Security auditing
for the AI era.

AI systems can now find and exploit implementation bugs at scale. The audits that matter go deeper: evaluating protocol architecture, cryptographic design, and threat models before the first line of code, and verifying implementation fidelity afterwards. Each engagement led by a senior cryptography expert, not a junior analyst running a scanner.

audit-deliverable · findings.md
Drafting
ID Severity Title
  1. F-001 CRIT Authentication bypass via legacy-mode downgrade
  2. F-002 HIGH AEAD nonce uniqueness not preserved under concurrency
  3. F-003 HIGH Public key not validated to correct subgroup
  4. F-004 HIGH Padding oracle in legacy CBC fallback path
  5. F-005 MED Constant-time leak in ECC scalar multiplication
  6. F-006 MED Domain separation tag collision risk in KDF
  7. F-007 MED Replay window unbounded under burst conditions
  8. + 5 more findings
⊕ 12 findings · 1 critical · 3 high · 5 medium · 3 informational Symbolic Software · Deliverable

Security services

01 / Protocol architecture

Protocol design review

Key exchange, authentication flows, session management, state machines. We evaluate the architecture before the first line of implementation code.

02 / Cryptographic design

Primitive selection & composition

Are the chosen primitives appropriate for the threat model? Do they compose correctly? AEAD, KDF, signature, KEM — every choice scrutinized.

03 / Threat modeling

Adversary capability assessment

What did the design assume the adversary can do? Are those assumptions tight? AI bug-finders cannot challenge threat models — humans must.

04 / Implementation fidelity

Cross-language code review

Does the code correctly realize the design? Go, Rust, TypeScript, Swift, Java, .NET, C, Solidity. Full-source audits, not scanner reports.

05 / Post-quantum readiness

PQ migration assessment

Is your system positioned to survive the next decade of cryptanalytic advances? KEM hybridisation, signature strategy, library and protocol fitness.

06 / Formal verification

Machine-checked proofs

Symbolic verification of protocol correctness in Verifpal, ProVerif, or Tamarin — and critical review of formal-verification claims others have made about code you depend on.

CE Labs libcrux 2026

When 'verified' isn't: critical analysis of a high-assurance library

Five findings across CE Labs' libcrux cryptographic library, marketed as formally verified. We documented structural gaps in Cryspen's hax verification pipeline that libcrux's proofs rely on, ML-DSA implementation issues, and limitations in their TLS approach. Two papers and an OSTIF talk followed.

  • 5 distinct bug findings across libcrux's verified-marketed code
  • Structural gaps in Cryspen's hax verification pipeline
  • ML-DSA conformance issues caught by Crucible
  • Verification facade: proofs that didn't cover what the marketing claimed
libcrux Review of a “formally verified” library Symbolic Software · 2026
  1. F-01runtimeML-KEM decompression: 1664 where pow2 (d−1) belongs
  2. F-02proofSerialization proof claims bound 1; code allows 12
  3. F-03fipsML-DSA verifier norm check missing (FIPS 204)
  4. F-04fipsHint deserialization accepts malformed hints
  5. F-05proofAVX2 axiom models x·x where hardware does x·y
Verification Theatre · eprint 2026/192 2 papers · 1 talk
Telegram MTProto 2026

Telegram's MTProto: deanonymization potential for a network attacker

A technical review of Telegram's MTProto protocol under a network-attacker threat model, commissioned in 2025 by Global Network Solutions and made public in 2026 through a Swiss court filing. Conducted under editorial-independence terms reproduced verbatim in the report.

  • 64-bit auth_key_id exposed in cleartext on every message, on every platform tested
  • Telegram Desktop uses port 443 without TLS — verified four independent ways
  • Identifier persists across app restarts, IP changes, and network switches
  • Full editorial control retained by Symbolic Software, per Section 2.4 of the report
GNMX-01 MTProto — deanonymization potential for a network attacker Symbolic Software · commissioned 2025
  1. F-01critauth_key_id in cleartext on every message
  2. F-02highTelegram Desktop: port 443, without TLS
  3. F-03medIdentifier survives restarts, IP & network changes
  4. §2.4noteFull editorial independence, reproduced verbatim
Public via Swiss civil filing 2026
dWallet Labs 2024

2PC-MPC threshold signature audit, in Rust

We reviewed the dWallet Labs 2PC-MPC threshold-signature implementation in Rust. The audit covered MPC ceremony correctness, secret-sharing validity, primitive composition, and side-channel exposure across the signing protocol.

  • Threshold protocol correctness across the full signing flow
  • MPC ceremony robustness under partially-malicious participants
  • Cryptographic primitive use and composition
  • Rust-specific implementation hardening
dw-01 2PC-MPC threshold signatures, in Rust Symbolic Software × 3MI Labs · 2024
  1. S-01Threshold correctness across the signing flow
  2. S-02Ceremony robustness, partially-malicious parties
  3. S-03Primitive use and composition
  4. S-04Rust-specific implementation hardening
Public report · dw-01.pdf 2024
Native Labs 2023

Smart contract architecture audit

We evaluated the Native Labs smart contracts across performance, security, interoperability, on-chain and off-chain transaction flows, liquidity models, and user experience. Special attention to gas efficiency at the design level.

  • Operational efficiency, with emphasis on gas, scalability, and transaction speed
  • Integration with internal and third-party entities
  • Transaction handling for accuracy, security, and effectiveness
  • Smart-contract impact on the overall user experience
nat-001 Smart-contract architecture audit Symbolic Software · 2023
  1. S-01Gas efficiency at the design level
  2. S-02On-chain and off-chain transaction flows
  3. S-03Liquidity models and scalability
  4. F-02medCold-storage gas spike in transfer path
Public report · nat-001.pdf 2023
1Password Multiple engagements · in collaboration with Cure53

Password manager B5 architecture & key rotation

Pentest of 1Password B5, conducted in collaboration with Cure53. Our contribution focused on key rotation correctness, vault security under server compromise, and public-key validation hardening.

  • Affirmed the robustness of 1Password's key-management architecture
  • Highlighted the critical role of key rotation for vault security
  • Identified vulnerabilities under server-compromise scenarios
  • Stressed the need for robust public-key validation
b5 Password manager architecture & key rotation Symbolic Software × Cure53 · multi-year
  1. F-01highVault exposure under server compromise
  2. F-02medPublic-key validation needs hardening
  3. S-03Key-rotation architecture affirmed
  4. S-04Key-management design robust
Public report · pentest-report_1password-b5.pdf ongoing
Mozilla Thunderbird Enigmail 2017 · in collaboration with Cure53

PGP signature path & envelope integrity

Symbolic Software's foundational client engagement. Working with Cure53, we audited Mozilla Thunderbird's Enigmail PGP integration, identifying a critical vulnerability that exposed encrypted messages to a class of attacker-mutation attacks.

  • Detected a critical vulnerability in Enigmail's signature path
  • Outlined exposure of encrypted messages to attacker mutation
  • Evaluated exploitation risk combined with social engineering
  • Identified potential confidentiality compromise
enigmail PGP signature path & envelope integrity Symbolic Software × Cure53 · 2017
  1. F-01critCritical flaw in Enigmail’s signature path
  2. F-02highEncrypted mail exposed to attacker mutation
  3. F-03medExploitation path via social engineering
  4. noteThe founding engagement of the practice
Public report · pentest-report_thunderbird-enigmail.pdf 2017
Trusted by