Projects
A small set of composable, open-source tools for malware analysis. cleave decomposes binaries and source into capabilities mapped to ATT&CK and MBC; azoth is an open AI model that classifies them; scan is the scanner that ties it together. Everything runs locally, and the models improve through cyclotron, Atomdrift's live training loop.
-
scan
stable
ClamAV-style local scanner for AI-powered malware detection. Runs azoth and other open models against capabilities extracted by cleave.
-
azoth
stable
The first open-source AI model for general malware detection. A weighted ensemble trained on cleave-extracted capabilities across 20+ languages and six binary formats.
-
cleave
stable
AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.
-
stng
stable
Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for triage, C2 enumeration, credential extraction, and YARA signature development.
-
filefacts
stable
Rust library that reads a file and returns ML-ready facts for security pipelines. Extracted from cleave, with one parse pass and lazy cached views: fileid, values, text, literals, comments, metrics, sections, symbols, archive_members, source_ast, and errors.
-
c.diff
planning phase
Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.