RSA private keys biased toward 0 bits can be factored by swapping a hard math problem for an easy one: integer factorization becomes polynomial factorization. We found hundreds of real-world keys vulnerable to this. Many traced to a type mismatch in CompleteFTP (now patched): each 32-bit limb got only 8 bits of randomness. We recovered 603 RSA and 74 DSA private keys. blog.trailofbits.com/2026/06…

How do you audit a frontier model without ever seeing its weights? We partnered with Pour Demain, an AI policy org, to show this was practical. They ran gray-box evals on GLM 5.1, a ~744B model, using @AISecurityInst's open-source interpretability tooling (vllm-lens), entirely inside a verifiable clean room built on Tinfoil Containers.

We beat Google's quantum circuit again, and we didn't have to forge a proof this time. Today we're releasing trailmix, a toolkit for quantum "kickmix" circuits. It includes 5 new circuits we built for elliptic curve addition, the hardest part of Shor's algorithm.

Obscure Docs: Detect and debug corrupted uploaded documents without opening them - fixing parser failures at scale while preserving Harvey’s security commitments.

Last week we held Harvey Hacks, our internal hackathon. 27 projects total across our 200-person eng team. Wanted to highlight a few hackathon projects:

We partnered with @FireworksAI_HQ to train open-source models for legal. Here's what we found: 1) Hybrid legal agents can beat frontier models on quality and cost by routing selectively to a frontier advisor. We tested a hybrid setup where GLM 5.1 served as the primary worker, routing tasks to Opus 4.7 as an advisor when needed. GLM invoked Opus sparingly, just 0.83 times per task on average. The hybrid setup beat Opus on both quality and cost: 18% all-pass vs 14%, at $368 vs $954 across the same 100 tasks. 2) Post-training can push open models to frontier-level legal performance. On a 100-task slice of our Legal Agent Benchmark (LAB), SFT moved Kimi 2.6's all-pass rate from 11% to 15%, beating Opus' 14%. But the cost gap was even more striking: $84 vs $954 across the same 100 tasks, or ~11x cheaper. We're excited to continue working with @FireworksAI_HQ on the next generation of open-source legal agents.

A common informal usage of torch.compile is to generate Triton code which people then copy paste into their codebase. github.com/meta-pytorch/expo… is an experiment to put a nice API around this workflow. Curious to see if it will get any traction!

Check out this awesome work led by @reeselevine and many other great ucsc students! There was so much work to make this run interesting models across many systems! Check it out (and try out the demos in the blog post!)

WebGPU support in llama.cpp is here! Check out our blog post introducing it: reeselevine.github.io/llamas… Run local models in your browser, with GPU acceleration. No data leaves your computer! Thanks to everyone who's made this possible, especially @ggerganov

probably a good time to revisit this blog.trailofbits.com/2020/05…

another day, another universal linux LPE

this is a dirtyfrag variant. PoC and patch: github.com/v12-security/pocs…

Counterpoint: if you throw a rock in a random direction at Defcon or Blackhat you will hit someone with a blue belt or above in BJJ

I think of exploitable vulnerabilities as a natural resource like oil, minerals, etc. There are varying densities of proven reserves in various codebases and "mining" technology improvements make discovering and exploiting deeper vulns viable. They'll just keep getting rarer.

RT @spencerpoff: Grateful to @neal_katyal and his @MilbankLaw team for trusting us to help them prep for such an important case. So many g…

We got a lot of demand for a Tinfoil Rust SDK. In fact, it’s been a TODO post-it on our wall for over a year! The reason it took this long was that we had to implement a Sigstore verifier for client-side supply chain verification and work around the lack of official libraries:

had a jane street interview in 2013 on the way there, i run into a dog. the dog is hurt. i stop to help it but am an hour late to the interview i arrive at the office. the dog is my interviewer. i sigh with relief. surely i'm hired. 'you didn't get the job' the dog says 'reason: ineffective altruism. you failed to realize that arriving on time, earning $500k/year as a junior trader, and donating 10% to shrimp welfare would have prevented approximately 4 million shrimp-hours of suffering. you saved one dog. me. a dog with negligible moral weight relative to the marginal bednet.' i open my mouth. 'also i wasn't hurt. it was a trolley problem. you pulled the wrong lever.' i nod. it is true. dogs are not a givewell top charity. the dog slides a pamphlet across the desk. it says 80,000 hours. 'have you considered earning to give' i start to cry. the dog does not update on this. the dog has read the sequences. 'one more thing,' the dog says. 'the dog you saved. that was also me. i contain multitudes. specifically, i contain a counterfactual in which you arrived on time and we are currently shaking hands. that version of you is now my colleague. he tips well at lunch.' i leave the building. on the sidewalk, another dog is hurt. i keep walking. i have learned. the dog yells after me, 'WRONG. THAT ONE WAS REAL' - written by Claude 4.7 (Adaptive)