Blog

How we made Trail of Bits AI-native (so far)

We had 5% buy-in and 95% resistance. A year later, AI-augmented auditors are finding 200 bugs a week on the right engagements. Here's the six-part operating system we built, open sourced, and are giving away.

Intent Over Tactics: A CISO's Guide to Protecting Your Crown Jewels

A practical guide to protecting your most critical assets when budget, head-count, and political capital are tight.

AppSec as Glue: Building Partnerships to Scale Security

Answers to additional audience questions from this BSidesSF 2025 panel on scaling security impact by building essential partnerships across teams

Security for High Velocity Engineering

Strategy and Tactics for Protecting and Enabling Modern Software Organizations

What sucks in security? Research findings from 50+ security leaders

A deep dive into what CISOs are actually complaining about

Systems Thinking for Cybersecurity Professionals

Let's hit RESET!

Sub-Venture Scale Security Problems

The Race to Make a Business of Secure Defaults

Don’t Security Engineer Asymmetric Workloads

Wiring a Winning Security Organization

Security is a Team Sport

A call to action, with practical advice

Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!

A threat-informed roadmap for securing Kubernetes clusters