Founded in 2012 and headquartered in New York, Trail of Bits provides technical security
assessment and advisory services to some of the world’s most targeted organizations. We
combine high-end security research with a real-world attacker mentality to reduce risk and
fortify code. With 100+ employees around the globe, we’ve helped secure critical software
elements that support billions of end users, including Kubernetes, the Linux kernel, and the
free AlgoVPN software.
We specialize in software testing, code review, and threat modeling projects, supporting
client organizations in the technology, defense, and finance industries, as well as
government entities. Notable clients include HashiCorp, Google, Microsoft, Western Digital,
and Zoom.
In addition to dedicated teams focusing on application security, cryptography, blockchain
security, and emerging platforms security, Trail of Bits has a machine learning (ML) practice
that creates tools and techniques for the exploration of new attack surfaces and failures
that can lead to the degradation of model performance, exploitation of ML system assets,
and manipulation or lack of robustness of resulting ML outputs. Trail of Bits has also
created and maintains more than 200 free and open-source tools (available in our GitHub
repositories) and offers research and engineering services for the public and private
sectors.
In recent years, Trail of Bits consultants have showcased cutting-edge research through
presentations at CanSecWest, HCSS, Devcon, LangSec, the Linux Security Summit, the
O’Reilly Security Conference, PyCon, RWC, REcon, and SummerCon.