[go: up one dir, main page]

Security auditing for the AI era.

AI systems can now find and exploit implementation bugs at scale. The audits that matter are the ones that go deeper—evaluating protocol architecture, cryptographic design, and threat models. That is what we do, and it is what we have done across more than 250 engagements.

Secure Your Architecture
Security auditing for the AI era.

Design-level security audits

Our audits evaluate the decisions that were made before the first line of code was written. We assess protocol architecture, cryptographic primitive selection, key management design, and threat model completeness—alongside the implementation review that verifies these decisions were correctly realized.

Design-level security audits

What we evaluate

  • Protocol architecture and cryptographic design choices.
  • Threat models: what adversary capabilities were assumed, and whether those assumptions still hold.
  • Implementation fidelity: whether the code correctly realizes the design, across JavaScript, TypeScript, Go, Rust, Swift, Java, .NET, and others.
  • Post-quantum readiness: migration paths for systems that need to survive the next decade.
Secure Your Architecture

Our impact

Some of the organizations we have worked with.

Native Labs

We evaluated the Native Labs smart contracts across performance, security, interoperability, on-chain and off-chain transaction flows, liquidity models, and user experience.

Native Labs
  • Assessed operational efficiency with emphasis on gas usage, scalability, and transaction speed.
  • Examined integration capabilities with both internal and third-party entities.
  • Investigated transaction handling for accuracy, security, and effectiveness.
  • Evaluated how the smart contracts impact the overall user experience.
View Report

Linux Foundation Public Health

Symbolic Software was commissioned by the Linux Foundation for Public Health to conduct a thorough audit of some of the most widely used COVID-19 contact tracing applications in Europe.

Linux Foundation Public Health
  • Detailed analysis of smartphone applications built around the Google Apple Exposure Notification (GAEN) API, used by the Irish and Canadian governments.
  • Identified potential vulnerabilities within the seemingly simple design and reliance on the GAEN platform.
  • Uncovered potential issues that may contravene the European General Data Protection Regulation (GDPR).
  • Examined target security goals and created a threat model for the overall application stacks.
View Report

1Password

The extensive pentest report on 1Password B5, conducted in collaboration with Cure53, included Symbolic Software’s contributions that:

1Password
  • Affirmed the robustness of 1Password's security measures.
  • Highlighted the critical role of key rotation in vault security.
  • Identified potential vulnerabilities of 1Password vaults to server compromise.
  • Stressed the need for robust public key validation to preempt possible attacks.
View Report

Mozilla Thunderbird

In 2017, Symbolic Software collaborated with Cure53 to audit Mozilla Thunderbird. Together we:

Mozilla Thunderbird
  • Detected a critical vulnerability in Mozilla Thunderbird's Enigmail.
  • Outlined potential exposure of encrypted messages to attackers.
  • Evaluated the exploitation risk combined with successful social engineering.
  • Identified potential confidentiality compromises.
View Report

We’ve also worked with

bitwarden coinbase concordium dashlane digify ente ethereumfoundation expressvpn metamask nordvpn taurus zoom

Ready to secure your architecture?

AI is changing what attackers can do. We help you change what they find.

Secure Your Architecture