atomdrift The first open-source AI platform for malware detection
Codeberg Lab
Home Projects News

About

Atomdrift is the first open-source platform for AI-based malware detection. At its core is litmus, the first general-purpose open-source AI model for malware detection. It classifies threats across the formats supply chains actually ship — from FreeBSD ELF binaries to Python libraries to VS Code extensions, and anything else cleave can decompose.

Everything is Apache 2.0. If you can't see behind the curtains, it's not security — it's theater.

News

  • 2026-04-10 stng v1.1.8 Faster XOR decoding via Aho-Corasick and parallel disassembly, with improved ELF and PE coverage.
  • 2026-04-10 cleave v1.1.0 Richer PE/ELF/Mach-O metadata, Authenticode support, and a new compact output schema.
  • 2026-03-26 Atomdrift is here! Introducing open-source malware detection for the modern software supply chain.

All news →

Projects

  • litmus stable
    The first open-source AI model for malware detection. Classifies binaries, scripts, and source using capabilities extracted by cleave.
  • cleave stable
    AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
  • stng stable
    Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for initial triage, C2 enumeration, credential extraction, and signature development.
  • xgboost-native stable
    Pure Rust XGBoost inference with exact TreeSHAP. No ONNX, no C++ runtime — runs anywhere Rust does.
  • c.diff DESIGN PHASE
    Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.
⚛ Atomdrift Lab

Submit files for free malware analysis. Open to researchers, defenders, and the curious.

Open the Lab →

Get the Code

Project Info

License
Apache 2.0
Languages
Rust, Go
© 2026 The Atomdrift Project