | L1 | L2 | L3 | L4 | L5 | L6 | L7 |
|---|---|---|---|---|---|---|---|
| Sage (GenDigital) | — | — | ✓ | — | — | — | — |
| Rubrik SAGE | — | — | ✓ | ✓ | — | — | — |
| Cisco AI Defense | — | ✓ | — | ✓ | — | — | — |
| Microsoft AGT | — | ✓ | — | — | ✓ | — | — |
| Straiker | — | — | — | ✓ | — | ✓ | — |
| Apono | — | — | — | — | — | ✓ | ✓ |
| PanGuard | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | — |
L1 Discover · L2 Audit · L3 Protect · L4 Detect · L5 Deceive · L6 Respond · L7 Govern. Source: official product docs, audited 2026-04.
This is not hypothetical.
Real CVEs. Real attacks. Real victims.
Default 0.0.0.0 binding, one HTTP request = RCE. All versions before v1.4.3.
CVE-2026-23744Hooks + MCP config exploited for arbitrary shell execution and API key theft.
CVE-2025-59536 + CVE-2026-21852SSRF steals managed identity tokens. Attacker gains Azure resource access.
CVE-2026-26118Clean for 15 versions. v1.0.16 added silent BCC forwarding 3K-15K emails/day.
ATR ClawHub scanWe scanned 67,799 MCP skills. 1.9% have CRITICAL or HIGH security risks.
See it in action
One command. Full protection.
Install PanGuard, and your AI agents are protected in under 60 seconds.
Real-time dashboard showing active rules, event monitoring, and on-device detection status.
Built on the open standard
The same rules Cisco and Microsoft already ship in production.
PanGuard is the commercial reference implementation of the ATR open standard. ATR is the MIT-licensed detection standard maintained by the ATR Community; PanGuard wraps it into the platform regulated industries need — inline detection + audit-ready compliance evidence + on-prem + SLA.
What regulated industries need
One platform. Both procurement gates.
Bank / insurance / healthcare CISO and GRC do not need to buy two vendors.
Inline detection
Detect, contain, block at the moment of attack. L3 input/output guardrails · L4 behavioral detection · L6 block + quarantine — all shipped.
CISO / SOC procurement gate
Audit-Ready Compliance
After an attack is blocked, the platform produces audit-ready evidence automatically: every detection links to ATR rule ID + clauses across 5 compliance frameworks + SHA-256 + ed25519 signature. Accepted by auditors.
GRC / Compliance / Legal procurement gate
Do not throw out your existing detection investment
ATR Migrator — convert Sigma / YARA / Snort into AI agent rules in seconds.
F500 banks, insurance, and healthcare have accumulated thousands of Sigma and YARA detection rules. As the EU AI Act phases in, those rules cannot cover AI agent behavior. Manual migration: 6-12 months. Migrator: under a week, with 5-framework compliance auto-mapping.
$ panguard-migrate sigma/ --output atr/
Community Free (npm, MIT): Sigma + YARA + Snort parsers, IR transformer, ATR YAML output, CLI.
Migrator Pro (PanGuard Enterprise): human enrichment to Cisco-merge-PR quality · 5-framework compliance auto-mapping · SHA-256 audit evidence pack · TC integration · on-prem deployment.
Your existing investment
Sigma · YARA · Snort · regex packs · SIEM rules
Migrator output
ATR YAML (behavioral layer) + 5-framework metadata + test cases + audit trail
Deploy to
PanGuard Guard · ATR engine · NeMo Guardrails · Cisco AI Defense · any ATR-compatible system
Compliance framework mapping
Five frameworks. One evidence pack.
Every ATR rule auto-maps to clauses across 5 compliance frameworks. Every detection produces PDF + JSON + HTML evidence with SHA-256 + ed25519 signature. Architecturally impossible for Vanta / Drata / Lakera.
EU AI Act
Phasing in
NIST AI RMF
US federal
ISO/IEC 42001
International AIMS
OWASP Agentic 2026
Agent attack framework
OWASP LLM 2025
LLM Top 10
Full evidence pack samples and framework mapping at /compliance
PRICING
Open-core · No middle tier
Community is free and open source forever (feeds the sensor network). Enterprise gets the platform + 5-framework compliance evidence kit. The middle tier is a trap — /pricing explains why.
Pilot
F500 POC before procurement · IT director can approve · credits to Y1 Enterprise
Request PilotSovereign
Nation-state airgap · multi-tenant · custom compliance · Cisco/AMD/NVIDIA JV pre-integrated
Sovereign DeskFull feature comparison, ATR Enterprise Member tier ($10K/yr governance), and FAQ at /pricing
npm install -g @panguard-ai/panguard && pga up60 seconds. 17 platforms. 652 rules. Free forever.
The Mission: Decentralized AI Agent Security
Every device that installs PanGuard becomes a sensor.
Every scan discovers new threats.
Every threat crystallizes into a rule that protects everyone.
The more people use it, the safer the entire ecosystem becomes.
MIT Licensed / Paper published (Zenodo DOI)