Open-Source Malware Detection, Powered by Offline AI Models - The Atomdrift Project
%E2%9A%9B">
atomdrift<br>Open-source, offline supply-chain attack detection for the AI age
Codeberg<br>Lab
Home<br>News<br>Discoveries<br>Projects<br>Support
About
Atomdrift is open-source malware detection for the software supply<br>chain — built specifically to catch supply-chain attacks across<br>binaries, scripts, packages, and extensions. cleave<br>extracts behavioral capabilities, azoth classifies<br>them, and litmus runs the scanner — all powered<br>by offline AI models that run locally, with no network calls, API keys,<br>hardware requirements, or telemetry; producing deterministic, reproducible verdicts under<br>Apache 2.0.
News
2026-05-28<br>cleave v2.0.0-rc.3, litmus v2.0.0-rc.3, stng v1.5.1<br>Two release candidates and a point release: cleave and litmus both move to 2.0.0-rc.3, closing the gap between capability extraction and the azoth model, while stng v1.5.1 stops mistaking compiler tables for hardcoded IPs.
2026-05-26<br>Atomdrift lab going dark for bandwidth upgrade<br>The Atomdrift research lab will be offline for several hours today while engineers upgrade the uplink feeding forager, the in-house crawler that has been pinned at line rate around the clock pulling releases from more than 100 software marketplaces.
All news →
Projects
litmus<br>beta<br>ClamAV-style local scanner for AI-powered malware detection. Runs azoth and other open models against capabilities extracted by cleave — across binaries, scripts, and source.
azoth<br>beta<br>The first open-source AI model for general malware detection. A weighted ensemble over cleave-extracted capabilities across 20+ languages and six binary formats; runs on CPU.
cleave<br>stable<br>AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
stng<br>stable<br>Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for initial triage, C2 enumeration, credential extraction, and signature development.
filefacts<br>preview<br>Rust library that reads a file and tells you what is in it. Extracted from cleave for data scientists who want rich features out of the formats malware likes to hide in — one parse pass, lazy cached views.
xgboost-ars<br>stable<br>Pure Rust XGBoost inference with exact TreeSHAP. No ONNX, no C++ runtime — runs anywhere Rust does.
c.diff<br>DESIGN PHASE<br>Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.
⚛ Atomdrift Lab<br>Submit files for free malware analysis. Open to researchers, defenders, and the curious.
Open the Lab →
Get the Code
Codeberg
Project Info
LicenseApache 2.0<br>LanguagesRust, Go
© 2026 The Atomdrift Project