About
We're quietly building detection for the next generation of subtle attacks; think xzutils, but spiked with AI nightmare-fuel.
We've built a factory that continuously mints locally-runnable AI models based on the latest attacks and research articles: cleave extracts capabilities, azoth classifies them, and scan is our local scanning tool. All offline, no API keys, no hardware requirements; just deterministic verdicts under Apache 2.0.
News
- 2026-07-06 Atomdrift Scan v2.2.0: it checks what your code brings with it Scan stops trusting a project's own ingredient list — v2.2.0 fetches and scans the outside code your project pulls in, screens it through bloom filters first, and inherits new formats and byte-level evidence from the engine beneath it.
- 2026-06-22 Lab down today: growing the database to 4TB before the admins disappear for summer vacation The Atomdrift lab is offline for hardware maintenance today while engineers grow storage on the PostgreSQL master and its replicas to hold a 4TB dataset — the corpus of analyses we now track for more than 41 million files.
Projects
-
scan
stable
ClamAV-style local scanner for AI-powered malware detection. Runs azoth and other open models against capabilities extracted by cleave — across binaries, scripts, and source.
-
azoth
stable
The first open-source AI model for general malware detection. A weighted ensemble over cleave-extracted capabilities across 20+ languages and six binary formats; runs on CPU.
-
cleave
stable
AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
-
stng
stable
Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for initial triage, C2 enumeration, credential extraction, and signature development.
-
filefacts
stable
Rust library that reads a file and returns ML-ready facts for security pipelines — package identity, binary provenance, source AST features, strings, symbols, metrics, and structured errors in one cached parse.
-
c.diff
DESIGN PHASE
Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.