In a computer network that has a plurality of nodes, a measure of trustworthiness for a particular node can be updated by other nodes that monitor the particular node's behavior. This includes collecting trustworthiness reports from the other nodes; updating the particular node's trustworthiness level based on the reports; and causing the particular node to route data in the computer network based on its trustworthiness level. The particular node's role in performing at least one of a set of functions is based on a hierarchy of trustworthiness levels, wherein the functions can include monitoring other nodes; sending alerts when anomalous behavior is detected; transmitting a free-antibody software program to a requesting node; updating defensive programs; participating in consensus-based threat analysis with other nodes; identifying threats; tagging suspicious nodes; and performing countermeasures against identified threats.