Announcing PolySwarm 1.0

Paul Makowski
Published in
5 min readJan 31, 2019


PolySwarm 1.0 went live exactly one month ago, marking an end to an exciting and productive year. We came a long way in 2018 and are poised and excited to make 2019 the year of democratized, competitive threat detection!

PolySwarm is tomorrow’s threat detection marketplace. Today, PolySwarm has over 20 engine partners supplying threat intelligence (more to announce) and is working with 3 major, well-known corporations on usage trials (top secret for now). PolySwarm has a user-friendly web application to track microengine performance, discover & advertise talent, and — soon — to manage enterprise teams. The PolySwarm marketplace is humming along and we’re seeing more interest every day.

Relative to VirusTotal and aggregate scanners, PolySwarm provides:

Competitive advantage. Accurate, early detection is rewarded by market design. In simple aggregators, all suppliers must provide opinions regardless of their expertise and statistical confidence. PolySwarm has created a competitive environment — an economy — that rewards correct assertions and cuts noise.

Diverse opinions. With access to small AV companies and individual experts, consumers of PolySwarm data receive otherwise unavailable access to niche specialists, whose micro-engines cover specific areas of emerging threats not covered by established solutions.

Let’s dive into the 1.0 release and preview what’s next!


The PolySwarm Portal ( is a one stop shop to monitor Microengine performance, discover experts and engage with PolySwarm Communities.

Undoubtedly the largest user-facing feature of 1.0, Portal caters to all market participants: helping experts improve their detection & keep tabs on competition, enabling easy on-ramps for enterprise scans & payment options and allowing end users to ask the simple question: “is this file bad?” and receive a (free) response from crowdsourced expertise in the marketplace.

Scan Artifacts

Portal features a familiar drag-n-drop interface for scanning suspicious files. We handle all the complexity of posting a bounty, interacting with the blockchain and reading results. All you need is a mouse and a sketchy file!

PolySwarm’s Scan functionality provides artifact scanning and results retrieval via artifact hash.

Track Microengine Performance

Portal closes the loop for Engine developers, providing Experts with the ability to track the performance (and profit) of their various engines.

This tracking feature allows Experts to stay on top of the latest threats and continue to hone their specialty. Coming soon: pretty graphs :)

Partial listing of currently-active engines on the PolySwarm marketplace.

Enterprise Team Management (Coming Soon!)

Enterprises will be able to use Portal to provision access to members of their team — tracking microengine performance and managing access to private communities.

PolySwarm’s Team Management allows enterprises to manage their workforce’s accesses.

Discover Your Community(ies) (Coming Soon!)

Experts and Enterprises alike can participate in either the public, open-to-all public community or leverage private communities with pre-approved security experts for dealing with sensitive or confidential artifacts.

The public marketplace is where Experts can make a name for themselves, build reputation and get discovered by Enterprises with specific security or legal requirements.

We’re currently focused on making the public marketplace as bulletproof as possible, but will soon be standing up proof of concept private communities to accommodate sensitive artifact scanning. These communities will appear in the Portal Communities view with an option for Experts to apply for access.

PolySwarm is a network of Communities; the Communities view will allow Experts to apply for access.


We’ve been on the road talking with security experts and threat intelligence companies and getting them excited about PolySwarm. The response has been overwhelming.

After only two months of intense engagement on this front, PolySwarm has partnered with over 20 engine suppliers.

In only 2 months, PolySwarm has partnered with over 1/3rd the number of engines on VirusTotal. Clearly we’re not the only ones excited about democratized threat intelligence.

PolySwarm has been announcing new partnerships almost on a weekly basis — with more to announce soon!

PolySwarm is a two sided marketplace. We started with the supply side (Experts, threat intelligence companies) and are now shifting some focus to the demand side. We’re in talks with major, multi-national corporations on ingesting intelligence from the PolySwarm marketplace. Stay tuned as we have some exciting announcements on this front!

Lowering Barriers to Entry

Successful utilization of PolySwarm hinges on it being easy to use. Toward that end, we’ve built a dead-simple API for uploading files and checking results.

We’re constantly working to make this process even simpler. To that end, we’ve released polyswarm-api — a Python module that abstracts literally everything about PolySwarm bounty placement. We’re engaging on trial runs with developers using this tool now, but it’s available to all right now.

Here’s a file, give me results. It’s that simple.

Migration to Mainnet

Security within PolySwarm is paramount. Beyond operating in the cryptocurrency space, which carries significant inherent risk of attack and exploitation, the efficacy of PolySwarm relies on confidence in artifact determinations

At PolySwarm, security is both an internally and externally facing concern.

Throughout our entire development cycle, we’ve taken deliberate steps to make sure we’re doing things right. From code audits to privilege minimization to automated analyses of our smart contracts to custom tooling enabling contract deployment using Trezor hardware wallets, we’re always thinking about how to reduce our attack surface and provide the safest experience possible.

Toward that end, over the next month, we’ll be migrating existing engines onto the Ethereum Mainnet, using real ETH and real NCT. When we do so, we’ll be as sure as we can that no bugs or loopholes exist that may result in loss of real funds. Stay tuned as we make announcements on this front.

Join the Swarm

PolySwarm 1.0 is a big step forward, but there is still plenty to do. Now is your opportunity to get involved in tomorrow’s threat detection marketplace.

If you represent an enterprise seeking to augment your threat intelligence feed with broader coverage, we’d love to speak to you. If you’re a security expert that knows something we don’t, PolySwarm provides you with the path to monetization.


We’re running risk-free 30 days trials for PolySwarm Premium scan allotments where we handle all the nitty-gritty details. You give us files, we give you results. And for a limited time, you get this for free.

Try PolySwarm Premium risk free.


Do you have a knack for reverse engineering JavaScript payloads in PDFs? Macros in Microsoft Office documents? Something else entirely? Monetize that dusty GitHub project and put your talents to work!

Get started at, chat with fellow Experts and PolySwarm developers on our official Discord channel and sign up for your account to track your micro-engine’s performance at See you on the market!