About

Atomdrift is the first open-source platform for AI-based malware detection — end to end and Apache 2.0. litmus is the scanner; it drives open-source ML models like azoth against capabilities that cleave extracts from binaries, scripts, and source — ELF, PE, Mach-O, Python, npm packages, VS Code extensions, and the rest of what supply chains actually ship.

Everything is Apache 2.0. If you can't see behind the curtains, it's not security — it's theater.

News

• 2026-04-10 stng v1.1.8 Faster XOR decoding via Aho-Corasick and parallel disassembly, with improved ELF and PE coverage.
• 2026-04-10 cleave v1.1.0 Richer PE/ELF/Mach-O metadata, Authenticode support, and a new compact output schema.
• 2026-03-26 Atomdrift is here! Introducing open-source malware detection for the modern software supply chain.

All news →

Projects

• litmus stable
  Malware analysis CLI that classifies binaries, scripts, and source using open-source ML models like azoth, fed by capabilities extracted from cleave.
• azoth COMING SOON
  The first open-source AI model for general malware detection. Classifies on cleave-extracted capabilities across 20+ languages and six binary formats; runs on CPU.
• cleave stable
  AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
• stng stable
  Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for initial triage, C2 enumeration, credential extraction, and signature development.
• xgboost-ars stable
  Pure Rust XGBoost inference with exact TreeSHAP. No ONNX, no C++ runtime — runs anywhere Rust does.
• c.diff DESIGN PHASE
  Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.