Thomas Strömberg

At the risk of spilling the beans too early... I grew tired of the constant barrage of supply-chain attacks afflicting the open-source community and decided to create a new open-source #malware scanner, named #Litmus.

This is part of a larger vision for intercepting supply-chain attacks, called The #Atomdrift Project. I want to empower everyone, from software marketplaces to teenagers at home, to catch the sorts of attacks we've recently seen against #Trivy and #OpenClaw.

Mar 26 at 11:59pmWeb
Show threadThomas Strömberg1d ago
I've poured hundreds of hours (and thousands of dollars' worth of GPUs, RAM, and storage) into Atomdrift because it's well past time the open-source community had a solution. While ClamAV served us well for the past 23 years, its design always assumed that malware samples were static, well-known, and in binary form. That's not the case in 2026.
Show threadThomas Strömberg1d ago

The concept is simple: decompose a program into atoms, identify the unique mal-ecule that makes up the program, and use a fast local ML to keep the false-positive rates low. Treat binaries and source code as first-class citizens, with automated reverse-engineering of both sets.

We still have a long way to go, but if you want to check out where we are today (including a web portal for analyzing samples), see https://atomdrift.org/

Open-Source Malware Detection for the Modern Software Supply Chain - The Atomdrift Project

Open-source tools for software supply chain security. Atomic-level analysis of binaries and source code.