Trail of Bits reposted this
We are extra thankful for our incredible lineup of Year 1 Sponsors for DistrictCon! https://lnkd.in/eZ5X-dcp
Trail of Bits
Computer and Network Security
New York, NY 15,955 followers
Deepening the Science of Security
About us
Since 2012, Trail of Bits has been the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks.
- Website
-
https://www.trailofbits.com
External link for Trail of Bits
- Industry
- Computer and Network Security
- Company size
- 51-200 employees
- Headquarters
- New York, NY
- Type
- Privately Held
- Founded
- 2012
- Specialties
- software security, reverse engineering, cryptography, blockchain, osquery, machine learning, binary analysis, blockchain, Application Security, and AI/ML
Locations
-
Primary
Get directions
228 Park Ave S
STE 80688
New York, NY 10003, US
Employees at Trail of Bits
Updates
-
A summer cryptography intern discovered two vulnerabilities in one of JavaScript's most critical cryptographic libraries, elliptic. Both vulnerabilities were caught using Wycheproof test vectors, standardized cryptography tests that every library should run, but many skip. Big lesson: cryptography libraries have inconsistent application of continuous cryptographic testing. The Wycheproof chapter in our Testing Handbook teaches you how to implement these tests in your CI/CD pipeline. https://lnkd.in/gS3S9VKg Read the blog: https://lnkd.in/gjYwbPG2
-
-
New release: Open-source Go implementations of NIST post-quantum signature algorithms Developed by our cryptography team, we're releasing pure Go implementations of ML-DSA (FIPS-204) and SLH-DSA (FIPS-205). These libraries are engineered to be constant time, preventing timing side-channel attacks like KyberSlash. Why constant-time matters: Division operations caused KyberSlash, a timing attack on early Kyber implementations. Our libraries eliminate this vulnerability through Barrett reduction by replacing variable-time division with constant-time multiplication using precomputed reciprocals. If you're adding post-quantum signature support to Go applications, these production-ready libraries are engineered by our cryptography team. Read the technical details: https://lnkd.in/gPe772dA
-
New tool release: Checksec Anywhere Read the blog: https://lnkd.in/gfDQM8dd Binary security analysis has a fragmentation problem. Security professionals juggle separate checksec tools for ELF, PE, and Mach-O binaries, each with different interfaces and dependencies. Checksec Anywhere consolidates this into one browser platform. Built on the checksec.rs project and ported to WASM, it runs entirely in-browser. Drag binaries in, get instant color-coded reports showing missing stack canaries, ASLR, DEP, Control Flow Guard, and code signing across all three formats. Built by summer intern Gabe Sherman using Rust/WASM, it processes thousands of binaries with native-speed performance. Try it: checksec-anywhere.com Source: https://lnkd.in/gDWyvwye Built with guidance from William Woodruff and Bradley Swain.
-
-
Headed to DevConnect, DSS or any of the other hundreds of DeFi events in Buenos Aires (Nov 17-21)? This is one week that can’t be missed, come find us at one of our sessions or DM us to connect in person. 🐍 Guillermo L. is going to talk about Mutation testing, showing examples of real life usage of slither-mutate. 👀 Nisedo will be speaking about auditing tactics and strategies that go way beyond "just read the code" 🎓 Benjamin Samuels will be speaking about the future of smart contracts and Slither’s Model Context Protocol See everyone in Buenos Aires: https://lnkd.in/gzyX7X_R
-
Catch Kikimora Morozova on November 8 at BSides Berlin. They show how AI image downscaling creates prompt injection vectors. Learn fingerprinting techniques to detect these vulnerabilities in your systems. https://lnkd.in/gYCxFDCs
-
Trail of Bits reposted this
What does it take to build a fully autonomous AI system that can find, verify, and patch vulnerabilities in open-source software? Michael Brown, Principal Security Engineer at Trail of Bits, joins us to go behind the scenes of the 3-year DARPA AI Cyber Challenge (AICC), where his team's agent, "Buttercup," won second place. Michael, a self-proclaimed "AI skeptic," shares his surprise at how capable LLMs were at generating high-quality patches . However, he also shared the most critical lesson from the competition: "AI was actually the commodity" The real differentiator wasn't the AI model itself, but the "best of both worlds" approach, robust engineering, intelligent scaffolding, and using "AI where it's useful and conventional stuff where it's useful" . This is a great listen for any engineering or security team building AI solutions. We cover the multi-agent architecture of Buttercup, the real-world costs and the open-source future of this technology . #aisecurity #aisecuritypodcast #aicc #darpachallenge
Inside the 29.5 Million DARPA AI Cyber Challenge
www.linkedin.com
-
Trail of Bits reposted this
🚨 AI can now find and patch vulnerabilities completely autonomously. Sounds impossible? That’s what the AI Cyber Challenge (AICC), run by Defense Advanced Research Projects Agency (DARPA), set out to prove and Trail of Bits just took home second place. Caleb and Ashish spoke to Michael Brown (Principal Security Engineer, Trail of Bits), the lead behind Buttercup, an AI system that autonomously finds, verifies, and patches vulnerabilities in open source software. “AI was actually the commodity. What mattered was the scaffolding the engineering around it.” In this episode we cover: ⚡ How DARPA designed a three-year competition to automate vulnerability discovery and patching 🔄 What Trail of Bits learned from building Buttercup and why engineering beat pure AI 🧠 How autonomous AI reasoning systems are redefining cybersecurity research 📉 Why you can’t just “add AI” to security you have to rebuild the system around it 🎧 Full conversation goes LIVE tomorrow on AI Security Podcast. 👉 Subscribe on Apple, Spotify, YouTube, or LinkedIn to stay ahead. #AISecurity #CloudSecurity #AIResearch #CyberAutonomy #CyberSecurityPodcast