Screener/Trail of Bits

Trail of Bits

Elite security research firm with growing AI/ML security auditing practice and open-source security tooling.

HQ🇺🇸 US
Est2012
Size51-200
trailofbits.com
Score
62.0 / 100
Evidence
7 items
Confidence
medium

Strong safety posture with established governance frameworks and active risk management.

Strengths:Governance Maturity, Technical Safety, Risk Assessment, Regulatory Readiness, External Engagement
Focus Areas
security auditingai/ml securityformal verificationopen source security tools

Strengths

  • Security posture assessed at 75
  • Technical score (72) indicates strong practices

Risks

No significant risks identified

Table of Contents

Security Assessment

Security-relevant indicators for vendor evaluation

Security Posture
65
TS-01dim: 72
Red Teaming & Pre-deployment Testing
Adversarial testing before deployment
TS-05dim: 72
Robustness & Adversarial Resilience
Resistance to adversarial attacks
RA-01dim: 58
Sector-Specific Risk Assessment
Risk analysis for deployment context
RA-03dim: 58
Dual-Use & Misuse Risk
Dangerous capability awareness
RA-07dim: 58
Incident History & Track Record
Past incidents and response quality
EE-04dim: 68
Vulnerability Disclosure Program
Bug bounty or CVE reporting process
Incident History
Trail of Bits incident records sourced from AIAAIC Repository and public reporting.
Integration: AIAAIC, OECD AI Incidents Monitor
Third-Party Audits
External audit reports, SOC 2 attestations, and ISO certifications verified where published.
Sources: Company filings, registry lookups
CVE & Disclosures
Known vulnerabilities and security advisories from NVD, GitHub Security Advisories, and vendor pages.
Sources: NVD, GHSA, vendor disclosure pages

Dimension Breakdown

GM
Governance Maturitypreliminary
Published policies, corporate structure, safety mandate, whistleblowing, executive commitment.
60
TS
Technical Safetypreliminary
Benchmarks, adversarial robustness, fine-tuning safety, watermarking, model cards, research output.
72
RA
Risk Assessmentpreliminary
Dangerous capability evaluations, thresholds, external testing, bug bounty, halt conditions.
58
RR
Regulatory Readinesspreliminary
ISO 42001, EU AI Act compliance, GPAI obligations, international commitments, incident reporting.
52
EE
External Engagementpreliminary
Survey participation, research support, transparency, behavior specs, open-source contributions.
68

Social Impact & Safety Profile

Moderate

Trail of Bits is a respected security research and consulting firm that has expanded into AI/ML security auditing. They audit AI systems for vulnerabilities, publish research on ML security, and develop open-source tools. Their work on AI supply chain risks and model security informs industry best practices.

ai security auditingml vulnerability researchopen-source tooling

Peer Comparison

Abnormal Security
B-52

Application Security

Compare
Snyk AI Security
B-52

Application Security

Compare
Zenity
B-48

Application Security

Compare
Confident Security
C+47

Robustness & Adversarial

Compare
Compare side-by-side →

Data Sources & Methodology

Scoring methodology v0.1 · 40 indicators · 6 frameworks

Last assessment: 2026-03-23 · Confidence: medium · Evidence: 7 items

NIST AI RMF · EU AI Act · ISO 42001 · FLI AI Safety Index · MLCommons AILuminate · METR

How is this company scored? →Full methodologyView in Screener

Scores reflect publicly available information. A low score may indicate limited transparency rather than poor safety practices.