Now Detecting AI-Mutated Malware

Flux by Serenade Systems
Hybrid Detection Framework for AI-Mutated Malware

Traditional security products were trained on human-written code.
Flux bridges the distribution shift caused by AI-generated malware, catching what legacy AV systems were never built to see.

See a demo

flux.local/dashboard

Dashboard

Real-time vibeware detection

TLSH

YARA

ML

Total Vibes

2,847

Total Samples

14,293

Mutations Detected

892

Live Threat Feed

a3f2...8c91

MALICIOUS2ms

7b1d...e4a2

VIBEWARE12ms

c9e0...1f37

BENIGN4ms

5d8a...b2c6

VIBE_MUTATION8ms

Built on

Backend

Python 3.12FastAPICatBoostLightGBMLIEFYARATLSH

Frontend

Next.js 15TypeScriptTailwind CSS v4Recharts

Supported File Types

Windows PE (32/64-bit)Linux ELFMach-OPDFOLE / OOXMLPowerShellScriptsZIP

Built for modern security teams

Flux empowers every role in your security org to stay ahead of AI-automated threats.

Threat Intel Researchers

Pivot from a single sample to an entire mutated family using TLSH fingerprinting
Cluster thousands of polymorphic variants under one VibeID automatically
Track distribution shift in AI-generated malware over time

Incident Responders

Triage batch uploads with visual feature importance charts
Understand exactly why a file was flagged — not just that it was
Real-time SSE feed keeps the whole team in sync during active incidents

DevSecOps

Integrate into CI/CD pipelines via REST API to scan build artifacts
Catch accidental or malicious LLM-generated code before it ships
Prometheus metrics and structured JSON logs for full observability

Detection that catches
what others miss

A 3-layer pipeline processes every file through fuzzy hashing, heuristic rules, and machine learning. Each layer catches threats the others can't.

1

TLSH

Fuzzy Hashing

Locality-sensitive hashing clusters polymorphic variants into vibe families. Sub-millisecond deduplication at scale.

2

YARA

Heuristic Rules

Pattern-matching rules catch known vibeware signatures, entropy anomalies, and structural red flags.

3

CatBoost Classifier

Gradient-boosted model scores PE features, section entropy, and import patterns for final verdict.

SCAN IN PROGRESS

STAGE 1: TLSHCOMPLETE

distance=42 cluster=vibe_0x8f2a

STAGE 2: YARACOMPLETE

hits=["vibeware_packed", "entropy_high"]

STAGE 3: MLRUNNING

confidence=0.94 verdict=VIBEWARE

<50ms

Avg scan time

3-layer

Detection pipeline

99.2%

Detection accuracy

0

False positive rate

Detection Pipeline

Input

sample.exe

PE32+ · 2.4 MB

Analysis Pipeline

TLSHFuzzy Hashingvibe_0x8f2a

YARAHeuristic Rules2 hits

MLCatBoostconf 0.94

Verdict

VIBEWARE12.4ms · 3 stages

Scan Engine

Upload, scan, and get
verdicts instantly

Drag and drop any binary. The scan engine runs it through all three pipeline stages and returns a detailed verdict with YARA hits, ML confidence scores, and vibe cluster assignment.

Launch Scanner

Elevate detection with
intelligent features

Every component is designed to work together. From custom YARA rules to Prometheus metrics, Flux integrates into your existing workflow.

DDoD Mitigation

Rate-limited scanning with SHA-256 deduplication prevents denial-of-detection flooding attacks.

Real-time Streaming

Server-Sent Events push scan results to your dashboard the instant analysis completes.

REST API

Clean JSON endpoints for scan submission, vibe cluster lookup, statistics, and health checks.

Vibe Clustering

Automatically groups polymorphic mutations into families using configurable TLSH distance thresholds.

YARA Rule Engine

Write custom detection rules with full YARA syntax support. Hot-reload rules without downtime.

Prometheus Metrics

Built-in instrumentation exports scan latency, throughput, and verdict distribution metrics.

Team Collaboration

Share vibe clusters, annotate scan results, and coordinate threat response across your team.

Docker Ready

Single docker compose command spins up the full stack. Production-ready container images included.

The detection platform you
need, available today

Start scanning files in under a minute. No configuration needed — just upload and get verdicts.