Over two audits in 2023, we reviewed a blockchain system developed by Axiom that allows computing over the entire history of Ethereum, all verified by zero-knowledge proofs (ZKPs) on-chain using ZK-verified elliptic curve and SNARK recursion operations. This system is built using the Halo2 framework—a complex, emerging technology that presents many challenges when building a secure application, including potential under-constrained issues resulting from its low-level API.

Introducing the Custodial Stablecoin Rekt Test; a new spin on the classic Rekt Test for evaluating the security maturity of stablecoin issuers.

This post will examine the cryptography behind passkeys, the guarantees they do or do not give, and interesting cryptographic things you can do with them, such as generating cryptographic keys and storing certificates.

Datasig generates compact, unique fingerprints for AI/ML datasets that let you compare training data with high accuracy—without needing access to the raw data itself. This critical capability helps AIBOM (AI bill of materials) tools detect data-borne vulnerabilities that traditional security tools completely miss.

See how we slashed PyPI’s test suite runtime from 163 to 30 seconds. The techniques we share can help you dramatically improve your own project’s testing performance without sacrificing coverage.

This post describes how many examples of MCP software store long-term API keys for third-party services in plaintext on the local filesystem, often with insecure, world-readable permissions.

This post describes attacks using ANSI terminal code escape sequences to hide malicious instructions to the LLM, leveraging the line jumping vulnerability we discovered in MCP.

This post explains how malicious MCP servers can exploit the Model Context Protocol to covertly exfiltrate entire conversation histories by injecting trigger phrases into tool descriptions, allowing for targeted data theft against specific organizations.

This post is about a vulnerability in the Model Context Protocol (MCP) called “Line Jumping,” where malicious servers can inject prompts through tool descriptions to manipulate AI model behavior without being explicitly invoked, effectively bypassing security measures designed to protect users.

Trail of Bits’ Cyber Reasoning System “Buttercup” is competing in DARPA’s AI Cyber Challenge Finals, which now features increased budgets, multiple rounds, diverse challenge types, and the ability to use custom AI models.

We’re working on integrating an ASN.1 API into PyCA Cryptography, built on top of the same Rust ASN.1 implementation already used by Cryptography’s X.509 APIs.

This post describes a sophisticated social engineering campaign using Zoom’s remote control feature and provides technical solutions to protect organizations against this attack vector.

Snapshot Fuzzing enables security engineers to effectively test software that is traditionally difficult to analyze, such as kernels, secure monitors, and other complex targets that require non-trivial setup. Whether you’re auditing drivers or other kernel-mode components, including antivirus software, snapshot fuzzing provides a robust way to discover critical vulnerabilities. Consult our new Testing Handbook section for a walkthrough on how to conduct snapshot fuzzing on your system.

This post concludes a four-month performance study of OpenSearch and Elasticsearch search engines across realistic scenarios using OpenSearch Benchmark (OSB). Our full report includes the detailed findings and comparison results of several versions of these two applications.

You and your team should incrementally update your threat model as your system changes, integrating threat modeling into each phase of your SDLC to create a Threat and Risk Analysis Informed Lifecycle (TRAIL). Here, we cover how to do that: how to further tailor the threat model we built, how to maintain it, when to update it as development continues, and how to make use of it.