Lack of isolation in agentic browsers resurfaces old vulnerabilitiesWe exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from the dissemination of false information to cross-site data leaks. These attacks resurface decades-old patterns of vulnerabilities that the web security community spent years building effective defenses against.
Detect Go’s silent arithmetic bugs with go-panikintWe’re releasing go-panikint, a modified Go compiler that turns silent integer overflows into explicit panics. We used it to find a live integer overflow in the Cosmos SDK’s RPC pagination logic, showing how this approach eliminates a major blind spot for anyone fuzzing Go projects.
Can chatbots craft correct code?LLMs fundamentally differ from compilers because they lack determinism and semantic guarantees, making them useful coding assistants but unreliable for autonomous code generation without human review and formal verification.
Use GWP-ASan to detect exploits in production environmentsGWP-ASan is a sampling-based memory error detection tool that catches critical bugs like use-after-free and buffer overflows in production environments with near-zero performance overhead, unlike AddressSanitizer which is too resource-intensive for deployment.
Catching malicious package releases using a transparency logWe’re getting Sigstore’s rekor-monitor ready for production use, making it easier for developers to detect tampering and unauthorized uses of their identities in the Rekor transparency log.
Introducing mrva, a terminal-first approach to CodeQL multi-repo variant analysisOur new tool mrva is a terminal-first tool for running CodeQL multi-repository variant analysis locally,allowing users to download pre-built databases, analyze them with custom queries, and view results directly in the terminal.
Introducing constant-time support for LLVM to protect cryptographic codeTrail of Bits developed constant-time coding support for LLVM that prevents compilers from breaking cryptographic implementations vulnerable to timing attacks, introducing the __builtin_ct_select family of intrinsics that preserve constant-time properties throughout compilation.
We found cryptography bugs in the elliptic library using WycheproofTrail of Bits discovered and disclosed two vulnerabilities in the widely used elliptic JavaScript library that could allow signature forgery or prevent valid signature verification, with one vulnerability still unfixed after the 90-day disclosure window.
Level up your Solidity LLM tooling with Slither-MCPWe’re releasing Slither-MCP, a new tool that augments LLMs with Slither’s unmatched static analysis engine.
How we avoided side-channels in our new post-quantum Go cryptography librariesWe’ve released open-source Go implementations of ML-DSA and SLH-DSA.
Building checksec without boundaries with Checksec AnywhereChecksec Anywhere consolidates fragmented binary security analysis tools into a browser-based platform that analyzes ELF, PE, and Mach-O formats locally without compromising privacy or performance.
Balancer hack analysis and guidance for the DeFi ecosystemA retrospective on the $100M Balancer hack that occurred in November 2025, including long-term, strategic guidance on how to avoid similar bugs.
The cryptography behind electronic passportsThis blog post describes how electronic passports work, the threats within their threat model, and how they protect against those threats using cryptography. It also discusses the implications of using electronic passports for novel applications, such as zero-knowledge identity proofs.
Vulnerabilities in LUKS2 disk encryption for confidential VMsTrail of Bits is disclosing vulnerabilities in confidential computing systems that use LUKS2 for disk encryption. These vulnerabilities allow attackers with access to storage disks to extract confidential data and modify contents.
Prompt injection to RCE in AI agentsWe bypassed human approval protections for system command execution in AI agents, achieving RCE in three agent platforms.
Taming 2,500 compiler warnings with CodeQL, an OpenVPN2 case studyWe created a CodeQL query that reduced 2,500+ compiler warnings about implicit conversions in OpenVPN2 to just 20 high-priority cases, demonstrating how to effectively identify potentially dangerous type conversions in C code.
Supply chain attacks are exploiting our assumptionsSupply chain attacks exploit fundamental trust assumptions in modern software development, from typosquatting to compromised build pipelines, while new defensive tools are emerging to make these trust relationships explicit and verifiable.
Use mutation testing to find the bugs your tests don't catchMutation testing reveals blind spots in test suites by systematically introducing bugs and checking if tests catch them. Blockchain developers should use mutation testing to measure the effectiveness of their test suites and find bugs that traditional testing can miss.
Fickling’s new AI/ML pickle file scannerWe’ve added a pickle file scanner to Fickling that uses an allowlist approach to protect AI/ML environments from malicious pickle files that could compromise models or infrastructure.
How Sui Move rethinks flash loan securitySui’s Move language significantly improves flash loan security by replacing Solidity’s reliance on callbacks and runtime checks with a “hot potato” model that enforces repayment at the language level. This shift makes flash loan security a language guarantee rather than a developer responsibility.
Safer cold storage on EthereumBy using smart contract programmability, exchanges can build custody solutions that remain secure even when multisig keys are compromised.
Subverting code integrity checks to locally backdoor Signal, 1Password, Slack, and moreA vulnerability in Electron applications allows attackers to bypass code integrity checks by tampering with V8 heap snapshot files, enabling local backdoors in applications like Signal, 1Password, and Slack.
Intern projects that outlived the internshipOur business operations intern at Trail of Bits built two AI-powered tools that became permanent company resources—a podcast workflow that saves 1,250 hours annually and a Slack exporter that enables efficient knowledge retrieval across the organization.
Implement EIP-7730 todayEIP-7730 enables hardware wallets to decode transactions into human-readable formats, eliminating blind signing vulnerabilities with minimal implementation effort for dApp developers.
Speedrunning the New York SubwayWe optimized the route for visiting every NYC subway station using algorithms from combinatorial optimization, creating a 20-hour tour that beats the existing world record by 45 minutes.
