Trail of Bits

4.3K posts

Trail of Bits banner
Trail of Bits

Trail of Bits

@trailofbits

We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code.

New York, NY Katılım Mart 2010
261 Takip Edilen38.2K Takipçiler
Sabitlenmiş Tweet
Trail of Bits
Trail of Bits@trailofbits·
We launched Patch the Planet with OpenAI, factored hundreds of weak RSA keys with a new polynomial technique, and bypassed every AI skill scanner we tested. Plus 10 new public reviews, gosentry, and more. June Tribune: mailchi.mp/trailofbits/ju…
English
1
14
80
7.5K
Trail of Bits retweetledi
Aptos Labs
Aptos Labs@AptosLabs·
NEW: rust-review — a security review plug-in for Rust, built by @zi0Black of Aptos Labs' Security Team with Paweł Płatek of @trailofbits. Rust's compiler gives you memory safety. It won't flag misused unsafe code, silent overflows, or nondeterminism. rust-review does.
Aptos Labs tweet media
English
54
8
246
8.5K
Trail of Bits
Trail of Bits@trailofbits·
@AptosLabs Inside, you'll find what Rust's guarantees don't cover, how to catch undefined behavior with Miri, property testing with proptest, our favorite Clippy lints, memory zeroization, model checking with Kani, and more. appsec.guide/docs/languages…
English
1
2
4
922
Trail of Bits
Trail of Bits@trailofbits·
Later today at @SummerC0n, Asritha Bodepudi will show how to build a Windows n-day exploit chain for RasMan, the Remote Access Connection Manager service. 11:15AM ET, Main Stage, Littlefield in Brooklyn. summercon.org/schedule/
English
0
3
13
2.7K
Trail of Bits retweetledi
Tim O'Reilly
Tim O'Reilly@timoreilly·
I've really been impressed with the framework for enterprise AI adoption and compounding value that Dan Guido talked about at the recent (un)prompted conference. He is the CEO of security company Trail of Bits, and he gives a detailed methodology for overcoming resistance and encouraging organization-wide adoption. I liked his talk so much (it's only 20 minutes) that I asked him to deliver it again on the O'Reilly platform and then take questions from the online audience. It's tomorrow at 8 am Pacific. Attendance is free. learning.oreilly.com/live-events/a-…
English
7
17
37
32.7K
Trail of Bits
Trail of Bits@trailofbits·
Mewt grades your test suite by sabotaging your code. Each change that doesn't get flagged by your tests is a potential bug. Today we're expanding it to support DAML, @CantonNetwork's native language, with two new mutant classes for DAML's authorization rules.
English
1
6
23
3.3K
Trail of Bits retweetledi
Gin Zite
Gin Zite@Gintaria·
Fantastic AI Security Summit today! Diving into how building software and attack surface is changing. Always energizing to be around security leaders wrestling with the same hard questions we see every day at @trailofbits. Onward to RAISE 🚀 @FactoryAI @snyksec @NLilichenko
Gin Zite tweet media
English
0
1
6
824
Trail of Bits
Trail of Bits@trailofbits·
We gave GPT-5.5-Cyber a single /goal: find a specific class of bugs in zlib, the compression library used by Linux, macOS, iOS, and Git. It built a fuzzing lab in less than a day, a task that takes a skilled researcher weeks. Patch the Planet field report by Benjamin Samuels: blog.trailofbits.com/2026/07/02/fie…
English
7
47
267
21K
Trail of Bits
Trail of Bits@trailofbits·
cargo-audit flags Rust dependencies with known vulnerabilities, but it doesn't tell you whether your code calls the vulnerable function. We added a feature that checks your binary for vulnerable functions and labels any matches as "Affected," separating real exposure from advisories that don't apply. It's live in cargo-audit 0.22.2+. If you're behind, update with `cargo install -f cargo-audit`. crates.io/crates/cargo-a…
Trail of Bits tweet media
English
4
19
110
7.4K
Trail of Bits
Trail of Bits@trailofbits·
.@OpenAI handed us their most cyber-capable models and asked us to work directly with open-source maintainers to Patch the Planet. We started with 19 projects: cURL, Python, Sigstore, NATS, and more. 50 projects have now joined the initiative. openai.com/index/patch-th…
English
5
14
101
5.4K
Trail of Bits
Trail of Bits@trailofbits·
1.2 billion downloads ran through pyca/cryptography last month. Nearly every Python app that touches crypto depends on it. If it doesn't ship post-quantum primitives, the Python ecosystem can't migrate. 🧵
English
2
4
48
6.3K
Trail of Bits retweetledi
Zoo
Zoo@zoodotdev·
"For one of the vulnerabilities we developed an exploit to demonstrate its impact internally." Read more about our latest @trailofbits audit and the security findings that shaped our defenses: zoo.dev/blog/security-…
English
0
3
9
2K