Trail of Bits

@[email protected]
1.7K Followers
5 Following
408 Posts
We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code.
Websitehttps://trailofbits.com
Podcasthttps://trailofbits.audio
GitHubhttps://github.com/trailofbits
Bloghttps://blog.trailofbits.com
Trail of BitsMar 11

A single bug in an ERC-4337 smart account can be as catastrophic as leaking a private key.

We've audited dozens of smart accounts and found six vulnerability patterns that consistently reappear across codebases.

If you're working with smart accounts, each pattern includes safe code examples so you can reference them for your own implementation: https://blog.trailofbits.com/2026/03/11/six-mistakes-in-erc-4337-smart-accounts/

Trail of BitsMar 5
We're sponsoring RE//verse in Orlando this week. Sam Sharps, Kyle Elliott, and Julius Alexandre will be there. Come find them if you want to talk reverse engineering or binary analysis. https://re-verse.io/
Trail of BitsFeb 18
Today at 12:55 PM MT on the Future Llama stage at ETH Denver, our CEO, Dan Guido, opens the hood on how he made Trail of Bits AI-native.
Trail of BitsFeb 17
We're hiring a senior technical recruiter who can own the full hiring lifecycle and build a talent pipeline. You thrive on personal connections with a knack for evaluating technical candidates across engineering and non-engineering roles.
Trail of BitsJan 22

TEE security breaks down in predictable ways. In our December webinar, we showed exactly where.
Jules Drean from Tinfoil walked through their threat model, covering repositories, hardware configurations, and CVM images. Our security engineers, Paul Bottinelli and Tjaden Hess, dug into vulnerabilities they've found in production TEE deployments.

Watch the full recording: https://watch.getcontrast.io/register/trail-of-bits-top-tee-bugs-you-should-fix-before-your-audit?utm_source=socials

Trail of BitsJan 20

We open-sourced 17 Claude skills!

Think of Claude skills like Neo's uploads. Install a plugin, and Claude gains the capability in seconds. But we weren't satisfied with an AI plugin that vibes its way to an occasional bug. Our CEO and engineers built skills across the spectrum to see how far AI-assisted security can go.
https://github.com/trailofbits/skills

Trail of BitsJan 13
Browser AI agents resurface web security's old mistakes. We exploited lack of isolation to steal data and hijack sessions. These attacks mirror XSS and CSRF.
Our threat model identifies four trust zones with inadequate controls. Data crosses boundaries unexpectedly, enabling attackers to inject prompts and exfiltrate information. We demonstrated exploits from false information to complete account compromise.
https://blog.trailofbits.com/2026/01/13/lack-of-isolation-in-agentic-browsers-resurfaces-old-vulnerabilities/
Trail of BitsDec 13
Top TEE bugs you should fix before your audit in an upcoming webinar with Tinfoil
https://watch.getcontrast.io/register/trail-of-bits-top-tee-bugs-you-should-fix-before-your-audit?utm_source=socials
Trail of BitsDec 9
Webinar starting in 2 hours: Building end-to-end encrypted systems with our cryptographers. Join us: https://watch.getcontrast.io/register/trail-of-bits-running-effective-threat-models-in-e2ee?utm_source=social
Trail of BitsDec 8
Building a system with E2EE? Join our cryptographers tomorrow, December 9, at 11:00 a.m. ET for a webinar on implementation patterns and formal modeling approaches, followed by a Q&A session. https://watch.getcontrast.io/register/trail-of-bits-running-effective-threat-models-in-e2ee?utm_source=social