Trail of Bits

A single bug in an ERC-4337 smart account can be as catastrophic as leaking a private key.

We've audited dozens of smart accounts and found six vulnerability patterns that consistently reappear across codebases.

If you're working with smart accounts, each pattern includes safe code examples so you can reference them for your own implementation: https://blog.trailofbits.com/2026/03/11/six-mistakes-in-erc-4337-smart-accounts/

We open-sourced 10 new Claude Code skills from our internal repository.

Including:
agentic-actions-auditor finds security vulnerabilities in GitHub Actions workflows where attacker-controlled input reaches AI agents running with elevated CI permissions.

let-fate-decide draws Tarot cards using cryptographic randomness when your prompt is too vague for a real plan.

git-cleanup categorizes your accumulated branches and worktrees and walks you through safe deletion with gated confirmation.

https://github.com/trailofbits/skills/

We're sponsoring RE//verse in Orlando this week. Sam Sharps, Kyle Elliott, and Julius Alexandre will be there. Come find them if you want to talk reverse engineering or binary analysis. https://re-verse.io/

How do you rebuild a security consultancy around AI without breaking what works? Our CEO, Dan Guido, talks systems, feedback loops, and what it actually takes to go AI-native at [un]prompted on March 4th at 9:10 AM https://unpromptedcon.org/

What if the compiler itself flagged your bugs? Blockchain Engineer, Kevin Valerio, is in Tokyo for SECCON 14 to show how Go’s IR can be modified to catch deterministic bug classes.
If you're attending, Kevin will present from 14:20-14:40 (GMT+9) https://www.seccon.jp/14/ep260228.html

New tool release! Linux memory forensics requires external debug symbols that precisely match your kernel version, symbols rarely installed on production systems and often missing after updates.mquire eliminates this dependency entirely by extracting BTF type information and Kallsyms symbol addresses directly from the memory dump. Works on kernel 4.18+ with BTF enabled.
https://blog.trailofbits.com/2026/02/25/mquire-linux-memory-forensics-without-external-dependencies/

Before launch, Perplexity hired us to test the security of Comet, their AI browser assistant. We demonstrated how four prompt injection techniques could extract users' private information from Gmail. https://blog.trailofbits.com/2026/02/20/using-threat-modeling-and-prompt-injection-to-audit-comet/

Today at 12:55 PM MT on the Future Llama stage at ETH Denver, our CEO, Dan Guido, opens the hood on how he made Trail of Bits AI-native.

Carelessness versus craftsmanship in cryptography
Two popular AES libraries (aes-js and pyaes) provide dangerous default IVs that lead to key/IV reuse vulnerabilities affecting thousands of projects. One maintainer dismissed the issue, while strongSwan's maintainer exemplified proper security response by comprehensively fixing the vulnerability in their VPN management tool.
https://blog.trailofbits.com/2026/02/18/carelessness-versus-craftsmanship-in-cryptography/

We're hiring a senior technical recruiter who can own the full hiring lifecycle and build a talent pipeline. You thrive on personal connections with a knack for evaluating technical candidates across engineering and non-engineering roles.

How to run Claude in YOLO mode safely: Use our devcontainer for full file and network isolation. https://github.com/trailofbits/claude-code-devcontainer

Not isolated enough? We're also sharing dropkit, our custom CLI for quickly accessing DigitalOcean droplets for security testing and research tasks https://github.com/trailofbits/dropkit

Nearly all of our 140 employees use Claude Code daily, and most in YOLO mode. Our devcontainer and dropkit are key linchpins for how we make this safer.

Our team had 375+ pull requests merged into 90+ open-source projects in 2025. From the Rust compiler to PyPI Warehouse to Sigstore, these contributions strengthen the infrastructure devs rely on daily.

Key contributions include:
* rekor-monitor is now production-ready with identity monitoring for Rekor v2
* 20+ Clippy lints merged, including implicit_clone improvements
* pyca/cryptography gained a new ASN.1 API
* PyPI Warehouse now supports project archival

https://blog.trailofbits.com/2026/01/30/celebrating-our-2025-open-source-contributions/

Today's software signatures may not survive tomorrow's quantum computers.
Over the past two years, we collaborated with the Sigstore community to build controlled cryptographic agility into the ecosystem with a centralized algorithm registry, configurable restrictions, and Go implementations of post-quantum algorithms LMS and ML-DSA to prove it's future-ready. https://blog.trailofbits.com/2026/01/29/building-cryptographic-agility-into-sigstore/

New Trail of Bits skill: insecure-defaults
Detect insecure default configurations, hardcoded credentials, and fail-open security patterns. https://github.com/trailofbits/skills/tree/main/plugins/insecure-defaults

TEE security breaks down in predictable ways. In our December webinar, we showed exactly where.
Jules Drean from Tinfoil walked through their threat model, covering repositories, hardware configurations, and CVM images. Our security engineers, Paul Bottinelli and Tjaden Hess, dug into vulnerabilities they've found in production TEE deployments.

Watch the full recording: https://watch.getcontrast.io/register/trail-of-bits-top-tee-bugs-you-should-fix-before-your-audit?utm_source=socials

We open-sourced 17 Claude skills!

Think of Claude skills like Neo's uploads. Install a plugin, and Claude gains the capability in seconds. But we weren't satisfied with an AI plugin that vibes its way to an occasional bug. Our CEO and engineers built skills across the spectrum to see how far AI-assisted security can go.
https://github.com/trailofbits/skills

Browser AI agents resurface web security's old mistakes. We exploited lack of isolation to steal data and hijack sessions. These attacks mirror XSS and CSRF.
Our threat model identifies four trust zones with inadequate controls. Data crosses boundaries unexpectedly, enabling attackers to inject prompts and exfiltrate information. We demonstrated exploits from false information to complete account compromise.
https://blog.trailofbits.com/2026/01/13/lack-of-isolation-in-agentic-browsers-resurfaces-old-vulnerabilities/

We're now accepting applications for our 2026 summer internship program!

Trail of Bits is hiring interns across our software assurance, security engineering, and research & development teams. Over the summer, you'll work on real projects that might include conducting security assessments for critical systems, developing open-source tools, and contributing research that advances the field.

Applications are open now through February! Learn more and apply here!
https://apply.workable.com/trailofbits/j/0C784B6D41/

Are we entering a world where chatbots will replace devs?
Probably not. Prompting an LLM with natural language is inherently lossy and ambiguous. Up to this point, programming has always been deterministic: Your code does what you say it should do otherwise, it’s a bug. Coding agents break that contract.

Our blog:
https://blog.trailofbits.com/2025/12/19/can-chatbots-craft-correct-code/

Our new tool, go-panikint modifies the Go compiler to panic on integer overflows, exposing vulnerabilities that would otherwise remain silent and undetected. The tool injects runtime checks during SSA compilation to insert panics when integer bounds are not respected. Drop it into fuzzing campaigns or integrate it into CI/CD pipelines to catch bugs standard tests miss. We tested it in the wild and found a live bug in Cosmos SDK's RPC pagination logic. https://blog.trailofbits.com/2025/12/31/detect-gos-silent-arithmetic-bugs-with-go-panikint/