Trail of Bits @trailofbits
We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code. trailofbits.com New York, NY Joined March 2010-
Tweets4K
-
Followers38K
-
Following260
-
Likes532
INRIA researcher André Schrottenloher cracked the code first, but we improved upon his work in just a few days using this toolkit. Our jump-lowqubit circuit beats Google's qubit and gate metrics, and our shrunken-PZ circuit sets a new low-qubit record. github.com/trailofbits/tr…
We beat Google's quantum circuit again, and we didn't have to forge a proof this time. Today we're releasing trailmix, a toolkit for quantum "kickmix" circuits. It includes 5 new circuits we built for elliptic curve addition, the hardest part of Shor's algorithm.
In case anyone is wondering, our malicious skills bypass NVIDIA's new Skillspector too. Our analysis applies just as much to their new tool as the others we looked at. x.com/trailofbits/st…
We built four malicious skills to test whether skill scanners actually work. Three took less than an hour to conceive and implement. ClawHub, Cisco, and Vercel's skills.sh marked them as safe. 🧵
SEAL Certifications check the operational side of security, from multisigs and treasury to DNS, credentials, and incident response. If you want to get certified, contact us.
It's finally happening! SEAL Certifications are now open for business. 🎉
In our simplest bypass, we prepended 100,000 blank lines to a malicious skill. ClawHub's scanner truncated the file before reaching the payload, then marked the skill safe. blog.trailofbits.com/2026/06/03/the…
We built four malicious skills to test whether skill scanners actually work. Three took less than an hour to conceive and implement. ClawHub, Cisco, and Vercel's skills.sh marked them as safe. 🧵
Since Matt Green has now spoiled my favorite interview question, I’ll just say: if this is how you approach AI systems, apply to the role below and DM me. blog.cryptographyengineering.com/2026/05/29/foo…
PSA: If your project gets a ton of low quality vulnerability reports, you can filter those reports out with very little effort. All you need to do is update your project’s claude/agents.md file to set your preferred quality threshold and criteria. Use the researcher’s own tokens to verify their work. - clearly state your project’s threat model - give examples of a high/medium sev vulnerability. - instruct the model to spawn adversarial subagents to critique its work. - PoC or GTFO just because there is a mountain of security researchers out there who don’t know how to prompt/verify their work, doesn’t mean your project has to suffer in triage overhead
@trailofbits has markdown checklists for reviewing C and C++ codebases, and I’ve used those in conjunction with other Skills in Claude to get better results than the generic /security-review appsec.guide/docs/languages…
Re: Github Compromise, I vibed a VS Code extension security scanner. It correctly flags the TeamPCP-backdoored NX Console extension without prior knowledge. github.com/trailofbits/vs…
More on our @trailofbits audit. Scope: full on-chain review of the clock-in program. PDA derivations, ATA creation, CPI transfer behavior, penalty math, and logging pathways across deposit and withdrawal flows. Three findings. All resolved and verified in fix review. Report: github.com/trailofbits/pu…
We tested zizmor against 41,253 real workflows, found 4 anchor-handling bugs plus deserialization and expression-evaluator issues, and helped land 15 upstream fixes. CI configs that weren't fully scannable now are. blog.trailofbits.com/2026/05/22/we-…
A CI/CD compromise like Trivy → LiteLLM can multiply across the software supply chain. We hardened zizmor, the static analyzer for GitHub Actions, so it reliably catches more workflow misconfigs. 🧵
@trailofbits Claude Code skills for security research, vulnerability detection and more github.com/trailofbits/sk… #infosec #llm
.@obsdmd asked us to audit their Sync protocol. Our engineers delivered eleven findings. Five went above and beyond the original scope and found system-level issues that weren't specific to Sync itself. We see this pattern often with our clients. We respect scope as a delivery contract, but we have a professional obligation to surface what our engineers see. Anything they catch is flagged, and the client decides what to do. When a finding warrants it, the report includes an Exploit Scenario, the path from observation to working exploit. We take an attacker's mindset, and exploit scenarios show our clients what a bug costs them. With security-first teams like Obsidian, that meant five system-level findings that were either patched or explicitly acknowledged: 1. Math.random used for password and salt generation (High severity, medium difficulty) 2. Variable-time comparison of password-reset tokens and MFA recovery codes (High severity, high difficulty) 3. TOTP codes replayable within the validity window (High severity, high difficulty) 4. Plaintext storage of MFA secrets and recovery codes (High severity, medium difficulty) 5. Password reset without MFA (Medium severity, medium difficulty)
Two new security audits of Obsidian Sync by @cure53berlin and @trailofbits are now available on our Security page. All findings have been addressed via remediations and disclosures validated by the respective auditors. Read more: obsidian.md/blog/cure53-to…
Dan Guido, the CEO and cofounder of security firm Trail of Bits and a strategic adviser to mobile security firm iVerify, says a stolen phone may only be worth $50 to $200 when it is locked. “But if you unlock it, it’s worth $500, or it’s worth $1,000.” wired.com/story/your-iph…
@0xpinkman Does v0.3.1 fix your problem? github.com/trailofbits/tr… If not, do you have any more context on what's breaking?
Trail of Bits is so OG, this is a cool collab to see!
We were one of four initial grant recipients in @OpenAI's Trusted Access for Cyber program. Daybreak matters because frontier models now find bugs faster than maintainers can triage them, and that gap is about to get worse.
Two new security audits of Obsidian Sync by @cure53berlin and @trailofbits are now available on our Security page. All findings have been addressed via remediations and disclosures validated by the respective auditors. Read more: obsidian.md/blog/cure53-to…
pashov @pashov
42K Followers 2K Following Telegram https://t.co/qOHEkyaNYl Security audits @PashovAuditGrp Angel investing @PashovCapital
Patrick Collins @PatrickAlphaC
114K Followers 5K Following Co-founder of 🛡️@cyfrin | 🟪 @soloditofficial | 🦅 @codehawks | 🎓 @cyfrinupdraft | ⚔️ @battlechain
TrustSec @TrustSecAudits
24K Followers 492 Following Web3 security boutique, founded by @trust__90. Audits (150+), Partnerships (10+), Bug Bounties ($600k+), securing on-chain ecosystems one bug at a time.
sudo rm -rf --no-pres... @pcaversaccio
32K Followers 332 Following 𝐖𝐨𝐫𝐤𝐢𝐧𝐠 𝐨𝐧 𝐰𝐡𝐚𝐭'𝐬 𝐧𝐞𝐱𝐭. ꟼGꟼ: 063E 966C 93AB 4356 492F E032 7C3B 4B4B 7725 111F
obront | eth/acc @zachobront
16K Followers 2K Following cofounder @etherealize_io // prev @scribemediaco
Mudit Gupta @Mudit__Gupta
68K Followers 1K Following CTO @0xPolygon Labs | Intern @deq_fi | Blockchain Security Researcher | Ethereum & Web3 dev 🦇🔊
devtooligan (ai arc) @devtooligan
10K Followers 1K Following Resident @yAuditDAO 🤓 Building @zerocool_ai 🥶 CTO @round_ai_media 👁️ LSR @Spearbit 🧐 ETHSecurity Badge #51 @thedaofund
Yarden Shafir @yarden_shafir
25K Followers 317 Following A circus artist with a visual studio license
Adrian ⛩️ Hetman ... @adrianhetman
7K Followers 3K Following Weekly intelligence for Web3 security operators https://t.co/eNTQQelIQr | Crypto News at https://t.co/jkXFXwb8sZ | Ex Head of Triage at Immunefi
Richard Johnson @richinseattle
19K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFH
gmhacker @realgmhacker
6K Followers 758 Following aerospace engineer 🚀 Head of Security @immunefi 🪲 Advisory @felixprotocol 🐱 Taught @RareSkills_io 😎 Security Council '25 @arbitrum 🔑 views my own, NFA 🇵🇹
Joran Honig @joranhonig
6K Followers 1K Following Security Researcher 👨💻 | Professional Bug Bounty Hunter | Resider on the @immunefi leaderboard | On an independent arc
Federico Carrone @federicocarrone
9K Followers 3K Following talk is cheap, build @class_lambda C + rust + erlang + julia + λ. amateur in everything: distributed systems, ML, compilers, cryptography and investment.
mdowd @mdowd
33K Followers 754 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)
csanuragjain @csanuragjain
4K Followers 447 Following Web 3 Auditor - Elite All Star @immunefi - 20th rank - Code4rena All time Leaderboard - Security Researcher at @SpearbitDAO
David Wong @cryptodavidw
18K Followers 3K Following security @zksecurityXYZ & advisor @archetypeVC, author of Real-World Cryptography, prev: architect @Mina, sec lead Libra (@Facebook), crypto @NCCGroup
Clint Gibler @clintgibler
24K Followers 573 Following 🛡️ Leading Cyber at @OpenAI 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Kumar Kartikeya Dwive... @kkdwvd
161 Followers 4K Following
CarlosMB 🏖️ 💻 @CarlosMB138
378 Followers 679 Following 🌐 Cybersecurity Engineer | 🤖 MEV | 🤍🎩 |🏆 Chiliz Hackathon Winner (DeFi)
masterndys @masterndys
110 Followers 1K Following
Elchapo.js @bashysureboi
622 Followers 4K Following
Domagoj Vrataric @neumrli
192 Followers 389 Following AppSec engineer, vinyl record spinner, 3D printing enthusiast
on-going @inprogressongoi
0 Followers 7 Following
@zerotoempire @zerotoempire
4 Followers 83 Following
Mr. CÉÑTÍDÀH @iamcentidah
3K Followers 5K Following The hardest thing in my life has been learning which bridge 🛤️to cross🤝 and which bridge🛤️ to burn🔥
need3y @need3y117468
0 Followers 53 Following
ubqtos @ubqtos_io
28 Followers 964 Following next-frontier technologies + global knowledge systems + trust infrastructures. finally, service marketplaces where everyone prospers.
rgb @__rgb
0 Followers 257 Following
Prasad phalke @PrasadPhalke16
0 Followers 7 Following Cs student | learning security engineering | building in public
Enes Ünal @enesunaldev
1 Followers 29 Following Mathematics & Cryptography | Blockchain Protocols Building in crypto
artofblockchain.club @shubhadapande39
87 Followers 155 Following #blockchain #jobs #careers #web3 #hiringtrends #curatedjobs #blockchainhiring #discussionforum
Nova @getnovausd
24 Followers 79 Following Private by Design | Final by Default | Instant by Nature | Build on stable ground
Hanoi Primaris Space ... @caothudanhgiay
87 Followers 461 Following I’m not a good developer I just have one surprising skill that makes me incredibly effective My secret? I read docs.
Aanand S @au6695
0 Followers 60 Following
Bukmrk @Bukmrk
3 Followers 73 Following Bukmrk improves productivity and saves time by helping you get small file tasks done fast. Free tools to edit, crop, convert, resize, watermark, and more!
The Arcturian @SamBeckett__
30 Followers 93 Following there's no place like home 👠👠 h̷y̷p̷n̷o̷s̷i̷s̷
privacymage @privacymage
613 Followers 2K Following (⚔️⊥⿻⊥🧙)🙂 privacy, my blade, is value | decentralised AI, my spellbook, is the key. https://t.co/yFdv5n7v6v | https://t.co/307vNOtqTT
ZeroFieldZone @ZeroFieldZoned
17 Followers 34 Following
ArifieeMia @ArifieeM88304
312 Followers 3K Following
Myc Cellium @MycCelium
77 Followers 3K Following
NØNOS @nonossystems
3K Followers 39 Following NØNOS AGPL3-0 ~ Ephemeral, RAM-resident operating system ~ Cyberpunk privacy on Ethereum $NOX ~ https://t.co/QmAJDOKbEm
Md Ismail Šojal �... @0x0SojalSec
44K Followers 5K Following Cyber_Security_Re-searcher || Ai Re-searcher || AI-Sec|| Malware Analysis II iOS || Pwn || 0SINT || Project AI-StrikeSec || 0ldAccounts Suspended @0xSojalSec ||
Tconomist @0xTconomist
125 Followers 458 Following Cooking smth cool. Game theory and blockchain infra nerd. All opinions are my own, NFA, etc. prev vibed at @bloxroute @AlignPayments @hotspotty @pizza_dao
Zak Btc @btc_zak78742
0 Followers 146 Following
larmelli @lelloarmelli
65 Followers 278 Following
time @sometimetoo
21 Followers 722 Following
Franck Schneider @fsnuxer
101 Followers 1K Following
0xLight @Jade_Light_7
23 Followers 84 Following A junior student majoring in blockchain engineering,learning about smart contract auditing.
BioTurvaMies @BioTurvaMies
407 Followers 149 Following Bioturva- ja muut turvallisuusasiat, sekä klovnimaailman analyysiä. Ei kärsi toiminnallisesta häiriöstä vielä(kään), vaikka uutisoikin ME/CFS ja LC jutuista.
Blackrow @corbytheking
153 Followers 149 Following
Phil Vina @boubapeosalogou
5 Followers 540 Following
mirandoXdesdelanada @elonlatienegran
25 Followers 8 Following
A Travel Blog @atravel_blog
979 Followers 772 Following Welcome to the Travel & Food Info Blog. Information about 193 countries and their national dishes. 🌎✈️🧑🍳🥂
Patrick Collins @PatrickAlphaC
114K Followers 5K Following Co-founder of 🛡️@cyfrin | 🟪 @soloditofficial | 🦅 @codehawks | 🎓 @cyfrinupdraft | ⚔️ @battlechain
Jackson @sjkelleyjr
9K Followers 87 Following engineering leader @RobinhoodApp | ex-@AmazonAlexa | protected billions in value at @SecurityOak, @yAuditDAO, and more | lackadaisical angel investor
devtooligan (ai arc) @devtooligan
10K Followers 1K Following Resident @yAuditDAO 🤓 Building @zerocool_ai 🥶 CTO @round_ai_media 👁️ LSR @Spearbit 🧐 ETHSecurity Badge #51 @thedaofund
Yarden Shafir @yarden_shafir
25K Followers 317 Following A circus artist with a visual studio license
Dedaub @dedaub
10K Followers 105 Following Security audits, static analysis, realtime threat monitoring
alpharush @0xalpharush
9K Followers 2K Following
Josselin Feist @Montyly
5K Followers 1K Following Working on blockchain security & program analysis. Ex @trailofbits. DM for security reviews
Marcel Böhme👨�... @mboehme_
7K Followers 1K Following Software Security Group @maxplanckpress PhD @NUSComputing, Singapore Research Group: https://t.co/BRnFNNh6d9
offensivecon @offensive_con
28K Followers 1 Following OffensiveCon Berlin is a technical international security conference focused on offensive security only. Organised by @Binary_Gecko. Stay tuned #OffensiveCon26.
HypernativeLabs @HypernativeLabs
16K Followers 133 Following Detect and neutralize Web3 threats in real time. 200+ dApps, chains, wallets, and financial institutions rely on Hypernative to prevent hacks, exploits & fraud.
zeroShadow @zeroshadow_io
6K Followers 59 Following Web3 Cybersecurity | $300M+ in Crypto Recovered Security Risk Management, Threat Intelligence, Incident Response
OSTIF Official @OSTIFofficial
2K Followers 801 Following Non-profit org that connects open-source projects with security resources. We are the Open Source Technology Improvement Fund.
Python Package Index @pypi
23K Followers 11 Following The Python Package Index (PyPI) is the repository of software for the Python programming language. Pronounced 🥧 🫛 👁️
Aave @aave
698K Followers 63 Following The most trusted financial network. Earn, borrow, save, and swap.
Jules Drean @julesdrean
90 Followers 26 Following Co-founder of Tinfoil. Building news standards for verifiably private AI. MIT PhD in secure hardware and cryptography. Microsoft Research / NVIDIA.
Tinfoil @TinfoilAI
574 Followers 3 Following AI that keeps your data private at all times using secure hardware enclaves. It's fast, powerful, and fully verifiable.
Bloomberg @Bloomberg
1.1M Followers 46 Following Connecting decision makers to a dynamic network of information, people and ideas.
Charles Guillemet @P3b7_
44K Followers 343 Following CTO at @ledger. Busy securing the blockchain revolution. Cryptography, (Hw) Security, Tech, Blockchain. Previously built the Donjon (@DonjonLedger)
Bloomberg @business
10.2M Followers 105 Following The first word in business news | Watch Live: https://t.co/nHEpHOAfg3 | Newsletters: https://t.co/nWaCxHTiks | Podcasts: https://t.co/096e9xMJF7
🤖 @phildaian
24K Followers 1K Following ex-programmer, failed Phil/osopher. resident painter ⚡️🤖, card carrying member of the linux militia. been laying groundwork for a punchline that never landed
Lord Cyberjev 🛡️ @cyberjev
25 Followers 43 Following 🧠 DeFi & on-chain narratives • • Learning in public
Dawn Song @dawnsongtweets
37K Followers 830 Following Professor in Computer Science at UC Berkeley, co-Director of Berkeley RDI Center; Building safe, secure, decentralized AI; Serial entrepreneur
Security Alliance @_SEAL_Org
21K Followers 100 Following Securing the future of crypto | Cover art by @yueko__ | Emergencies: https://t.co/DAAyAETsY4
vxdb @vxdb
25K Followers 485 Following Journalist | Cybercrime News | Staff @vxunderground | PGP - https://t.co/VWwniNXrEc
Luke Jahnke @lukejahnke
3K Followers 6K Following
yoni rechtman @yrechtman
15K Followers 1K Following digitally native vertical boy | partner @slow | writing a weekly newsletter
Artur Cygan @arturcygan
201 Followers 382 Following Digging deeper @trailofbits. CTFs with @justCatTheFish.
Chainguard ⛓️ @chainguard_dev
6K Followers 116 Following The trusted source for open source (& memes).
PortSwigger @PortSwigger
106K Followers 23 Following We are a leading provider of software and learning on web security. We make @Burp_Suite and @WebSecAcademy.
Optimism Governance @OptimismGov
30K Followers 13 Following The official Optimism Governance account.
Nicole Perlroth @nicoleperlroth
85K Followers 6K Following told the story of cyber; now doing everything in my power to change the story of cyber
DARPA @DARPA
281K Followers 389 Following Official account of the Defense Advanced Research Projects Agency. Follows/retweets/links do not = endorsement. Breakthrough technologies for national security.
Trail of Blocks @trailofblocks
1K Followers 4 Following Featuring the @TrailofBits Blockchain team. We're Hiring!
White House Office of... @ONCD
28K Followers 65 Following ONCD’s mission is to advance national security, economic prosperity, and technological innovation through cybersecurity policy leadership.
technovision99 @technovision99
769 Followers 2K Following what's blockchain || security engineer @asymmetric_re || prev @trailofbits || views my own (obviously)
Tyler Sorensen @Tyler_UCSC
1K Followers 888 Following Visiting researcher at Microsoft Research and Assistant Professor at UC Santa Cruz in CS Interested in PL/compilers/security for GPUs and heterogeneous systems
zkSecurity @zksecurityXYZ
7K Followers 17 Following Security audits, development, and research for ZKP, MPC, FHE, PQC, and more generally advanced cryptography. Contact us: [email protected]
Tjaden Hess @tjade273
623 Followers 871 Following Your local trusted third party. ML Security, cryptography, etc @TrailOfBits
Cloud Security Podcas... @CloudSecPod
4K Followers 1 Following Award Winning Top 10 Ranked CyberSecurity Podcast in US,UK and Aus. Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Host: @hashishrajan
L2BEAT 💗 @l2beat
42K Followers 226 Following L2BEAT is an open-source, public-good analytics and research platform dedicated to L2 scaling solutions 💗
Gauntlet @gauntlet_xyz
35K Followers 183 Following Institutional-grade vault strategies for DeFi. Risk managed on systems built by the most vigilant quants in crypto.
Blockworks Research @blockworksres
40K Followers 40 Following The best research, data, and governance insights all in one place.
johnny cache @johnycsh
407 Followers 792 Following Author, Operator, Hacker. (former member of the deep-state) Find me on Bluesky: @johnycsh.bsky.social
Gene Meltser @gmeltser
175 Followers 190 Following Help you put cyber into your cyber, so you can cyber while you cyber
Carter Miller @Carter_RunSybil
667 Followers 587 Following Currently working at @runsybil! Building something awesome. Come join! https://t.co/GGLYG6lLfI
Chris Dahlheimer @tweet_c_d
62 Followers 154 Following Senior Sales Engineer at Trail of Bits @trailofbits. Tweets on #CyberSecurity and #SoftwareSecurity.
Ryan Lackey @octal
16K Followers 7K Following Cypherpunk and entrepreneur CSO, Evertas Insurance “Sovereign is he who decides on the exception.” https://t.co/4UYkCeE1EC
Benjamin Samuels @thebensams
6K Followers 921 Following I like cryptography, long walks on the beach, and novel testing techniques. Engineering Director of the Blockchain team @trailofbits.
i✌️erify @IsMyPhoneHacked
2K Followers 43 Following Advanced Mobile EDR for iOS & Android: Detect spyware, smishing, social engineering, and SIM swap attacks in real time.You might like
