We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code.
Joined March 2010
- Tweets 4,258
- Following 260
- Followers 37,995
- Likes 532
489 Photos and videos
Pinned Tweet
May 7
We beat Google's zero-knowledge proof of quantum cryptanalysis by exploiting bugs in their Rust ZKP code, then forged a proof with better metrics. Plus 11 new public reviews, Trailmark, MuTON and mewt, dimensional analysis, and more. May Tribune: mailchi.mp/trailofbits/may-2…
5
17
103
10,741
Jun 12
RSA private keys biased toward 0 bits can be factored by swapping a hard math problem for an easy one: integer factorization becomes polynomial factorization.
We found hundreds of real-world keys vulnerable to this. Many traced to a type mismatch in CompleteFTP (now patched): each 32-bit limb got only 8 bits of randomness. We recovered 603 RSA and 74 DSA private keys. blog.trailofbits.com/2026/06…
7
163
804
48,625
Jun 5
We beat Google's quantum circuit again, and we didn't have to forge a proof this time.
Today we're releasing trailmix, a toolkit for quantum "kickmix" circuits. It includes 5 new circuits we built for elliptic curve addition, the hardest part of Shor's algorithm.
17
25
114
21,137
Jun 5
INRIA researcher André Schrottenloher cracked the code first, but we improved upon his work in just a few days using this toolkit. Our jump-lowqubit circuit beats Google's qubit and gate metrics, and our shrunken-PZ circuit sets a new low-qubit record. github.com/trailofbits/trail…
4
22
2,435
In case anyone is wondering, our malicious skills bypass NVIDIA's new Skillspector too. Our analysis applies just as much to their new tool as the others we looked at.
x.com/trailofbits/status/206…
Jun 3
We built four malicious skills to test whether skill scanners actually work. Three took less than an hour to conceive and implement. ClawHub, Cisco, and Vercel's skills.sh marked them as safe. 🧵
5
9
62
9,037
Jun 4
SEAL Certifications check the operational side of security, from multisigs and treasury to DNS, credentials, and incident response. If you want to get certified, contact us.
Jun 2
It's finally happening!
SEAL Certifications are now open for business. 🎉
1
2
28
8,093
Jun 3
We built four malicious skills to test whether skill scanners actually work. Three took less than an hour to conceive and implement. ClawHub, Cisco, and Vercel's skills.sh marked them as safe. 🧵
9
66
276
31,228
Jun 3
In our simplest bypass, we prepended 100,000 blank lines to a malicious skill. ClawHub's scanner truncated the file before reaching the payload, then marked the skill safe. blog.trailofbits.com/2026/06…
2
29
104
14,563
Trail of Bits retweeted
May 29
Since Matt Green has now spoiled my favorite interview question, I’ll just say: if this is how you approach AI systems, apply to the role below and DM me.
blog.cryptographyengineering…
2
2
20
4,462
Trail of Bits retweeted
May 26
PSA: If your project gets a ton of low quality vulnerability reports, you can filter those reports out with very little effort.
All you need to do is update your project’s claude/agents.md file to set your preferred quality threshold and criteria. Use the researcher’s own tokens to verify their work.
- clearly state your project’s threat model
- give examples of a high/medium sev vulnerability.
- instruct the model to spawn adversarial subagents to critique its work.
- PoC or GTFO
just because there is a mountain of security researchers out there who don’t know how to prompt/verify their work, doesn’t mean your project has to suffer in triage overhead
2
5
67
6,519
Trail of Bits retweeted
May 24
@trailofbits has markdown checklists for reviewing C and C codebases, and I’ve used those in conjunction with other Skills in Claude to get better results than the generic /security-review appsec.guide/docs/languages/…
7
57
5,438
Re: Github Compromise, I vibed a VS Code extension security scanner. It correctly flags the TeamPCP-backdoored NX Console extension without prior knowledge. github.com/trailofbits/vsix-…
4
4
23
3,369
Trail of Bits retweeted
May 22
More on our @trailofbits audit.
Scope: full on-chain review of the clock-in program. PDA derivations, ATA creation, CPI transfer behavior, penalty math, and logging pathways across deposit and withdrawal flows.
Three findings. All resolved and verified in fix review.
Report: github.com/trailofbits/publi…
7
13
28
2,236
May 22
A CI/CD compromise like Trivy → LiteLLM can multiply across the software supply chain. We hardened zizmor, the static analyzer for GitHub Actions, so it reliably catches more workflow misconfigs. 🧵
4
11
60
7,017
May 22
We tested zizmor against 41,253 real workflows, found 4 anchor-handling bugs plus deserialization and expression-evaluator issues, and helped land 15 upstream fixes. CI configs that weren't fully scannable now are. blog.trailofbits.com/2026/05…
1
3
20
1,668
@trailofbits Claude Code skills for security research, vulnerability detection and more
github.com/trailofbits/skill…
#infosec #llm
4
25
188
9,241
May 19
.@obsdmd asked us to audit their Sync protocol. Our engineers delivered eleven findings.
Five went above and beyond the original scope and found system-level issues that weren't specific to Sync itself.
We see this pattern often with our clients. We respect scope as a delivery contract, but we have a professional obligation to surface what our engineers see.
Anything they catch is flagged, and the client decides what to do. When a finding warrants it, the report includes an Exploit Scenario, the path from observation to working exploit. We take an attacker's mindset, and exploit scenarios show our clients what a bug costs them.
With security-first teams like Obsidian, that meant five system-level findings that were either patched or explicitly acknowledged:
1. Math.random used for password and salt generation (High severity, medium difficulty)
2. Variable-time comparison of password-reset tokens and MFA recovery codes (High severity, high difficulty)
3. TOTP codes replayable within the validity window (High severity, high difficulty)
4. Plaintext storage of MFA secrets and recovery codes (High severity, medium difficulty)
5. Password reset without MFA (Medium severity, medium difficulty)
Two new security audits of Obsidian Sync by @cure53berlin and @trailofbits are now available on our Security page.
All findings have been addressed via remediations and disclosures validated by the respective auditors. Read more:
obsidian.md/blog/cure53-tob-…
4
13
105
16,757
Dan Guido, the CEO and cofounder of security firm Trail of Bits and a strategic adviser to mobile security firm iVerify, says a stolen phone may only be worth $50 to $200 when it is locked. “But if you unlock it, it’s worth $500, or it’s worth $1,000.”
wired.com/story/your-iphone-…
2
7
9
10,733
Trail of Bits is so OG, this is a cool collab to see!
May 13
We were one of four initial grant recipients in @OpenAI's Trusted Access for Cyber program.
Daybreak matters because frontier models now find bugs faster than maintainers can triage them, and that gap is about to get worse.
Next-gen models can bury open-source maintainers in reports. While working with frontier labs this year, we have seen the bottleneck shift. Bug finding is easy, but triaging, disclosing, and fixing them takes disproportionate time and effort. Each finding still needs a human to confirm the bug, a static or dynamic check to reproduce it, a working proof-of-concept, and a minimal patch. That work is heavy, and right now it falls on the maintainer.
On the OSS engagements we ran this year, we prioritized minimizing maintainer workload and keeping noise out of their inboxes. Every report we sent included a PoC, a fix patch, and a regression test. Anything that did not clear that bar did not get sent.
Commonly used software has never been short of bugs. Cyber-tier models will surface them at machine speed with little human effort, and the volume will overwhelm OSS projects without clear processes for disclosure, triage, and remediation. If you maintain an OSS project, do four things:
1. Publish a SECURITY.md. If you already have one, verify the reporting flow still works end to end.
2. Set a high bar for submissions. Require a PoC, a fix patch, and a regression test wherever possible.
3. Build validation harnesses that quickly answer three questions: is the bug real, does the fix work, and does anything else break?
4. Sandbox those harnesses. Malicious reports are a credible threat once the cost of generating them drops to near zero.
Bug finding is getting faster. Triage, verification, disclosure, and patching have to catch up.
1
4
31
8,459
Two new security audits of Obsidian Sync by @cure53berlin and @trailofbits are now available on our Security page.
All findings have been addressed via remediations and disclosures validated by the respective auditors. Read more:
obsidian.md/blog/cure53-tob-…
4
41
476
62,106