atomdrift The first open-source platform for AI-based malware detection
Codeberg Lab
Home Projects News

About

Atomdrift is the first open-source platform for AI-based malware detection across binaries, scripts, packages, and extensions.

Think of litmus as ClamAV for AI-based malware detection: a local scanner backed by open models that improve as newly observed malware behavior is captured, labeled, and folded back through cyclotron, Atomdrift's live training loop.

cleave extracts behavioral capabilities from software; azoth classifies them; litmus runs the scanner. Built for security engineers, Atomdrift is inspectable, reproducible, and Apache 2.0.

News

  • 2026-04-28 Release Mania: stng v1.2.1, cleave v1.2.0, litmus v1.1.0 cleave fixes a class of rayon deadlocks, parses Python pickle and MSI-embedded PE, and skips rizin on Go binaries for a real speedup; litmus gains worker-mode fleet scanning behind a hardened HTTP server; stng stops mis-flagging Kotlin as Python.
  • 2026-04-21 stng v1.2.0 Preserve Telegram bot tokens, JWTs, and Swift mangled symbols that the chaos filter was dropping; cut XOR IP false positives inside binary data tables.
  • 2026-04-10 stng v1.1.8 Aho-Corasick rewrite of XOR/string classification and parallel disassembly via iced-x86; fixes a PE/XOR bug that was missing office_update-style samples.
  • 2026-04-10 cleave v1.1.0 PE Authenticode chain extraction and ~100 new ELF/Mach-O fields; archive scanning raised from 1K to 100K members; breaking V4 output schema.
  • 2026-03-26 litmus v1.0.0 First tagged release. Open-source malware classifier with TreeSHAP-explained verdicts; CPU-only, offline, no telemetry. Default model is beta — not production-ready yet.

All news →

Projects

  • litmus beta
    ClamAV-style local scanner for AI-based malware detection. Classifies binaries, scripts, and source using open models like azoth, fed by capabilities extracted from cleave.
  • azoth COMING SOON
    The first open-source AI model for general malware detection. Classifies on cleave-extracted capabilities across 20+ languages and six binary formats; runs on CPU.
  • cleave stable
    AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
  • stng stable
    Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for initial triage, C2 enumeration, credential extraction, and signature development.
  • xgboost-ars stable
    Pure Rust XGBoost inference with exact TreeSHAP. No ONNX, no C++ runtime — runs anywhere Rust does.
  • c.diff DESIGN PHASE
    Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.
⚛ Atomdrift Lab

Submit files for free malware analysis. Open to researchers, defenders, and the curious.

Open the Lab →

Get the Code

Project Info

License
Apache 2.0
Languages
Rust, Go
© 2026 The Atomdrift Project