About
We're quietly building detection for the next generation of subtle attacks; think xzutils, but spiked with AI nightmare-fuel.
We've built a factory that continuously mints locally-runnable AI models based on the latest attacks and research articles: cleave extracts capabilities, azoth classifies them, and scan is our local scanning tool. All offline, no API keys, no hardware requirements; just deterministic verdicts under Apache 2.0.
News
- 2026-06-14 🎉 Atomdrift Scan v2.0.0 (formerly litmus) litmus grows up: renamed Atomdrift Scan, now generally available on pure-Rust ONNX inference, with false-positive-budget severity, an optional local-LLM second opinion, and signed model bundles.
- 2026-06-12 filefacts v1.0.0 filefacts reaches 1.0.0 with richer package identity, new PE/.NET malware features, better evidence offsets, and explicit AST failure metrics for large-scale security ML pipelines.
Projects
-
scan
stable
ClamAV-style local scanner for AI-powered malware detection. Runs azoth and other open models against capabilities extracted by cleave — across binaries, scripts, and source.
-
azoth
stable
The first open-source AI model for general malware detection. A weighted ensemble over cleave-extracted capabilities across 20+ languages and six binary formats; runs on CPU.
-
cleave
stable
AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
-
stng
stable
Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for initial triage, C2 enumeration, credential extraction, and signature development.
-
filefacts
stable
Rust library that reads a file and returns ML-ready facts for security pipelines — package identity, binary provenance, source AST features, strings, symbols, metrics, and structured errors in one cached parse.
-
c.diff
DESIGN PHASE
Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.