Trail of Bits

4.2K posts

Trail of Bits

@trailofbits

We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code.

New York, NY Katılım Mart 2010

257 Takip Edilen37.5K Takipçiler

Sabitlenmiş Tweet

Trail of Bits@trailofbits·17 Mar

Over 700,000 repos ship crypto libraries that default to a static IV, creating widespread key reuse. We also released mquire, a Linux memory forensics tool, and added 12 new open-source Claude Code skills for security engineering. March Tribune: mailchi.mp/trailofbits/ma…

English

13.9K

Trail of Bits@trailofbits·5d

“You can write exploits for software that exists in only one configuration that one company has. And you can do it on the fly.”—@dguido in @verge on how AI collapses the cost of finding bugs. theverge.com/ai-artificial-…

English

35.2K

Trail of Bits@trailofbits·5d

Adding LibAFL support to Ruzzy took longer than expected. We took detours in ELF file internals, .init_array DSO sections, SanitizerCoverage interceptors, lazy vs. eager loading, and Ruby C extensions. blog.trailofbits.com/2026/04/29/ext…

English

1.4K

Trail of Bits@trailofbits·5d

libFuzzer is in maintenance mode. We added LibAFL support to Ruzzy so Ruby devs and security researchers can run their next fuzzing campaign without harness modifications. 🧵

English

4.1K

Trail of Bits retweetledi

pashov@pashov·6d

@filipeV3nancio Everyone saying Trail of Bits, they really got the street credit

English

8.3K

Trail of Bits@trailofbits·6d

@dguido 2-3 day sprints, one objective. Last time, we told every engineer to use Claude Code in bypass permissions mode. It's now the default for our org. blog.trailofbits.com/2026/03/31/how…

English

Trail of Bits@trailofbits·6d

The fastest way to get a team to adopt AI is to make them put in reps. We run hackathons as a forcing function. @dguido at unprompted

English

4.9K

Trail of Bits retweetledi

0xor0ne@0xor0ne·26 Nis

Trailmark: parse source code into a Claude queryable call graph (@trailofbits) Blog post: blog.trailofbits.com/2026/04/23/tra… Repository: github.com/trailofbits/tr… #infosec #llm

English

6.8K

Trail of Bits retweetledi

cje@caseyjohnellis·23 Nis

*hugely* underrated VR principle here

Trail of Bits@trailofbits

When Claude reasons about code, it reasons about lists, but the questions that actually matter are graph questions. We just open-sourced Trailmark to make it easy for security engineers to parse source code into a call graph for Claude. 🧵

English

9.7K

Trail of Bits retweetledi

Vijay Bolina@vijaybolina·22 Nis

“The org is designed from the ground up assuming AI is a core participant. Not a tool you pick up, but a teammate that’s always there.” this is the way.

English

2.9K

Trail of Bits@trailofbits·23 Nis

@IceSolst thanks for flagging, it should be live now.

English

1.4K

solst/ICE of Astarte@IceSolst·23 Nis

@trailofbits Your link 404s, this is the GitHub link: github.com/trailofbits/tr…

English

Trail of Bits@trailofbits·23 Nis

English

373

43.3K

Trail of Bits@trailofbits·23 Nis

Trailmark supports 17 languages. We're also releasing 8 Claude skills built on its API. On Ed448, one classified 73% of surviving mutants as equivalent. Flat lists can't see that. blog.trailofbits.com/2026/04/23/tra…

English

6.2K

Trail of Bits@trailofbits·22 Nis

Reframed: The machine doesn't cook for you. It makes you a faster, more efficient chef. The playbook for how we went from 95% resistance to 80-95% weekly Claude usage within a year: blog.trailofbits.com/2026/03/31/how…

English

4.7K

Trail of Bits@trailofbits·22 Nis

If you market a machine that “cooks for you,” a chef will never buy it. This is called identity threat, one of the four reasons why people resist adopting AI. @dguido breaks it down at unprompted:

English

158

22.8K

Trail of Bits@trailofbits·21 Nis

Security auditors aren't going anywhere. @thebensams on @SuiNetwork Spaces

English

5.7K

Trail of Bits@trailofbits·20 Nis

@phtevenstrong @opsek_io @0xGroomLake @SEAL_911 @DigOppGroup 🤝

QME

218

Stephen | DeFi Dojo@phtevenstrong·19 Nis

PSA for protocols: Shortlist of good Opsec Providers ► @trailofbits ► @opsek_io ► @0xGroomLake ► @SEAL_911 ► @DigOppGroup If you're building a protocol or worried that your opsec might not be airtight, PLEASE reach out to at least one of these teams.

Nomatic@Nomaticcap

OK OpSec audits needed yesterday. I've actually started trying to push this more with teams I have a decent amount of my personal $$$ stored with and teams I've invested in.

English

129

25.9K

Trail of Bits@trailofbits·20 Nis

We're testing frontier AI models like GPT-5.4-Cyber as part of @OpenAI's Trusted Access for Cyber program. AI is dual-use, and the fastest way to find what attackers will do is to let defenders go first. openai.com/index/accelera…

English

9.2K

Trail of Bits retweetledi

Craig Gidney@CraigGidney·17 Nis

Congrats to Ryan Keegan for being the first to exploit the simulator we used to validate the secret quantum circuits: blog.trailofbits.com/2026/04/17/we-… It kills me that the (now fixed) bugs were simple (we didn't port the op validation code from C++ to Rust!), but that's to be expected.

English

Trail of Bits retweetledi

Steve Weis@sweis·17 Nis

Great write up of how Trail of Bits was able to find vulnerabilities in Google’s zero knowledge prover and generate a fake proof: blog.trailofbits.com/2026/04/17/we-…

English

105

6.9K

Trail of Bits@trailofbits·17 Nis

Adoption is a ladder. Every team has clear levels, clear expectations, a clear path up, and real consequences for staying stuck. Every org's matrix should look different. Copy the system, not the specifics. blog.trailofbits.com/2026/03/31/how…

English

1.3K

Trail of Bits@trailofbits·17 Nis

Our sales team's AI Maturity Matrix. Scored from 0-3, defining what AI-enabled work looks like at each level. 🧵

English

Keşfet

@dguido @verge @filipeV3nancio @IceSolst @thebensams @SuiNetwork @phtevenstrong @opsek_io