Trailmark turns code into graphs
Trail of Bits has released Trailmark, an open-source library that converts source code into queryable call graphs to enhance AI-assisted security analysis. By integrating with Claude Code, Trailmark enables advanced mutation testing triage, blast radius analysis, and the identification of architectural bottlenecks in cryptographic libraries.
Authors: Trail of Bits
Source:
Trail of Bits
Key Takeaways
- Trail of Bits open-sourced Trailmark, a library that parses source code into queryable call graphs for AI-assisted analysis.
- Trailmark supports 17 languages and integrates with Claude Code via eight specific skills for tasks like mutation triage and test vector generation.
- Graph-level reasoning helps filter out equivalent mutants in mutation testing, highlighting genuine security gaps.
- The tool identifies architectural bottlenecks and high-value fuzzing targets (like codec parsers) that linear code reviews often miss.
Affected Systems
- C
- Rust
- Go
- Python
- PHP
- JavaScript
- Solidity
- Circom
- Miden Assembly
Attack Chain
This article does not describe an attack chain. Instead, it details the functionality of Trailmark, a defensive security tool that parses source code into a graph structure. The tool indexes functions, classes, and call edges, allowing security analysts and AI models like Claude to query the codebase for vulnerabilities, blast radius, and mutation testing gaps.
Detection Availability
- YARA Rules: No
- Sigma Rules: No
- Snort/Suricata Rules: No
- KQL Queries: No
- Splunk SPL Queries: No
- EQL Queries: No
- Other Detection Logic: No
The article announces a defensive code analysis tool and does not provide detection rules for threat actor activity.
Detection Engineering Assessment
EDR Visibility: None — This is a static code analysis tool, not an active threat requiring EDR detection. Network Visibility: None — The tool operates locally on source code repositories. Detection Difficulty: N/A — Not applicable as this is a defensive tool release.
Hunting Hypotheses
| Hypothesis | Telemetry | ATT&CK Stage | FP Risk |
|---|---|---|---|
| Security teams can hunt for untested boundary conditions and architectural bottlenecks in cryptographic libraries by analyzing code graphs. | Source code repositories and static analysis findings | Pre-attack/Development | Low |
Control Gaps
- Linear code review processes
- Flat-list mutation testing without graph context
Recommendations
Immediate Mitigation
- Install Trailmark using 'uv pip install trailmark' to evaluate internal codebases.
Infrastructure Hardening
- Integrate Trailmark with Claude Code to automate mutation testing triage and test vector generation.
User Protection
- N/A
Security Awareness
- Train development and security teams to use graph-based reasoning for identifying architectural bottlenecks and high-value fuzzing targets like codec parsers.
Additional IOCs
- Command Lines:
- Purpose: Install the Trailmark library | Tools:
uv,pip| Stage: Preparation |uv pip install trailmark - Purpose: Add Trailmark skills to Claude Code | Tools:
Claude Code| Stage: Integration |/plugin marketplace add trailofbits/skills - Purpose: Analyze a project and generate a full JSON graph | Tools:
trailmark| Stage: Execution |trailmark analyze path/to/project - Purpose: Analyze a project for a specific language | Tools:
trailmark| Stage: Execution |trailmark analyze --language rust path/to/project - Purpose: Identify complexity hotspots in a project | Tools:
trailmark| Stage: Execution |trailmark analyze --complexity 10 path/to/project
- Purpose: Install the Trailmark library | Tools: