Projects

A small set of composable, open-source tools for malware analysis. cleave decomposes binaries and source into capabilities mapped to ATT&CK and MBC; azoth is an open AI model that classifies them; scan is the scanner that ties it together. Everything runs locally, and the models improve through cyclotron, Atomdrift's live training loop.

  • scan stable
    ClamAV-style local scanner for AI-powered malware detection. Runs azoth and other open models against capabilities extracted by cleave.
  • azoth stable
    The first open-source AI model for general malware detection. A weighted ensemble trained on cleave-extracted capabilities across 20+ languages and six binary formats.
  • cleave stable
    AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
  • stng stable
    Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for triage, C2 enumeration, credential extraction, and YARA signature development.
  • filefacts stable
    Rust library that reads a file and returns ML-ready facts for security pipelines. Extracted from cleave, with one parse pass and lazy cached views: fileid, values, text, literals, comments, metrics, sections, symbols, archive_members, source_ast, and errors.
  • c.diff planning phase
    Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.