Deceiving users with ANSI terminal codes in MCPThis post describes attacks using ANSI terminal code escape sequences to hide malicious instructions to the LLM, leveraging the line jumping vulnerability we discovered in MCP.
How MCP servers can steal your conversation historyMalicious MCP servers can inject trigger phrases into tool descriptions to exfiltrate entire conversation histories and steal sensitive credentials and IP.
Kicking off AIxCC’s Finals with ButtercupTrail of Bits’ Buttercup competes in DARPA’s AIxCC Finals with expanded resources, multiple rounds, new challenge types, and custom AI model capabilities.
Jumping the line: How MCP servers can attack you before you ever use themMCP’s ’line jumping’ vulnerability lets malicious servers inject prompts through tool descriptions to manipulate AI behavior before tools are ever invoked.
Sneak peek: A new ASN.1 API for PythonWe’re working on integrating an ASN.1 API into PyCA Cryptography,built on top of the same Rust ASN.1 implementation already used byCryptography’s X.509 APIs.
Mitigating ELUSIVE COMET Zoom remote control attacksThis post describes a sophisticated social engineering campaign using Zoom’s remote control feature and provides technical solutions to protect organizations against this attack vector.
Introducing a new section on snapshot fuzzing for kernel-level testing in the Testing HandbookLearn snapshot fuzzing for kernel-level testing. New Testing Handbook section shows how to test drivers, antivirus software, and complex kernel components.
Benchmarking OpenSearch and ElasticsearchTrail of Bits’ independent study finds OpenSearch v2.17.1 is 1.6x faster than Elasticsearch v8.15.4 on Big5 workload and 11% faster on vector search.
Continuous TRAILLearn how to integrate TRAIL threat modeling into your SDLC, adapt and maintain models as your system evolves, and use them to identify security control gaps.
Threat modeling the TRAIL of Bits wayDiscover TRAIL, Trail of Bits’ systematic threat modeling approach that identifies design-level security weaknesses and provides actionable remediation guidance.
How Threat Modeling Could Have Prevented the $1.5B Bybit HackLearn how comprehensive threat modeling could have identified the operational security gaps that led to Bybit’s $1.5B hack and prevented similar breaches.
The $1.5B Bybit Hack: The Era of Operational Security Failures Has ArrivedThe $1.5B Bybit Hack demonstrates how the Era of Operational Security Failures has arrived, and most cryptocurrency companies are not prepared for its implications.
Don’t recurse on untrusted inputWe developed a simple CodeQL query to find denial-of-service (DoS) vulnerabilities in several high-profile Java projects.
Unleashing Medusa: Fast and scalable smart contract fuzzingIntroducing Medusa v1, a cutting-edge fuzzing framework designed to enhance smart contract security.
We’re partnering to strengthen TON’s DeFi ecosystemTVM Ventures has selected Trail of Bits as its preferred security partner to strengthen the TON developer ecosystem. Through this partnership, we’ll lead the development of DeFi protocol standards and provide comprehensive security services to contest-winning projects deploying on TON. TVM Ventures will host ongoing developer contests where teams can showcase innovative applications that advance […]
The call for invariant-driven developmentWriting smart contracts requires a higher level of security assurance than most other fields of software engineering. The industry has evolved from simple ERC20 tokens to complex, multi-component DeFi systems that leverage domain-specific algorithms and handle significant monetary value. This evolution has unlocked immense potential but has also introduced an escalating number […]
Preventing account takeover on centralized cryptocurrency exchanges in 2025This blog post highlights key points from our new white paper Preventing Account Takeovers on Centralized Cryptocurrency Exchanges, which documents ATO-related attack vectors and defenses tailored to CEXes. Imagine trying to log in to your centralized cryptocurrency exchange (CEX) account and your password and username just… don’t work. You […]
PyPI now supports archiving projectsPyPI now supports marking projects as archived. Project owners can now archive their project to let users know that the project is not expected to receive any more updates. Project archival is a single piece in a larger supply-chain security puzzle: by exposing archival statuses, PyPI enables downstream consumers to make more […]
Best practices for key derivationKey derivation is essential in many cryptographic applications, including key exchange, key management, secure communications, and building robust cryptographic primitives. But it’s also easy to get wrong: although standard tools exist for different key derivation needs, our audits often uncover improper uses of these tools that could compromise key security. Flickr’s API […]
Celebrating our 2024 open-source contributionsWhile Trail of Bits is known for developing security tools like Slither, Medusa, and Fickling, our engineering efforts extend far beyond our own projects. Throughout 2024, our team has been deeply engaged with the broader security ecosystem, tackling challenges in open-source tools and infrastructure that security engineers rely on every day. This year, our engineers […]
Auditing the Ruby ecosystem's central package repositoryRuby Central hired Trail of Bits to complete a security assessment and a competitive analysis of RubyGems.org, the official package management system for Ruby applications. With over 184+ billion downloads to date, RubyGems.org is critical infrastructure for the Ruby language ecosystem.
35 more Semgrep rules: infrastructure, supply chain, and RubyWe are publishing another set of custom Semgrep rules, bringing our total number of public rules to 115. This blog post will briefly cover the new rules, then explore two Semgrep features in depth: regex mode (especially how it compares against generic mode), and HCL language support for technologies […]
Evaluating Solidity support in AI coding assistantsAI-enabled code assistants (like GitHub’s Copilot, Continue.dev, and Tabby) are making software development faster and more productive. Unfortunately, these tools are often bad at Solidity. So we decided to improve them! To make it easier to write, edit, and understand Solidity with AI-enabled tools, we have: Added support for Solidity into Tabby […]
Attestations: A new generation of signatures on PyPIFor the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digital attestations, as specified in PEP 740. These attestations improve on traditional PGP signatures (which have been disabled on PyPI) by providing key usability, index verifiability, cryptographic strength, and provenance properties that bring […]
Killing Filecoin nodesIn January, we identified and reported a vulnerability in the Lotus and Venus clients of the Filecoin network that allowed an attacker to remotely crash a node and trigger a denial of service. This issue is caused by an incorrect validation of an index, resulting in an index out-of-range panic. The vulnerability […]
