atomdrift Open-source, offline supply-chain attack detection for the AI age
Codeberg Lab
Home News Discoveries Projects Support

About

We're quietly building detection for the next generation of subtle attacks; think xzutils, but spiked with AI nightmare-fuel.

We've built a factory that continuously mints locally-runnable AI models based on the latest attacks and research articles: cleave extracts capabilities, azoth classifies them, and scan is our local scanning tool. All offline, no API keys, no hardware requirements; just deterministic verdicts under Apache 2.0.

News

All news →

Projects

  • scan stable
    ClamAV-style local scanner for AI-powered malware detection. Runs azoth and other open models against capabilities extracted by cleave — across binaries, scripts, and source.
  • azoth stable
    The first open-source AI model for general malware detection. A weighted ensemble over cleave-extracted capabilities across 20+ languages and six binary formats; runs on CPU.
  • cleave stable
    AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
  • stng stable
    Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for initial triage, C2 enumeration, credential extraction, and signature development.
  • filefacts stable
    Rust library that reads a file and returns ML-ready facts for security pipelines — package identity, binary provenance, source AST features, strings, symbols, metrics, and structured errors in one cached parse.
  • c.diff DESIGN PHASE
    Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.
⚛ Atomdrift Lab

Submit files for free malware analysis. Open to researchers, defenders, and the curious.

Open the Lab →

Get the Code

Project Info

License
Apache 2.0
Languages
Rust, Go
© 2026 The Atomdrift Project