Sometimes it identifies it as malware, sometimes as a worm, sometimes as a trojan, always tixati.exe and always outbound. Did I maybe download something dodgy with Tixati or is Malwarebytes just getting it wrong?

If you downloaded the program from the Tixati website everything is fine.
Tixati has NO spyware or malware.

Has anyone else experienced this? Just so I know whether this is Malwarebytes misidentifying Tixati as malicious or whether I might not be downloading something actually malicious in Tixati.

In such cases you should follow up with MalwareBytes directly and ask them whether it was a false-positive.
I've tested it right now (MB Trial 4.4.4) with Tixati 2.84 - no matches, all clean. MB only detects BitTorrent (client) and uTorrent and FrostWire installers as Adware/Malware/PUP due to them bundling unwanted software.

If you used Tixati from an installer, the installer and .exe files are digitally signed (the dev paid a hefty sum for it!) - right click, properties, 'Digital Signature' must be for 'Tixati Software Inc.', sha256 currently. If there's no digital signature, the files must've been infected (modified) by other software.

If you use portable version then https://support.tixati.com/Release%20Verification
The dev does not provide file hashes (like md5, sha256) but they would be equally valid for verification if they came from a trusted source (still the key / signature method is better)

If the verification reveals an infected file, keep it as a sample.

if Malwarebytes is detecting outbound traffic I would Enable Tixati's IP Filter and add the IPs Malwarebytes into it, or exclude it from malwarebytes, your choice.

what's likely happening is that certain IPs in the swarms of torrents you downloaded/downloading are part of an IP range + port that is a combo for a "known threat". but given that bittorrent uses random ports.. it's chance that simple filters like that will catch a false alarm.

This is a very delayed addition to this post. As of 2024-09-20, Malwarebytes has blocked 294 separated outbound communication attempts while transfers are active. I have not counted unique address but sorting by address multiple attempts to a single address, there are still many dozens of unique addresses.  Every IP run through Virustotal returns positive flags for malware, trojans, etc from multiple antivirus vendor's, those same IP's have (usually) extensive profiles on Crowd Sec Threat Intelligence detailing the various forms of attack vectors used which link to MITRE ATT&CK for more detailed explanations.  I have only discovered this in the last 3 days and just now am putting it all together.  I fully expect every unique IP address to follow suite, I will continue work as possible.  

I do not know if there is any developmental solution or approach at the moment, or ever. The good news is short tem Tixati's IP filter should allow those IP's to be dropped.  

What I know and have done.
1. I am using brand new, mostly udp trackers confirmed three days ago, through https://newtrackon.com/
2. I have a tracker setting to add new know good trackers to all new transfers.
3. I've built a list of old dead trackers present in many of the transfers I see and have them taken out of new transfers.
4. When MalwareBytes notifies of a new IP blocked I check active transfers for peers with matching IP's, remove matching connections, and update the Blocked IP list I'm building. Most of the blocked IP's are not peers, most of the time I can not find blocked MWB blocked IP's in Tixati's DHT Event log either. I assume they are part of the swarm somehow.  

I would appreciate any idea's, information, direction, resources, etc. helping me understand the general process these malware sites are propogated through the P2P communities and what if anything can be done. newtrackon shows many new trackers up and running for mere days to hours. Some are in geopolitical areas know for this activity.  Maybe some trackers are part of the problem.  I doubt there is much the developers can do to combat this but you never know what could happen if enough people get involved. Given the very real and disasterous potential here I hope to motivate prople to get involved.  I will look for a more recent/appropriate thread to post to as well.
Regards

So you most likely block a legitimate Bittorrent peer who comes from a VPN server or a tiny block of IPs shared by thousands of users. It's not hard to get a shared IP flagged for malicious activity. Except Bittorrent doesn't interact with them in any way other than ask for downloads. This has been explained before on the forums, I hope you will find the relevant topics in search.

Actually, here's just ONE of them: https://forum.tixati.com/support/8185