Explore

let-fate-decide

solana-vulnerability-scanner

c-review

Kiln Lagoon Vault Diff Review

audit-augmentation

devcontainer-setup

diagramming-code

differential-review

genotoxic

graph-evolution

sharp-edges

trailmark

trailmark-structural

trailmark-summary

agentic-actions-auditor

burpsuite-project-parser

codeql

designing-workflow-skills

dimensional-analysis

dwarf-expert

entry-point-analyzer

firebase-apk-scanner

fp-check

git-cleanup

insecure-defaults

interpreting-culture-index

mutation-testing

sarif-parsing

seatbelt-sandboxer

second-opinion

semgrep

semgrep-rule-creator

semgrep-rule-variant-creator

skill-improver

supply-chain-risk-auditor

zeroize-audit

Ripple Labs XRP Ledger Confidential Transfer

PyPI Warehouse

Franklin Templeton BenjiSwap Differential Review

Gensyn Buyback-and-Burn Vault

Gensyn Bridged Token

Gensyn Delphi Dynamic Paramutuel Markets

cosmos-vulnerability-scanner

crypto-protocol-diagram

mermaid-to-proverif

vector-forge

aflpp

gh-cli

Open Home Foundation SecureTar v3

Anza BLS Signatures

Shape TokenLock

EthStaker Deposit CLI

testing-handbook-generator

variant-analysis

audit-context-building

spec-to-code-compliance

debug-buttercup

property-based-testing

Risky Biz

What's in the SOSS? 53

Offchain Labs Arbitrum Quorum Changes

NEAR One Robust ECDSA

DV Labs Charon Pedersen DKG

Aave v4

Chainlink LlamaRisk LlamaGuard NAV CRE

yara-rule-authoring

algorand-vulnerability-scanner

ask-questions-if-underspecified

audit-prep-assistant

cairo-vulnerability-scanner

code-maturity-assessor

guidelines-advisor

modern-python

secure-workflow-guide

substrate-vulnerability-scanner

token-integration-analyzer

ton-vulnerability-scanner

claude-in-chrome-troubleshooting

address-sanitizer

atheris

cargo-fuzz

constant-time-analysis

constant-time-testing

coverage-analysis

fuzzing-dictionary

fuzzing-obstacles

harness-writing

libafl

libfuzzer

ossfuzz

ruzzy

wycheproof

How we made Trail of Bits AI-Native (so far)

Offchain Labs Arbitrum Nitro External DA

Anza Token-2022 Confidential Transfer, Cryptography

Calyx Institute HSM Provisioning Ceremony Scripts

BSV Blockchain TS-SDK

Bron Labs MCP Library

Anza Token-2022 Confidential Transfer, Blockchain

TONCO CLAMM DEX v1.6

Insecure Agents 18

Top TEE bugs you should fix before your audit

Building secure end-to-end encrypted systems

Offchain Labs Arbitrum ArbOS 50 and 51 (Fusaka)

Offchain Labs Arbitrum Chains Genesis File Generator

NEAR One Confidential Key Derivation

After Wiretap and Battering RAM: What Changes for TEE-Based Blockchain Infrastructure

Zama

X XChat

Edera Runtime Container

VeChain VeChainThor Hayabusa Upgrade

Franklin Templeton BenjiSwap Contract

Radius Technology EVMAuth

Detecting Implicit Conversions in OpenVPN2 Using CodeQL

Risky Biz

Zero Signal

DFINITY Orbit

DFINITY Oisy

Gensyn ERC-20 Token

Shape Buyback Contract

Unsupervised Learning

Security Weekly 342

CTF Radiooo 01E

Google Longfellow

Meta WhatsApp Private Processing

Gemini Smart Wallet

Ava Labs AvalancheGo

Starkware StarkEx Diff

EVAA Finance

MCP Security Deep Dive: From Attacks to Defense

Offchain Labs Upgrade Executor

Scroll Feynman Upgrade Smart Contract Changes

Swap Coffee TON DEX

Click Here Show

Security Weekly 336

Protect AI

Offchain SetCoreGovernorQuorumAction

Offchain Arbitrum Mint/Burn Precompile

Offchain Arbitrum Block Hash Pusher

Reserve Protocol Solidity 4.0.0

Discord E2EE WebAssembly

Open Source Security

Offchain ArbOS 40 Nitro

NEAR One PedPop+

libVLC

Shape Token Contract

CAP Labs Covered Agent Protocol

Fabric Labs Zipper Protocol

FIVA Yield Protocol

FIVA Evaa Integration

Whales Holders

Whales Nominators

MLSecOps

Risky Biz 786

Offchain Reward Distributor Fixes

Reserve Protocol Solana DTFs

Reserve Folio Solidity-Based Contracts

Scroll Euclid Phase 2

Scroll Euclid Phase 1

Open Quantum Safe liboqs

Lagrange LAToken

Serai DEX

Security Weekly 323

Xyonix

Security Audits: Best Practices with Trail of Bits

Offchain Sequencer Liveness

Offchain Custom Fee Bridge & EIP-7702

Offchain Geth 14.4 Pectra

Offchain Custom Fee Exchange Rate

Offchain Security Council Rotation

Offchain DisableGateway USDT

NEAR One MPC Chain Signatures

Go Crypto Libraries

Zkonduit EZKL

Otim Smart Wallet

Preventing Account Takeovers on Centralized Cryptocurrency Exchanges Recommended Practices

The Impulsive Thinker

NATS Server

Automata

Franklin Templeton Benji Contracts

zkVerify

Buttercup: Autonomously Finding and Fixing Bugs at Scale in Open-Source Software

Buttercup: The Future of Trail of Bits' Solution to DARPA's AI Cyber Challenge

Buttercup and DARPA's AI Cyber Challenge, Ringzer0

Our experience competing in the AI Cyber Challenge

Mutation Testing with Slither: A New Way to Find High-Severity Issues

Slither's Model Context Protocol: Giving LLMs Ground Truth from Static Analysis

The $1.5B Problem: How Exchanges Can Build Safer Cold Storage

How to Become a Smart Contract Auditor

Constant-Time Coding Support in LLVM

Cut To The QUIC: Slashing QUIC's Performance With A Hash DoS

One, Two, TEE: Trust in Numbers Meets Hardware Security

Repeatable Benchmarking: An Exploration of OpenSearch vs Elasticsearch

Weaponizing Image Scaling Against Production AI Systems

Indirect Prompt Injection: Architectural Testing Approaches for Real World AI/ML Systems

From Polyglots to Prompt Injections: Parsing is Still Execution (And Your LLM Didn't Get the Memo)

Frontier AI in Cybersecurity: Risks and Opportunities

macOS Privilege Escalation Via Traceroute6

Attestations: a new generation of signatures on PyPI

ZetaChain Bitcoin Inscriptions

Bunni v2

Everstake Staking

Parabol Smart Contracts Updates

BeethovenX Sonic Staking

ZetaChain Solana Gateway

STON.fi DEX V2

Tact Compiler

Shape Gasback

Denial of Service in protobuf-python

Vulnerabilities in LUKS2 disk encryption for confidential VMs

Prompt injection to RCE in AI agents

Code integrity bypass in Electron applications

Weaponizing image scaling against production AI systems

Prompt injection engineering for attackers: Exploiting GitHub Copilot

Memory corruption in NVIDIA Triton Inference Server

Exploiting zero days in abandoned hardware

MCP plaintext API key storage

MCP ANSI escape sequence attacks

MCP Line Jumping vulnerability

User to root privilege escalation from an integer overflow in libinfo

Input-Driven Recursion: Ongoing Security Risks

Offchain BoLD Fixes

Scopely Monopoly Go!

Aligned

Istio Ztunnel

RubyGems.org

Balancer v3

ULTI

EthStaker Deposit CLI

PixelSwap DEX

Arkis Prime

Kraken Wallet In-App Browser

Nomic

Plume

Orga and Merk

Bugcrowd

Risky Biz

Offchain Stylus Emergency Fixes

Offchain BoLD History Commits

Offchain Nitro with BoLD

Franklin Templeton Aptos

Offchain Stylus

Discord DAVE

Kraken Wallet iCloud Backup

Treehouse tETH Protocol

OpenSearch Benchmark Assessment

Cedar, Rego, and OpenFGA Policy Languages: Comparative Language Security Assessment

Risky Biz 759

Offchain RARI

Offchain Office Hours Action

Offchain Timeboost Auction

Offchain Orbit Actions

Discord DAVE

Elixir Protocol

Onchain Pass

Offchain USDC Gateway

Uniswap v4 Core

Hugging Face Gradio

Taraxa Ficus Bridge

Mastering Web Research with Burp Suite

Offchain BoLD & DAC Rewards

Scroll zstd Compression

Lit Protocol Cait-Sith

Zoo KittyCAD

Devcon Auction Raffle

Aladdin f(x) Oracle

Resilience Rundown

Offchain Arbitrum Stylus

Polygon Labs Iden3 Circuits

Panoptic

AiLayer 6079 Contracts

Hydrogen Rover Protocol

Lisk Smart Contracts

Parabol Smart Contracts

Wonderland Prophet

Risky Biz

Offchain L1-L3 Teleporter

Offchain ArbOS 31

Offchain ArbOS 30 Nitro

Offchain BoLD

Scroll ZkEVM 4844 Blob

Iron Fish FishHash

MLSecOps March 20

Introduction to CodeQL: Examples, Tools and CI Integration

Curvance

SEDA Chain Token Migration

Lisk Smart Contracts

Bondex Smart Contracts

Aladdin f(x) Protocol

Puffer Finance Contracts

Intuition

TON Foundation Multisignature Wallet

Offchain ArbOS

Uniswap Browser Extension

Silence Laboratories Silent Shard

Helios Global

ScopeLift Stealth Addresses

A Broad Comparative Evaluation of Software Debloating Tools

PolyTracker: Whole-Input Dynamic Information Flow Tracing

Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation

Design and Implementation of a Coverage-Guided Ruby Fuzzer

Test Harness Mutilation

VAST: MLIR compiler for C/C++

PoTATo: Points-to analysis via domain specific MLIR dialect

Buttercup and DARPA's AI Cyber Challenge, CSAW

A Broad Comparative Evaluation of Software Debloating Tools

Repurposing LLVM analyses in MLIR: Also there and back again across the tower of IRs

Weak Fiat-Shamir attacks on modern proof systems

Building a Rusty path validation library for PyCA Cryptography

Implementing X.509 path validation for Python

Introduction to Semgrep

The Present and Future of AI and Security

Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs

Holistic ML Threat Models

The Next 5 Years of Supply Chain Security on PyPI

PEP 740 and PyPI: Bootstrapping Provenance for the Python Ecosystem

Imagining a zero-trust future for PyPI

Build Provenance: Lessons (so far) from Homebrew

Introduction to Semgrep

Offchain Arbitrum

Snow

Kraken Mobile Wallet

MetaLayer Blast

Cryptography bugs in elliptic library

Crash due to uncontrolled recursion in Well-KnownText

Crash due to uncontrolled recursion in innerForbidCircularReferences

Crash due to uncontrolled recursion in Wire

Crash due to uncontrolled recursion in protobuf crate

Denial of Service in XStream

Denial of Service in protobuf-java

Insufficient validation of integration timestamp in sigstore-python

Rust crates "stable" and "nightly" might be installed instead of the corresponding toolchains

num-bigint disclosure

Memory corruption during X.509 validation in GnuTLS

Linux kernel modules kASLR bypass

Pedersen DKG vulnerability disclosure

LeftoverLocals disclosure

yWhales

Automated Artifical Intelligence Bill Of Materials for AI/ML Ops

Offchain Token Bridge Creator

Eclipse Temurin

Arch Linux Pacman

cURL HTTP3

Unibot Router

Acronym Foundation

Pyth Entropy

Opus

Open-Source Software Security: Areas of Long-Term Focus and Prioritization

Ockam

Dfinity Candid

Immutable Bridge

Solang Code Generation

Solang Code Generation, Part 1

YOLOv7

Axiom Halo2 Library Upgrades

Aleo snarkVM, snarkOS, BullsharkBFT

Salty.IO Protocol

Spiko Smart Contracts

Squads V4

Offchain Custom Fee Token

Scroll ZkEVM Wave 3

Uniswap

Lisk SDK 6.1 modules

OpenSSL

PyPI Warehouse

wasmCloud

Hyperlane v3

Elixir Contracts

Solang Parser and Semantic Analysis

Offchain Arbitrum Challenge v2

Scroll l2geth (diff)

Scroll l2geth (initial)

Scroll ZkEVM Wave 2

Worldcoin

Homebrew

DigitalOcean OIDC

Flux

NZDD token

Immutable

Aura

Berachain polaris-geth

Understanding the National Security Implications of AI

Scroll zkTrie

Lisk SDK

DragonFly2

dappOS v2 wallet

Sandclock

Arcade

Solang Solana Library

AI Accountability, Regulation, and Audits

A Comprehensive Risk Assessment Framework for AI Assurance in Ethical, Legal, and Societal Domains

Axiom Halo2 Libraries

Dfinity ckBTC and BTC Integration

Dfinity SNS Phase 2

Thesis tss-lib BitForge

Nested Tetris/HyVM

Berachain berachain

Risky Biz 707

FraxGov

Eclipse JKube

Franklin Templeton

Scroll ZkEVM Wave 1

Chainflip

Chainflip

Prysm

Ajna Protocol

Raft

MYSO v2

Smardex AMM

Toward Comprehensive Risk Assessments and Assurance of AI-Based Systems

Understanding Crypto Markets Security

SafeTensors

Eclipse Mosquitto

Eclipse Jetty

Spool Platform

WalletConnect v2.0

Waymont

Atlendis

Primitive Hyper

Wormhole Governors and Watchers

ASW 229

Stealth Addresses

Succinct ZK Light Client

Succinct Light Client

Nested Finance

Token-2022 Program

Careful with MAc-then-SIGn: A Computational Analysis of the EDHOC Lightweight Authenticated Key Exchange Protocol

Weak Fiat-Shamir Attacks on Modern Proof Systems

Endoprocess: Programmable and Extensible Subprocess Isolation

CIVSCOPE: Analyzing Potential Memory Corruption Bugs in Compartment Interfaces

Detecting variability bugs through hybrid control and data flow analysis

Blind Spots: Automatically detecting ignored program inputs

Efficient Proofs of Software Exploitability for Real-world Processors

Toward Comprehensive Risk Assessments and Assurance of AI Systems

Your Mitigations are My Opportunities

Detecting variability bugs with hybrid control and data flow

Blind Spots: Identifying Exploitable Program Inputs