Evan Downing will join a panel at Code Blue in Tokyo on November 18 to discuss the AIxCC finals at DEF CON 33.
Trail of Bits
Computer and Network Security
New York, NY 15,812 followers
Deepening the Science of Security
About us
Since 2012, Trail of Bits has been the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks.
- Website
-
https://www.trailofbits.com
External link for Trail of Bits
- Industry
- Computer and Network Security
- Company size
- 51-200 employees
- Headquarters
- New York, NY
- Type
- Privately Held
- Founded
- 2012
- Specialties
- software security, reverse engineering, cryptography, blockchain, osquery, machine learning, binary analysis, blockchain, Application Security, and AI/ML
Locations
-
Primary
Get directions
228 Park Ave S
STE 80688
New York, NY 10003, US
Employees at Trail of Bits
Updates
-
New release: Open-source Go implementations of NIST post-quantum signature algorithms Developed by our cryptography team, we're releasing pure Go implementations of ML-DSA (FIPS-204) and SLH-DSA (FIPS-205). These libraries are engineered to be constant time, preventing timing side-channel attacks like KyberSlash. Why constant-time matters: Division operations caused KyberSlash, a timing attack on early Kyber implementations. Our libraries eliminate this vulnerability through Barrett reduction by replacing variable-time division with constant-time multiplication using precomputed reciprocals. If you're adding post-quantum signature support to Go applications, these production-ready libraries are engineered by our cryptography team. Read the technical details: https://lnkd.in/gPe772dA
-
New tool release: Checksec Anywhere Read the blog: https://lnkd.in/gfDQM8dd Binary security analysis has a fragmentation problem. Security professionals juggle separate checksec tools for ELF, PE, and Mach-O binaries, each with different interfaces and dependencies. Checksec Anywhere consolidates this into one browser platform. Built on the checksec.rs project and ported to WASM, it runs entirely in-browser. Drag binaries in, get instant color-coded reports showing missing stack canaries, ASLR, DEP, Control Flow Guard, and code signing across all three formats. Built by summer intern Gabe Sherman using Rust/WASM, it processes thousands of binaries with native-speed performance. Try it: checksec-anywhere.com Source: https://lnkd.in/gDWyvwye Built with guidance from William Woodruff and Bradley Swain.
-
-
Headed to DevConnect, DSS or any of the other hundreds of DeFi events in Buenos Aires (Nov 17-21)? This is one week that can’t be missed, come find us at one of our sessions or DM us to connect in person. 🐍 Guillermo L. is going to talk about Mutation testing, showing examples of real life usage of slither-mutate. 👀 Nisedo will be speaking about auditing tactics and strategies that go way beyond "just read the code" 🎓 Benjamin Samuels will be speaking about the future of smart contracts and Slither’s Model Context Protocol See everyone in Buenos Aires: https://lnkd.in/gzyX7X_R
-
Catch Kikimora Morozova on November 8 at BSides Berlin. They show how AI image downscaling creates prompt injection vectors. Learn fingerprinting techniques to detect these vulnerabilities in your systems. https://lnkd.in/gYCxFDCs
-
Trail of Bits reposted this
What does it take to build a fully autonomous AI system that can find, verify, and patch vulnerabilities in open-source software? Michael Brown, Principal Security Engineer at Trail of Bits, joins us to go behind the scenes of the 3-year DARPA AI Cyber Challenge (AICC), where his team's agent, "Buttercup," won second place. Michael, a self-proclaimed "AI skeptic," shares his surprise at how capable LLMs were at generating high-quality patches . However, he also shared the most critical lesson from the competition: "AI was actually the commodity" The real differentiator wasn't the AI model itself, but the "best of both worlds" approach, robust engineering, intelligent scaffolding, and using "AI where it's useful and conventional stuff where it's useful" . This is a great listen for any engineering or security team building AI solutions. We cover the multi-agent architecture of Buttercup, the real-world costs and the open-source future of this technology . #aisecurity #aisecuritypodcast #aicc #darpachallenge
Inside the 29.5 Million DARPA AI Cyber Challenge
www.linkedin.com
-
Trail of Bits reposted this
🚨 AI can now find and patch vulnerabilities completely autonomously. Sounds impossible? That’s what the AI Cyber Challenge (AICC), run by Defense Advanced Research Projects Agency (DARPA), set out to prove and Trail of Bits just took home second place. Caleb and Ashish spoke to Michael Brown (Principal Security Engineer, Trail of Bits), the lead behind Buttercup, an AI system that autonomously finds, verifies, and patches vulnerabilities in open source software. “AI was actually the commodity. What mattered was the scaffolding the engineering around it.” In this episode we cover: ⚡ How DARPA designed a three-year competition to automate vulnerability discovery and patching 🔄 What Trail of Bits learned from building Buttercup and why engineering beat pure AI 🧠 How autonomous AI reasoning systems are redefining cybersecurity research 📉 Why you can’t just “add AI” to security you have to rebuild the system around it 🎧 Full conversation goes LIVE tomorrow on AI Security Podcast. 👉 Subscribe on Apple, Spotify, YouTube, or LinkedIn to stay ahead. #AISecurity #CloudSecurity #AIResearch #CyberAutonomy #CyberSecurityPodcast
-
NYC cyber students: Meet our team at CSAW on November 6th Ronald Eytchison presents Buttercup, our Cyber Reasoning System that won DARPA's AIxCC $3M second place prize. Nov 6, 9:30am. Buttercup is now open-source! Ron will cover our technical approach, AI's role in our system, and the competition itself. https://lnkd.in/gYEeDgvk Don't forget to stop by our booth to explore open security engineering roles and internships with our Head of Talent, Carter Miller. trailofbits.com/careers
-
Trail of Bits reposted this
Excited to be back home in the city for NYBW & SmartCon. Looking forward to catching up with clients, partners, and friends throughout the week. If we haven't connected yet, feel free to DM me, Benjamin Samuels, or Carter Miller. Otherwise, see you at the main and side events!
NY Blockchain Week (Nov 3-7) brings institutional finance, government, and Web3 innovation to NY and we're in our element as a Brooklyn-based firm. We're attending SmartCon (Nov 4-5) and events throughout the week. Whether you're building the next generation of financial infrastructure or need to secure existing systems, let's talk about how we can help. Connect with our team at SmartCon and throughout NYBW to talk open roles and all things blockchain: * Benjamin Samuels, Head of Blockchain * John Mudry, Head of GTM * Carter Miller, Head of Talent (We’re hiring!) For thirteen years, we've secured the infrastructure bridging traditional and defi technology: cryptocurrency exchanges, digital asset custodians, DeFi protocols, and the Web2 systems connecting these worlds. We combine expertise across blockchain, cryptography, application security, and AI to build specialized consulting teams for each project's unique challenges. DM us to connect at the conference!
-
Nov 6: Our CEO, Dan Guido, and Security Engineer Riccardo Schirone discuss making Buttercup accessible for real-world security teams at Berkeley's online AI Cybersecurity workshop. Buttercup is Trail of Bits' cyber reasoning system that won second place and $3 million in DARPA's AI Cyber Challenge (AIxCC) at DEF CON 33, automatically discovering 28 vulnerabilities across 20 different vulnerability types and successfully applying 19 patches. https://lnkd.in/gaP5eKKg