Avai – your first AI antivirus
Avai is a new open-source AI antivirus solution designed for macOS and Linux. It utilizes host telemetry and a large language model to classify threats based on various data sources. The system allows users to monitor their machines without requiring extensive privileges or cloud control.
- ▪Avai captures data from 26 different aspects of a host on macOS and 21 on Linux, including processes and file integrity.
- ▪The system enriches findings with up to 17 threat intelligence sources and provides verdicts on the status of each finding.
- ▪Users can run Avai with minimal setup, producing a populated database and a user-friendly dashboard for monitoring.
Opening excerpt (first ~120 words) tap to expand
avai Know what's actually running on your machines. Open-source host telemetry + LLM threat classifier. One docker run. avai snapshots 26 corners of your host on macOS (21 on Linux) — processes, USB, persistence, file integrity, browser extensions, exec events — enriches each new finding with up to 17 threat-intel sources (VirusTotal, MalwareBazaar, URLhaus, CISA KEV, Shodan, AbuseIPDB, OSV, NVD, …), and lets a Claude-class LLM tell you which ones are worth caring about. Verdicts come back as malicious / suspicious / unknown / benign with a MITRE-aligned category, a confidence, and a one-line remediation. No agent contract, no SIEM, no cloud control plane. Dedup by content hash — the same artifact is never sent to the LLM twice.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.