About
Atomdrift is the first open-source platform for AI-based malware detection — end to end and Apache 2.0. litmus is the scanner; it drives open-source ML models like azoth against capabilities that cleave extracts from binaries, scripts, and source — ELF, PE, Mach-O, Python, npm packages, VS Code extensions, and the rest of what supply chains actually ship.
Everything is Apache 2.0. If you can't see behind the curtains, it's not security — it's theater.
News
- 2026-04-10 stng v1.1.8 Faster XOR decoding via Aho-Corasick and parallel disassembly, with improved ELF and PE coverage.
- 2026-04-10 cleave v1.1.0 Richer PE/ELF/Mach-O metadata, Authenticode support, and a new compact output schema.
- 2026-03-26 Atomdrift is here! Introducing open-source malware detection for the modern software supply chain.
Projects
-
litmus
stable
Malware analysis CLI that classifies binaries, scripts, and source using open-source ML models like azoth, fed by capabilities extracted from cleave.
-
azoth
COMING SOON
The first open-source AI model for general malware detection. Classifies on cleave-extracted capabilities across 20+ languages and six binary formats; runs on CPU.
-
cleave
stable
AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
-
stng
stable
Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for initial triage, C2 enumeration, credential extraction, and signature development.
-
xgboost-ars
stable
Pure Rust XGBoost inference with exact TreeSHAP. No ONNX, no C++ runtime — runs anywhere Rust does.
-
c.diff
DESIGN PHASE
Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.