News
-
2026-07-06
Atomdrift Scan v2.2.0: it checks what your code brings with it
Scan stops trusting a project's own ingredient list — v2.2.0 fetches and scans the outside code your project pulls in, screens it through bloom filters first, and inherits new formats and byte-level evidence from the engine beneath it.
-
2026-06-22
Lab down today: growing the database to 4TB before the admins disappear for summer vacation
The Atomdrift lab is offline for hardware maintenance today while engineers grow storage on the PostgreSQL master and its replicas to hold a 4TB dataset — the corpus of analyses we now track for more than 41 million files.
-
2026-06-22
Atomdrift Scan v2.1.0, cleave v2.1.1
Scan learns to reach out — fetch and scan remote dependencies, packages, and URLs directly — while cleave makes YARA fast with precompiled rules and on-demand tier loading.
-
2026-06-20
cleave v2.1.0, stng v1.7.0, filefacts v1.1.0 & v1.1.1
A package-aware wave: cleave learns DMG and go.mod, filefacts grows real lockfile parsing and PURL extraction, and stng adds generic decoded-string recovery for text.
-
2026-06-14
🎉 Atomdrift Scan v2.0.0 (formerly litmus)
litmus grows up: renamed Atomdrift Scan, now generally available on pure-Rust ONNX inference, with false-positive-budget severity, an optional local-LLM second opinion, and signed model bundles.
-
2026-06-14
cleave v2.0.0, stng v1.6.2, filefacts v1.0.1
The rest of the 2.0 stack lands alongside Atomdrift Scan: cleave's engine swap reaches stable, stng kills a class of XOR false positives, and filefacts goes panic-safe.
-
2026-06-12
filefacts v1.0.0
filefacts reaches 1.0.0 with richer package identity, new PE/.NET malware features, better evidence offsets, and explicit AST failure metrics for large-scale security ML pipelines.
-
2026-06-09
cleave v2.0.0-rc.5, litmus v2.0.0-rc.5, stng v1.6.0, filefacts v0.9.5
Everything got a bump, and updates no longer need git: cleave and litmus now pull signed, sha256-verified .tar.zst bundles from R2 — atomic install, pin/check/update — plus richer package, PE/CLR, and Mach-O signals across the stack.
-
2026-06-07
cleave v2.0.0-rc.4, litmus v2.0.0-rc.4, stng v1.5.2, filefacts v0.9.0
Four releases, one storyline: the filefacts engine swap deepens, and the pipeline gets dramatically cheaper to run — bounded archive analysis, a fixed ~7.7 GB regex leak, −60% peak RSS, streaming JSON everywhere.
-
2026-05-28
cleave v2.0.0-rc.3, litmus v2.0.0-rc.3, stng v1.5.1
Two release candidates and a point release: cleave and litmus both move to 2.0.0-rc.3, closing the gap between capability extraction and the azoth model, while stng v1.5.1 stops mistaking compiler tables for hardcoded IPs.
-
2026-05-26
Atomdrift lab going dark for bandwidth upgrade
The Atomdrift research lab will be offline for several hours today while engineers upgrade the uplink feeding forager, the in-house crawler that has been pinned at line rate around the clock pulling releases from more than 100 software marketplaces.
-
2026-05-25
cleave v2.0.0-rc.1, litmus v2.0.0-rc.1, stng v1.4.0
The 2.0.0-rc.1 series swaps cleave's file-parsing engine out for filefacts, a standalone library you can use without the rest of cleave. litmus picks up a new JSON schema and ONNX. stng tightens the garbage filter and fixes a stack-string panic.
-
2026-05-13
stng v1.3.1, litmus v1.2.1, cleave v1.4.0
Three pre-CackalackyCon releases: stng tightens mixed binary/script decoding, litmus improves worker reporting and model bundle handling, and cleave deepens PDF and LNK analysis.
-
2026-05-10
litmus v1.2.0
Preview support for the azoth ensemble. Multi-seed averaging, per-route isotonic calibration, LightGBM alongside XGBoost. Models route per file from a top-level config.
-
2026-05-08
cleave v1.3
cleave diff is the signal we have been building toward: a structured, scoped delta between two versions of the same software, with an estimated rate of change that nobody else is measuring. kv now covers PE/ELF/Mach-O along with Office, PDF, PyInstaller, CHM, and a long tail of source and archive formats, with much deeper binary provenance.
-
2026-05-07
Lab outage: btrfs cannot delete its way out of a full disk
The lab's PostgreSQL master is offline: btrfs filled up and now refuses to delete files — or even snapshots — because it is out of space. No data was lost, thanks to our distributed replica architecture. We are moving the master to ZFS on OmniOS and teaching the lab to fail over to a replica. ETA back online: today.
-
2026-05-07
stng v1.3.0
Go and Rust PE recovery, multi-key XOR via lea-near-xor analysis, and a pile of fixes for things that were quietly wrong.
-
2026-04-28
Release Mania: stng v1.2.1, cleave v1.2.0, litmus v1.1.0
cleave fixes a class of rayon deadlocks, parses Python pickle and MSI-embedded PE, and skips rizin on Go binaries for a real speedup; litmus gains worker-mode fleet scanning behind a hardened HTTP server; stng stops mis-flagging Kotlin as Python.
-
2026-04-21
stng v1.2.0
Preserve Telegram bot tokens, JWTs, and Swift mangled symbols that the chaos filter was dropping; cut XOR IP false positives inside binary data tables.
-
2026-04-10
stng v1.1.8
Aho-Corasick rewrite of XOR/string classification and parallel disassembly via iced-x86; fixes a PE/XOR bug that was missing office_update-style samples.
-
2026-04-10
cleave v1.1.0
PE Authenticode chain extraction and ~100 new ELF/Mach-O fields; archive scanning raised from 1K to 100K members; breaking V4 output schema.
-
2026-03-26
litmus v1.0.0
First tagged release. Open-source malware classifier with TreeSHAP-explained verdicts; CPU-only, offline, no telemetry. Default model is beta — not production-ready yet.
-
2026-03-26
Atomdrift is here!
Atomdrift launches: an open-source pipeline for catching supply-chain attacks the static-binary tools miss. First piece is litmus.