Trail of Bits engineers contributed over 375 merged pull requests to more than 90 open-source projects in 2025, including significant work on Sigstore rekor-monitor, the Rust compiler and Clippy, pyca/cryptography’s ASN.1 API, hevm performance optimizations, PyPI Warehouse, and pwndbg.
We collaborated with the Sigstore community to build cryptographic agility into the software signing ecosystem, enabling organizations to use different signing algorithms while maintaining security through predefined algorithm suites and out-of-band configuration rather than dangerous in-band signaling.
We exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from the dissemination of false information to cross-site data leaks. These attacks resurface decades-old patterns of vulnerabilities that the web security community spent years building effective defenses against.
