PolySwarm is a marketplace with participants on the supply side (Microengines) and the demand side (Ambassadors) as well as mediators (Arbiters).
For a high-level overview of the PolySwarm marketplace, see How It Works.
Microengines are developed by individuals or organizations who have a knack for identifying malware.
Microengines encapsulate security expertise and bundle it in an autonomous process that responds to queries from Ambassadors, identifying the latest malware and earning Nectar (NCT) rewards for accurately identifying new strands of malware.
Threat intelligence goes in, NCT comes out.
Ambassadors pay a fee or purchase a subscription to submit files (artifacts) to the PolySwarm network.
This fee funds Microengines and Arbiters for offering threat intelligence and determining ground truth, respectively.
In return for their fee, Ambassadors receive timely crowdsourced threat intelligence on their artifact, aiding in, e.g. triage or incident response.
NCT goes in, threat intelligence comes out.
Arbiters marshall the marketplace by way of determining “ground truth”.
Arbiter serve a critical role: Arbiter-derived ground truth is used to determine which Microengines are deserved of reward.
Crucially, Arbiters must expand their internal threat detection capabilities, taking into consideration the assertions of Microengines to push the boundaries of what the PolySwarm marketplace can detect.
In return for their service, Arbiters are compensated via PolySwarm network fees imposed on both Ambassadors and Microengines.