Trail of Bits
High-end security research and engineering firm known for deep code audits, cryptography reviews, and smart-contract security work.
CompanyPenetration Testing Firms
Pricing: Custom (contact sales)
Updated June 2026.
What is Trail of Bits?
Co-founded in 2012 by Dan Guido and headquartered in New York City, Trail of Bits combines academic-style security research with hands-on engineering. The firm is best known for advanced software assurance work across cryptography, AI/ML, blockchain, and low-level systems, and for releasing widely used open-source tooling such as the Slither smart contract analyzer.
Best for: Crypto/DeFi protocols and security-conscious tech companies needing deep code, cryptography, and AI assurance work
Pros
- ✓ Strong academic and research-grade reputation with published peer-reviewed work
- ✓ Open-source tooling footprint including Slither, Echidna, Manticore
- ✓ Recognised leader in smart-contract auditing for top-tier protocols
- ✓ Engineering depth that translates findings into custom defensive tooling
Cons
- ✗ Premium pricing and limited bench means long lead times
- ✗ Highly specialised, not a fit for routine commodity pentesting
- ✗ No published price list; bespoke statements of work per project
Key Features
→Application and protocol security reviews
→Cryptography design and implementation audits
→Blockchain and smart-contract security assessments
→AI/ML system security and red teaming
→Reverse engineering and binary analysis
→Custom security tooling and engineering
→Threat modeling and secure development consulting
→Public-sector research and DARPA program execution
→Specialised training (Empire Hacking, Crytic)
What People Are Saying
Real discussions and resources from the community.
Quick Info
| Pricing | Custom (contact sales) |
| Model | Fixed-scope research engagements |
| Founded | 2012 |
| Cloud | No |
| Self-Hosted | No |
Last updated: Jun 2, 2026
Trail of Bits Alternatives
View All AlternativesBishop Fox
Offensive security firm pairing high-end penetration testing...IOActive, Inc.
Independent global research-driven security consultancy spec...Mandiant (part of Google Cloud)
Elite incident response and offensive security consultancy o...NCC Group
FTSE 250 global cybersecurity and software resilience firm o...Praetorian
Offensive security firm delivering continuous penetration te...
Offensive security firm pairing high-end penetration testing...IOActive, Inc.
Independent global research-driven security consultancy spec...Mandiant (part of Google Cloud)
Elite incident response and offensive security consultancy o...NCC Group
FTSE 250 global cybersecurity and software resilience firm o...Praetorian
Offensive security firm delivering continuous penetration te...
Certifications
SOC 2ISO 27001