Projects
A small set of composable, open-source tools for malware analysis. cleave decomposes binaries and source into capabilities mapped to ATT&CK and MBC; azoth is an open AI model that classifies them; litmus is the scanner that ties it together. Everything runs locally, and the models improve through cyclotron, Atomdrift's live training loop.
-
litmus
beta
ClamAV-style local scanner for AI-powered malware detection. Runs azoth and other open models against capabilities extracted by cleave.
-
azoth
preview
The first open-source AI model for general malware detection, now published in preview. A weighted ensemble trained on cleave-extracted capabilities across 20+ languages and six binary formats.
-
cleave
stable
AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
-
stng
stable
Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for triage, C2 enumeration, credential extraction, and YARA signature development.
-
xgboost-ars
stable
Pure Rust XGBoost inference with exact TreeSHAP. No ONNX, no C++ runtime — runs anywhere Rust does.
-
lightgbm-ars
stable
Pure Rust LightGBM inference with exact path-dependent TreeSHAP. No C++ runtime — runs anywhere Rust does.
-
c.diff
planning phase
Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.