The U.S. Cybersecurity and Infrastructure Protection Agency (CISA) has announced the open access to Thorium, a powerful malware analysis and digital forensics platform. The tool was created in partnership with Sandia National Laboratories and is capable of processing over 10 million files per hour per access group.

Thorium is designed as a scalable system for automating cyber incident investigation processes. The platform allows you to run over 1,700 tasks per second and integrates both commercial and open-source tools.
Thorium’s main features include:
Thorium is focused on software analysis, digital forensics, and incident response, allowing specialists to quickly assess complex threats and receive results in real time.
CISA actively promotes open cybersecurity tools. In 2024, the agency introduced the Malware Next-Gen platform, which allows malware samples to be publicly uploaded for analysis. Previously, CISA launched free security scans for critical infrastructure and released the Eviction Strategies Tool to assist in incident response. Thorium is the next step in this strategy. The open source code of the platform is now available on CISA’s GitHub, allowing government and private organizations to use it for their own purposes for free.
Opening the Thorium source code strengthens global cybersecurity by allowing the community to analyze, improve, and scale defense tools. This is another example of government agencies moving to an open-source collaboration model that improves the effectiveness of their threat response.