Open-Source Supply-Chain Attack Detection, Powered by Local Deterministic AI - The Atomdrift Project

2 min read Original article ↗

About

We're quietly building detection for the next generation of subtle attacks; think xzutils, but spiked with AI nightmare-fuel.

We've built a factory that continuously mints locally-runnable AI models based on the latest attacks and research articles: cleave extracts capabilities, azoth classifies them, and scan is our local scanning tool. All offline, no API keys, no hardware requirements; just deterministic verdicts under Apache 2.0.

News

All news →

Projects

  • scan stable

    ClamAV-style local scanner for AI-powered malware detection. Runs azoth and other open models against capabilities extracted by cleave — across binaries, scripts, and source.

  • azoth stable

    The first open-source AI model for general malware detection. A weighted ensemble over cleave-extracted capabilities across 20+ languages and six binary formats; runs on CPU.

  • cleave stable

    AST-aware software decomposition engine for supply-chain security. Detects capabilities and behaviors across 20+ languages and six binary formats in a single pass.

  • stng stable

    Modern string extraction for binary analysis — all of the good stuff, none of the garbage. Useful for initial triage, C2 enumeration, credential extraction, and signature development.

  • filefacts stable

    Rust library that reads a file and returns ML-ready facts for security pipelines — package identity, binary provenance, source AST features, strings, symbols, metrics, and structured errors in one cached parse.

  • c.diff DESIGN PHASE

    Context-driven molecular drift detection. Tracks how code atoms shift across versions and dependencies.