We audited the Go language cryptographic library, used by thousands of libraries and millions of users.

Security report: https://github.com/trailofbits/publications/blob/master/reviews/2025-03-google-gocryptographiclibraries-securityreview.pdf

Our assessment uncovered one low-severity and five informational issues within the algorithms, following a comprehensive four-week review by three consultants focused on identifying cryptographic weaknesses such as side-channel attacks.

Beyond manual review, we created custom CodeQL and Semgrep rules for the project. We used these rules to:
- Identify memory management issues
- Analyze math.Big library usage (which "doesn't have strong constant time guarantees")
- Confirm that a detected bug was the only instance of that issue

Read their blog: https://go.dev/blog/tob-crypto-audit

If you are interested in learning more about how to securely design and build a cryptographic library or module, reach out to our engineering team: https://trailofbits.info/3YVvFXP

"Go Cryptography Security Audit" by Roland Shoemaker — https://go.dev/blog/tob-crypto-audit

#golang

Passkeys are the most important security technology of the past 10 years. You should know how they work.

Read the blog:
https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/

Do you know exactly what data was used to train your ML models?

Datasig generates fingerprints for AI training datasets that can help detect poisoning attacks without needing to store a dataset’s raw data.

Our new tool helps AI Bill of Materials (AIBOM) tools track datasets that are part of an AI model’s supply chain. Datasig’s fingerprints can trace a model’s data supply chain to determined if it was trained on data that was poisoned, erroneous, or contained sensitive information.

Read more about the tool: https://blog.trailofbits.com/2025/05/02/datasig-fingerprinting-ai/ml-datasets-to-stop-data-borne-attacks/

We slashed PyPI’s test suite execution time (down to 30s from 160), even as the community kept growing it from 3,900 to 4,700 tests! Faster tests remove friction for developers - enabling tighter feedback loops to catch problems early.

We combined four techniques to improve test performance with little to no added complexity to the test suite itself; you can do the same:
1. Parallelize with pytest-xdist
2. Use Python 3.12's sys. monitoring for coverage
3. Optimize test paths
4. Eliminate unnecessary imports

https://blog.trailofbits.com/2025/05/01/making-pypis-test-suite-81-faster/

my colleague @DarkaMaul has put out a new post on the @trailofbits blog on how we worked with @pypi's maintainers to slash PyPI test run times from ~160s to ~30s despite overall test counts growing by 17% (3900 to 4700+):

https://blog.trailofbits.com/2025/05/01/making-pypis-test-suite-81-faster/

this is some of my favorite kind of work: faster test suites means that developers run tests locally more often, and are less hesitant to add new tests (especially parametric ones). another great example of security and performance/reliability engineering dovetailing.

#opensource #security #python

Insecure credential storage plagues MCP. Many official & third-party tools (GitLab, Figma, Postgres) store plaintext API keys in world-readable files/logs, putting connected services at risk.

How keys leak:
1) Insecure config files (often `-rw-r--r--`) sourced by host apps
2) Credentials entered in chat, then logged insecurely

Both easily readable by local malware or other users. No complex exploits needed.

Read the full breakdown:
https://blog.trailofbits.com/2025/04/30/insecure-credential-storage-plagues-mcp/

We've discovered another MCP attack technique!

Attackers can hide malicious payloads using ANSI terminal escape codes. When your AI agent processes these invisible instructions, it can leak data or compromise your supply chain without you seeing anything suspicious.

Read the blog: https://blog.trailofbits.com/2025/04/29/deceiving-users-with-ansi-terminal-codes-in-mcp/

Your entire AI conversation history can be stolen

Read the blog: https://blog.trailofbits.com/2025/04/23/how-mcp-servers-can-steal-your-conversation-history/

Model Context Protocol (MCP) promises secure connections between AI models and external tools. However, malicious MCP servers can silently extract your complete conversation history, exposing sensitive information without your knowledge.

How the attack works:
Attackers insert malicious code into MCP tool descriptions that silently monitor conversations until specific trigger conditions are met. Once triggered, the entire conversation history is secretly forwarded to attacker-controlled servers without any user notification. These triggers are insidiously designed to activate during normal usage - from ubiquitous phrases like "thank you" to precisely targeted patterns such as bank account numbers, AWS keys at tech firms, or classified codes in government communications.

Attackers can use MCP servers to hack your system before tools are invoked.

We call this attack vector "line jumping." This is a critical vulnerability in which tool descriptions become prompt injection vectors during the initial tools/list request. This technique bypasses invocation controls, breaking connection isolation and rendering security checkpoints ineffective.

Even "human approval" fails: AI-enabled IDEs permit automatic execution, and users rarely recognize disguised malicious commands.

Read the blog: https://blog.trailofbits.com/2025/04/21/jumping-the-line-how-mcp-servers-can-attack-you-before-you-ever-use-them/

The AIxCC Finals are underway, with significant changes to DARPA's competition framework.

Teams can now develop autonomous systems capable of addressing vulnerability discovery and remediation at scale, moving from theoretical demonstrations toward practical security tools.

After advancing from last year's DEF CON semifinals, our CRS Buttercup now operates in a transformed technical environment featuring a $10,000 AI budget per round, custom AI model development capability, and more.

Learn more: https://blog.trailofbits.com/2025/04/21/kicking-off-aixccs-finals-with-buttercup/

i'm very excited about this new work my team at @trailofbits is doing: we're building an ASN.1 API for PyCA Cryptography, giving users direct access to the same memory-safe, high-performance DER parser that Cryptography already uses for X.509:

https://blog.trailofbits.com/2025/04/18/sneak-peek-a-new-asn.1-api-for-python/

Coming to PyCA Cryptography—a new Rust-powered ASN.1 API that reduces parser differentials while giving you clean Python syntax and native-speed parsing.

Why does Python need this? Most devs aren't working with ASN.1 daily, but many need custom encoding beyond standard X.509. Think extracting DER-encoded values from X.509 certs like sigstore custom extensions

Read the blog: https://blog.trailofbits.com/2025/04/18/sneak-peek-a-new-asn.1-api-for-python/

If you're seeing patterns of account access anomalies—including spikes in failed login attempts, unusual account recovery requests, suspicious two-factor authentication failures, or repeated password resets—either across many users or for a particular VIP account(s), it could be the sign of an Account Takeover (ATO). Our recently released white paper explains different vulnerabilities that can contribute to an attacker taking over accounts and how to proactively protect CEX users.
https://blog.trailofbits.com/2025/02/05/preventing-account-takeover-on-centralized-cryptocurrency-exchanges-in-2025/

@triskelion You can find all our public reports here: https://github.com/trailofbits/publications

Did you know that I'm co-organizing a supply-chain security mini-track at the #PyConUS2025 open spaces?

Open source users and maintainers are invited to attend for short talks and discussions with security-interested Pythonistas.

https://sethmlarson.dev/pycon-us-2025-security-mini-summit

#security #oss #pyconus #pycon

Our new Testing Handbook section on snapshot fuzzing helps security engineers test software that's traditionally difficult to analyze, such as kernel components and antivirus, where a single crash can take down the entire system.

Snapshot fuzzing captures memory and register states at critical execution points, allowing security engineers to:

- Test thousands of code paths without time-consuming system restarts
- Ensure fully deterministic testing where the same input always produces the same result
- Eliminate unreproducible crashes by starting each test from identical states
-Easily track code coverage and detect failures in emulated environments

In this section, we provide step-by-step instructions for building custom harnesses, fuzz campaigns, and more using What the Fuzz (wtf), an open-source snapshot-based fuzzer.

https://blog.trailofbits.com/2025/04/09/introducing-a-new-section-on-snapshot-fuzzing-for-kernel-level-testing-in-the-testing-handbook/

i'm proud to announce that we've just released `pip-audit` v2.9.0, which includes support for Python's newly standardized lockfile format!

TL;DR: you can now pass `--locked` to `pip-audit` when auditing a project structure to collect `pylock.*.toml` files. these files are much faster to audit than `pyproject.toml` and similar sources, since they don't require us to perform any resolution!

release notes: https://github.com/pypa/pip-audit/releases/tag/v2.9.0

#python #security #opensource

Hear Trail of Bits' Tjaden Hess explain the Bybit hack from a cryptography lens on Risky Business podcast #781. He covers offline data transfers, break glass procedures, and proper transaction visualization.

Podcast: https://youtu.be/DNAOwukOQi4?si=dVjTXUScUx8IR1dL&t=2582

For the full analysis, check out our recent blogs:

The $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived
https://blog.trailofbits.com/2025/02/21/the-1.5b-bybit-hack-the-era-of-operational-security-failures-has-arrived/

How Threat Modeling Could Have Prevented the $1.5B Bybit Hack
https://blog.trailofbits.com/2025/02/25/how-threat-modeling-could-have-prevented-the-1.5b-bybit-hack/

this makes me really happy: over 1/6th of the top (by download) Python projects are producing attestations!

that's a meteoric adoption rate, given that we only enabled attestation upload support on PyPI ~5 months ago!

tracker here: https://trailofbits.github.io/are-we-pep740-yet/

#python #opensource #security