Scott Arciszewski

Claude Code automatically adds itself to the commit metadata "Co-Authored-By: Claude Opus <noreply@anthropic.com>". I strongly disagree with crediting Claude as a commit co-author. It is a tool I'm paying for, not a copyright holder, not an author. We don't credit Visual Studio.

We pulled in $117,000 in Chrome bug bounties with simple tricks; on Wednesday, Quang Luong will spill his secrets at the Stanford AI Security Conference: seclab.stanford.edu/RealWorldAIsec/ Fun fact: Quang is probably the only researcher in the known universe who still uses Gemini to find bugs. Before the end of the year, Calif researchers will be presenting at Blackhat USA, Defcon, and Hexacon. We're also hoping to make it to Unprompted AU, OffensiveCon, and Objective By The Sea. At Black Hat USA, Dionysus Blazakis and the team will walk through the bugs and exploit chain used in the Apple MIE bypass discovered a few months ago. #apple-macos-kernel-exploitation-with-mie-building-on-the-ashes-of-100-vulnerabilities-55845" target="_blank" rel="nofollow noopener">blackhat.com/us-26/briefing… At DEF CON, we will tell the story of hacking software that helps run the Internet backbone. At Hexacon in Paris, @brucedang and I will give the keynote. Apple announced MIE there last year, so it'll be a fun one. I suspect they only wanted Bruce, but keynotes require a certain amount of professional nonsense, and Bruce is far too honest for that, so I got invited too. My job is marketing, which is to lie without getting caught. What's wild is that none of this existed at the beginning of the year. We started with a simple realization: very few people have both deep security expertise and access to the best AI models. So we went all in and never looked back. Back in March, we called a company-wide all-hands on a Saturday. The title of the invite was: "AI Tsunami and Our Actions." I don't want to romanticize overwork, but what we were seeing felt too urgent to wait until Monday. Then everyone started cooking. The results have been spectacular. Our research on defeating Apple MIE made it into The Wall Street Journal. We signed major contracts with Anthropic, OpenAI, Google DeepMind, and xAI. While others are celebrating access to the latest models, we've been using them to explore the frontiers of vulnerability research. In the first half of 2026, we're already surpassing our entire 2025 bookings. Most importantly, we've assembled a top-tier team in record time. I've read many strategy books, but this is the first time I've witnessed the power of the right strategy at the right time. Focus is the name of the game. Strategy is deciding what to ignore. For one month and a half, we stopped starting new projects. I've personally shelved a lifelong passion in Vietnam, because it isn't a priority for the company. You can only move fast when you're light. Several people were upset when we changed direction so abruptly. That's normal. If nobody complains, you probably didn't focus. Of course, strategy isn't magic. You can make a focused bet and still be wrong. We were fortunate that this one worked out. None of this would be possible without our partners and supporters across the frontier labs. Thank you.

Exclusive: Amid concerns about AI models’ cybersecurity capabilities, OpenAI has revealed an improved version of GPT-5.5-Cyber and its “Patch the Planet” initiative to fix open-source software bugs. wired.com/story/openai-l…

30+ projects have already joined. Our goal is to prepare maintainers for machine-speed bug discovery. We put a team on each project, aim models at the code, patch the findings, and build custom security infrastructure for triage at scale. blog.trailofbits.com/2026/06/22/int…

Patch the Planet is our effort to help open source maintainers move from security findings to merged fixes. We’re working with Trail of Bits, HackerOne, Calif, researchers, and maintainers to bring Codex Security and advanced models into the remediation process, with human review at the center.

Patch the Planet is our joint initiative with @OpenAI to help maintainers strengthen critical open-source software. In one week, we used Codex and GPT-5.5-Cyber to find hundreds of bugs inside OSS like cURL, Python, and the Go project. 37 patches merged, with more in flight. 🧵

While it's certainly possible Mythos could have found the same bugs if its operator invested more time and focus on HtmlSanitizer, most defenders don't have access to Mythos. I sure didn't. To be terse: Less FOMO, more resourecefulness.

If you're curious, the skills I used to find these bugs and more are still internal-only (for now), but they build atop Trailmark. blog.trailofbits.com/2026/04/23/tra…

Last month, the @Symfony blog posted about some results from Claude Mythos. symfony.com/blog/claude-my…

RSA private keys biased toward 0 bits can be factored by swapping a hard math problem for an easy one: integer factorization becomes polynomial factorization. We found hundreds of real-world keys vulnerable to this. Many traced to a type mismatch in CompleteFTP (now patched): each 32-bit limb got only 8 bits of randomness. We recovered 603 RSA and 74 DSA private keys. blog.trailofbits.com/2026/06/12/fac…

Can't wait to show everyone what I've built atop this little tool :) Trailmark is a cool foundational piece of code, but it's not the headliner. That will come later :D

github.com/trailofbits/sk… - update to the trailmark skills to use the new APIs

github.com/trailofbits/tr… :)

.@obsdmd asked us to audit their Sync protocol. Our engineers delivered eleven findings. Five went above and beyond the original scope and found system-level issues that weren't specific to Sync itself. We see this pattern often with our clients. We respect scope as a delivery contract, but we have a professional obligation to surface what our engineers see. Anything they catch is flagged, and the client decides what to do. When a finding warrants it, the report includes an Exploit Scenario, the path from observation to working exploit. We take an attacker's mindset, and exploit scenarios show our clients what a bug costs them. With security-first teams like Obsidian, that meant five system-level findings that were either patched or explicitly acknowledged: 1. Math.random used for password and salt generation (High severity, medium difficulty) 2. Variable-time comparison of password-reset tokens and MFA recovery codes (High severity, high difficulty) 3. TOTP codes replayable within the validity window (High severity, high difficulty) 4. Plaintext storage of MFA secrets and recovery codes (High severity, medium difficulty) 5. Password reset without MFA (Medium severity, medium difficulty)

Making non-deterministic processes even more non-deterministic github.com/trailofbits/sk…

‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots. Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy. ▪️ AI surfaces a massive wave of 0-day RCEs. ▪️ Submissions overwhelm ZDI past max capacity. ▪️ Slots run out. Researchers with working chains get rejected. ▪️ "Revenge disclosures" begin. ← we are here. Confirmed casualties so far: ▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land. ▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla. ▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere. ▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel. ▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected. ▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected. Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in. ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.

This is such a great multi-faceted piece of work from @inf_0_: blog.trailofbits.com/2026/04/17/we-…

We beat Google's zero-knowledge proof of quantum cryptanalysis by exploiting bugs in their Rust ZKP code, then forged a proof with better metrics. Plus 11 new public reviews, Trailmark, MuTON and mewt, dimensional analysis, and more. May Tribune: mailchi.mp/trailofbits/ma…