📜 Post with us on Reddit
📝 Create a new article
🏭 Create a company page
🇬🇧 - in English
🇫🇷 - en Français (FR)
🇵🇹 - em Português (PT)
🇩🇪 - auf Deutsch (DE)
🇯🇵 - 日本語で (JA)
Sponsored articles

You can edit almost every page by Creating an account and confirming your email.

Dan Guido

From EverybodyWiki Bios & Wiki


Dan Guido
Born1984 (age 41–42)
Queens, New York City, U.S.
🏳️ NationalityAmerican
🎓 Alma materPolytechnic University (BS)
💼 Occupation
Cybersecurity executive, researcher
Known forCo-founder of Trail of Bits, Apple–FBI technical analysis, iVerify
TitleCEO, Trail of Bits

Daniel Guido is an American cybersecurity entrepreneur, researcher, and CEO who co-founded Trail of Bits, a New York City-based software security firm, in 2012.[1] He has been quoted as a security expert in The New York Times, The Wall Street Journal, and Wired on topics including iPhone security, cryptocurrency theft, and cryptographic snake oil.[2][3][4][5]

Early life and education

Guido grew up in Williston Park, New York, on Long Island, and attended Mineola High School.[6] He earned a bachelor's degree in computer science from Polytechnic University (now NYU Tandon School of Engineering) in 2008[7] as a participant in the CyberCorps: Scholarship for Service program, which included internships at the National Security Agency.[8] As an undergraduate, he helped organize CSAW, described as the world's largest student-run cybersecurity competition.[9][10][7] After graduating, he worked at the Federal Reserve Bank of New York.[8]

In 2021, Guido was inducted into the CyberCorps: Scholarship for Service Hall of Fame by the Cybersecurity and Infrastructure Security Agency.[8][7]

Career

Trail of Bits

In 2012, Guido co-founded Trail of Bits with Dino Dai Zovi and Alexander Sotirov. CSO Online described the founders as "infosec heavyweights" when the company launched, noting that Guido's prior research had shown that "only a very small number of vulnerabilities are used in massive exploitation campaigns."[1][11]

Trail of Bits' clients have included Zoom, which retained the firm alongside two other security consultancies during a 2020 security overhaul.[12] In 2023, Twitter's head of security engineering publicly claimed that Trail of Bits had audited the platform's encrypted direct messaging implementation, naming Guido specifically: "Dan Guido and those folks are badass." He then deleted the statement; Platformer reported that Twitter had not actually signed a contract with Trail of Bits, in part because layoffs had eliminated employees who handled procurement.[13]

The firm also audited Discord's DAVE end-to-end encrypted voice and video protocol, which the Electronic Frontier Foundation praised as "commissioning an audit from well-regarded outside researchers,"[14][15][16] and WhatsApp's Private Processing confidential computing architecture alongside NCC Group.[17] Nonprofit-funded open-source audits have included curl, funded by the Open Source Technology Improvement Fund, whose creator Daniel Stenberg called Trail of Bits "excellent"[18]OpenSSL,[19] and Homebrew, funded by the Open Technology Fund.[20]

In AI security, Trail of Bits audited safetensors, a machine-learning model format, in a 2023 review jointly commissioned by Hugging Face, EleutherAI, and Stability AI; the audit found a polyglot file vulnerability and led to a tighter format specification, after which all three organizations adopted safetensors as the default model format.[21][22] In 2024, Trail of Bits researchers discovered LeftoverLocals, a vulnerability in GPUs made by Apple, AMD, and Qualcomm that allowed data to be recovered from GPU memory across process boundaries, including eavesdropping on large language model sessions.[23][24]

Forrester Research named Trail of Bits a "Leader" in its Forrester Wave evaluations of cybersecurity consulting services in 2019 and 2024.[25][26]

DARPA research

Trail of Bits has participated in multiple DARPA research programs, beginning with the Cyber Grand Challenge in 2016. In 2022, DARPA commissioned Trail of Bits to study whether blockchain networks are decentralized; the report found that a small number of entities controlled a disproportionate share of Bitcoin mining and network infrastructure. The study was covered by NPR, which reported "the work was done by Trail of Bits."[27][28] The firm later competed in DARPA's AI Cyber Challenge (AIxCC), a two-year competition to develop AI systems that autonomously find and patch software vulnerabilities. Guido said of the competition's premise: "There's just too much code to look through, and it's too complex to process in order to find all the vulnerabilities that are spread out."[29] The team placed second in the AIxCC final competition in August 2025, winning a $3 million prize. The team's system, Buttercup, found 28 vulnerabilities across 20 distinct CWE categories and deployed 19 patches with greater than 90 percent accuracy.[30][31]

iVerify

In 2019, Trail of Bits launched iVerify, an iOS security toolkit designed to detect signs of compromise on iPhones. It was one of the first apps promising to detect iPhone hacks to be approved for Apple's App Store.[32] In a Vice interview, Guido described the app's approach as using "side channels" and "smoke signals" to detect hacks by identifying anomalies rather than directly inspecting the operating system.[32] The project was spun out as an independent company in August 2023 to counter mercenary spyware.[33] In 2024, Wired reported that iVerify's threat-hunting tool had detected seven Pegasus infections among 2,500 device scans; targets included journalists, activists, business leaders, and government officials.[34]

Voatz election security audit

In 2020, Trail of Bits conducted what it described as the first "white-box" security assessment of Voatz, a mobile voting application used in several U.S. states.[35] Unlike prior reviews—including a study by MIT researchers—Trail of Bits had access to Voatz's server and source code.[36] The assessment identified 16 high-severity vulnerabilities, including flaws that could let attackers alter or cancel votes.[35][36] MIT researcher Michael Specter, a co-author of the earlier study, said he was "eternally grateful" for the Trail of Bits audit, which confirmed his team's findings and uncovered additional vulnerabilities his team could not detect without source code access.[36] Following the audit, West Virginia moved its online-voting program away from Voatz.[36]

NYU Tandon involvement

Guido was adjunct faculty and Hacker in Residence at NYU Tandon, where he taught security courses and oversaw student research through the OSIRIS Lab for approximately eight years.[7][37] He organized the THREADS conference, an annual research event held during CSAW from 2012 to 2014, on mobile security, DARPA programs, and security automation.[38][39]

Government advisory roles

In 2013, Guido spoke at the Federal Trade Commission's Mobile Security Forum.[40] From 2023 to 2024, he co-chaired the Cybersecurity Subcommittee of the Commodity Futures Trading Commission's Technology Advisory Committee.[41]

Public commentary

Apple–FBI encryption dispute

During the FBI–Apple encryption dispute in February 2016, Guido argued on the Trail of Bits blog that Apple could comply with the FBI's court order to unlock an iPhone 5C used by one of the San Bernardino shooters, because that model lacked Apple's Secure Enclave processor.[42] Several national outlets cited the analysis: Wired's Kim Zetter relied on Guido as the primary technical expert, quoting him saying the FBI's request was "completely doable and reasonable" but that Apple could and should make changes to prevent such orders in the future.[2] The same day as his blog post, The Wall Street Journal quoted Guido explaining that newer iPhones with cryptographic processors would be "much harder" to crack.[43] The New York Times also quoted him, noting that Apple had been "hoping that the request that came was more outrageous" so it could mount a stronger legal challenge.[3]

In 2018, Guido characterized the dynamic between Apple and the GrayKey iPhone-unlocking device for The Wall Street Journal as a "punch-counterpunch narrative."[44] After the FBI demanded Apple unlock iPhones belonging to the Pensacola naval base shooter in 2020, he told The New York Times that the bureau already had tools to access the devices: "All the tools they have work...they're a solved problem."[45]

CTS Labs and AMD vulnerability disclosure

A previously unknown Israeli security firm called CTS Labs announced in 2018 that it had found 13 vulnerabilities in AMD processors, giving AMD only 24 hours' notice before public disclosure, far less than the industry-standard 90-day period. Trail of Bits, which had been hired by CTS Labs to independently validate the findings before announcement, confirmed the vulnerabilities were real. Wired featured Guido's assessment in a pull quote: "Regardless of hype, they found vulnerabilities that work as described."[46]

Crown Sterling controversy

At Black Hat 2019, Crown Sterling CEO Robert Grant gave a $115,000 sponsored talk promoting a proprietary encryption scheme the company called "Time AI."[47] Guido publicly confronted Grant during the presentation, accusing the company of fraud. He told Vice: "They're scamming people. They're here to use Black Hat to trick people into giving them money."[5] Ars Technica quoted Guido saying he "spoke up because I felt [the presentation] was insincere and conducted in bad faith."[48] Guido was removed from the room by conference security, and Black Hat subsequently removed the talk from its website.[5][47] Crown Sterling sued Black Hat's parent company, Informa, accusing organizers of a "defamatory smear campaign"; the lawsuit was settled on confidential terms in 2020.[49][47]

Verizon Data Breach Report

Guido criticized the 2016 Verizon Data Breach Investigations Report for methodological flaws, arguing that its rankings of the most-exploited vulnerabilities were based on false positives from vulnerability scanners rather than real-world exploitation data.[50]

Cryptocurrency security

In March 2025, after the $1.5 billion theft from the Bybit cryptocurrency exchange by North Korea's Lazarus Group, The Wall Street Journal quoted Guido's analysis that the hack could have been prevented with basic transaction verification. "Bybit's reliance on blind-signing transactions without verifying them is what did them in," he said, adding: "Most of these firms have hyper focus on smart contract security and blockchain security, but they have forgotten the basics of operational security."[4]

The following month, Guido was targeted by a threat actor known as ELUSIVE COMET, a group linked to millions of dollars in cryptocurrency theft. The attackers, posing as journalists for "Bloomberg Crypto," attempted to gain remote access to his computer through Zoom's remote control feature during a scheduled interview; Guido recognized the attempt and published an analysis of the group's methods.[51]

Projects

Algo VPN

In 2016, Guido created Algo, an open-source personal VPN server as an alternative to commercial VPN services, released through Trail of Bits.[52][53] The New York Times recommended Algo as a free alternative to paid VPN services in 2021, with technology columnist Brian X. Chen reporting it "worked flawlessly." In the same article, Guido argued that modern HTTPS encryption had made commercial VPNs unnecessary for most users: "It's very difficult to find cases where people were harmed by signing on to the airport, coffee shop or hotel Wi-Fi."[52]

References

  1. 1.0 1.1 Brenner, Bill (February 14, 2012). "Trail of Bits: An Alliance of Infosec Heavyweights". CSO Online. Retrieved February 22, 2026.
  2. 2.0 2.1 Zetter, Kim (February 18, 2016). "Apple's FBI Battle Is Complicated. Here's What's Really Going On". Wired.
  3. 3.0 3.1 Benner, Katie; Apuzzo, Matt (February 22, 2016). "Narrow Focus of F.B.I. Request May Aid Apple's Case". The New York Times.
  4. 4.0 4.1 Huang, Vicky Ge; McMillan, Robert (March 6, 2025). "How the Biggest Crypto Hack Ever Nearly Destroyed the World's No. 2 Exchange". The Wall Street Journal.
  5. 5.0 5.1 5.2 Franceschi-Bicchierai, Lorenzo; Cox, Joseph (August 10, 2019). "Black Hat Talk About 'Time AI' Causes Uproar, Is Deleted by Conference". Vice.
  6. Leising, Matthew (January 10, 2022). "Q&A with Trail of Bits Co-Founder Dan Guido". Decential.
  7. 7.0 7.1 7.2 7.3 "NYU Tandon Alum and Mentor Dan Guido Elected to Scholarship for Service Hall of Fame". NYU Tandon School of Engineering. 2021.
  8. 8.0 8.1 8.2 "CyberCorps: Scholarship for Service Hall of Fame". CISA. Department of Homeland Security.
  9. Glorion, Marie (December 2, 2024). "CSAW: a successful eighth edition". Grenoble INP – UGA.
  10. "Everything Went as Planned as Hackers in NYC Area Hit Targets Throughout Polytechnic University". NYU Tandon School of Engineering. November 29, 2005.
  11. Guido, Dan (November–December 2011). "A Case Study of Intelligence-Driven Defense". IEEE Security & Privacy. 9 (6): 67–70. doi:10.1109/MSP.2011.163.
  12. McMillan, Robert; Tilley, Aaron (April 16, 2020). "Zoom Hires Security Heavyweights to Fix Flaws". The Wall Street Journal.
  13. Newton, Casey; Schiffer, Zoë (May 16, 2023). "Why you can't trust Twitter's encrypted DMs". The Verge.
  14. "Meet DAVE: Discord's New End-to-End Encryption for Audio & Video". Discord Blog. September 17, 2024.
  15. Klosowski, Thorin; Budington, Bill (September 19, 2024). "Strong End-to-End Encryption Comes to Discord Calls". Electronic Frontier Foundation.
  16. Toulas, Bill (September 18, 2024). "Discord rolls out end-to-end encryption for audio, video calls". BleepingComputer.
  17. "Get the Tone of Your Message Right with Private Writing Help". WhatsApp Blog. August 27, 2025.
  18. Stenberg, Daniel (December 21, 2022). "The 2022 curl security audit". daniel.haxx.se.
  19. "OSTIF and Trail of Bits Complete Audit of OpenSSL". OpenSSL. May 2, 2024.
  20. Arghire, Ionut (August 1, 2024). "Homebrew Security Audit Finds 25 Vulnerabilities". SecurityWeek.
  21. "Safetensors audited as really safe and becoming the default". Hugging Face Blog. May 23, 2023.
  22. Clark, Jack (May 29, 2023). "Import AI 331". Import AI.
  23. Newman, Lily Hay (January 16, 2024). "A Flaw in Millions of Apple, AMD, and Qualcomm GPUs Could Expose AI Data". Wired.
  24. Goodin, Dan (January 17, 2024). "Just 10 lines of code can steal AI secrets from Apple, AMD, and Qualcomm GPUs". Ars Technica.
  25. Pearl, Lauren (July 16, 2019). "Trail of Bits Named in Forrester Wave as a Leader in Midsize Cybersecurity Consulting Services". Trail of Bits Blog.
  26. "Trail of Bits named a leader in cybersecurity consulting services". Trail of Bits Blog. July 9, 2024.
  27. "Cryptocurrency tech is vulnerable to tampering, a DARPA analysis finds". NPR. June 21, 2022.
  28. "DARPA-Funded Study Provides Insights into Blockchain Vulnerabilities". DARPA. June 21, 2022.
  29. Vasquez, Christian (August 12, 2024). "DARPA competition shows promise of using AI to find and patch bugs". CyberScoop.
  30. Kapko, Matt (August 8, 2025). "DARPA's AI Cyber Challenge reveals winning models for automated vulnerability discovery and patching". CyberScoop.
  31. "Alum-run Cybersecurity Company Trail of Bits Wins Big at DARPA's Artificial Intelligence Cyber Challenge". NYU Tandon School of Engineering. September 15, 2025.
  32. 32.0 32.1 Franceschi-Bicchierai, Lorenzo (November 14, 2019). "This App Will Tell You If Your iPhone Gets Hacked". Vice.
  33. "Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat". SecurityWeek. 2023.
  34. Newman, Lily Hay (December 4, 2024). "A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections". Wired.
  35. 35.0 35.1 Westrope, Andrew (March 17, 2020). "Detailed Audit of Voatz' Voting App Confirms Security Flaws". GovTech.
  36. 36.0 36.1 36.2 36.3 Freed, Benjamin (March 16, 2020). "Audit finds severe vulnerabilities in Voatz mobile voting app". StateScoop.
  37. "CSAW Turns 21: Powerful Partnerships and New Programming". NYU Tandon School of Engineering. 2024.
  38. "Dan Guido: THREADS Mobile Security Conference". NYU Tandon School of Engineering. 2012.
  39. "Conference Will Explore How to Automate Cyber Security Faster Than Hackers". NYU Tandon School of Engineering.
  40. "Mobile Security: Potential Threats and Solutions". Federal Trade Commission. June 4, 2013.
  41. "CFTC Technology Advisory Committee Announces Subcommittee Members". Commodity Futures Trading Commission. July 14, 2023.
  42. Guido, Dan (February 17, 2016). "Apple can comply with the FBI court order". Trail of Bits Blog.
  43. Nicas, Jack; McMillan, Robert (February 17, 2016). "Newer Phones Aren't Easy to Crack". The Wall Street Journal.
  44. McMillan, Robert (June 14, 2018). "Meet Apple's Security Headache: The GrayKey, a Startup's iPhone-Hacking Box". The Wall Street Journal.
  45. Nicas, Jack (January 17, 2020). "Does the F.B.I. Need Apple to Unlock iPhones?". The New York Times.
  46. Greenberg, Andy (March 16, 2018). "AMD's Flaw Fall-Out—and Backlash Against CTS-Labs' Disclosure". Wired.
  47. 47.0 47.1 47.2 Claburn, Thomas (August 26, 2019). "Biz forked out $115k to tout 'Time AI' crypto at Black Hat. Now it sues organizers because hackers heckled it". The Register.
  48. Gallagher, Sean (August 21, 2019). "Snake oil or genius? Crown Sterling tells its side of the Black Hat controversy". Ars Technica.
  49. Stone, Jeff (April 22, 2020). "Crown Sterling and Black Hat settle lawsuit, promise to never speak of it again". CyberScoop.
  50. Kirk, Jeremy (May 11, 2016). "Verizon Breach Report Criticized". BankInfoSecurity.
  51. Toulas, Bill (April 22, 2025). "Hackers abuse Zoom remote control feature for crypto-theft attacks". BleepingComputer.
  52. 52.0 52.1 Chen, Brian X. (October 6, 2021). "It's Time to Stop Paying for a VPN". The New York Times.
  53. Dillet, Romain (April 9, 2017). "How I Made My Own VPN Server in 15 Minutes". TechCrunch.

External links


This article "Dan Guido" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Dan Guido. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.


Retrieved from "https://en.everybodywiki.com/index.php?title=Dan_Guido&oldid=5922216"
License CC BY-SA 3.0
Powered by MediaWiki