atomdrift Open-source, offline supply-chain attack detection for the AI age
Codeberg Lab
Home News Discoveries Projects Support

About

We're quietly building detection for the next generation of subtle attacks; think xzutils, but spiked with AI nightmare-fuel.

We've built a factory that continuously mints locally-runnable AI models based on the latest attacks and research articles: cleave extracts capabilities, azoth classifies them, and litmus is our local scanning tool. All offline, no API keys, no hardware requirements; just deterministic verdicts under Apache 2.0.

News

  • 2026-06-12 filefacts v1.0.0 filefacts reaches 1.0.0 with richer package identity, new PE/.NET malware features, better evidence offsets, and explicit AST failure metrics for large-scale security ML pipelines.
  • 2026-06-09 cleave v2.0.0-rc.5, litmus v2.0.0-rc.5, stng v1.6.0, filefacts v0.9.5 Everything got a bump, and updates no longer need git: cleave and litmus now pull signed, sha256-verified .tar.zst bundles from R2 — atomic install, pin/check/update — plus richer package, PE/CLR, and Mach-O signals across the stack.

All news →

Projects

  • litmus beta
    ClamAV-style local scanner for AI-powered malware detection. Runs azoth and other open models against capabilities extracted by cleave — across binaries, scripts, and source.
  • azoth beta
    The first open-source AI model for general malware detection. A weighted ensemble over cleave-extracted capabilities across 20+ languages and six binary formats; runs on CPU.
  • cleave stable
    AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
  • stng stable
    Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for initial triage, C2 enumeration, credential extraction, and signature development.
  • filefacts stable
    Rust library that reads a file and returns ML-ready facts for security pipelines — package identity, binary provenance, source AST features, strings, symbols, metrics, and structured errors in one cached parse.
  • c.diff DESIGN PHASE
    Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.
⚛ Atomdrift Lab

Submit files for free malware analysis. Open to researchers, defenders, and the curious.

Open the Lab →

Get the Code

Project Info

License
Apache 2.0
Languages
Rust, Go
© 2026 The Atomdrift Project