01
Confidential computing
Sensitive workloads on hosts you don't fully trust: remote attestation, enclave boundaries, TEE flows, and end-to-end verification.
Security Consulting
Open Source R&D
R&D
Security is
not optional.
For organizations that can't afford to get security wrong. We embed with your team and go deep on the architecture, code, and systems you depend on.
- $400B+
- Secured by systems we helped design or built Assets secured
- 100+
- Companies supported on critical security Companies supported
- 20+
- Open source security tools Open source tools
We've worked with Distrust on multiple audits because their reviews are genuinely useful. They stay engaged with our team throughout the process, go deep on the system, and turn complex security issues into clear engineering decisions.
It doesn't feel like working with a vendor at all. It feels like having seasoned security partners we can bring hard problems to: people who get context fast, push back when our thinking is off, and help us make sharper decisions before issues escalate.
Where we
go deep
go deep
The hard parts that few firms can do.
Across the systems we design, build, and review, one method holds: eliminate single points of failure and tailor the architecture to the threat model, from insider risk to state-backed attackers.
02
Supply-chain security
Reproducible builds, provenance, and signed release workflows so critical artifacts can be verified before they run.
03
Custody & secrets architecture
Bespoke hot, cold, and air-gapped systems for digital assets and secrets: quorum controls, signing workflows, recovery ceremonies, and operational safeguards.
04
Low-level & systems engineering
Linux, firmware, boot chains, and kernel-level hardening where security depends on details most teams rarely touch.
How we work
Not another rubber stamp audit.
Work directly with security engineers who review, design, and build alongside your team. Practical security work, not a report that leaves the hard decisions to you.
Security assessments
2-8 weeks
Drawing on systems we helped design or build, we use first-principles threat modeling, architecture review, audits, pen tests, and smart contract reviews to eliminate risks at their source.
Custom engineering
1-6 months
Design and build the system. Confidential compute platforms, signing ceremonies, hardened build pipelines. The work most firms decline.
Security retainer
Ongoing
We support your team wherever security judgment is needed: design reviews, release signoff, security program development, candidate interviews, and hands-on support as your infrastructure evolves.
Selected work
Work we can talk about.
Public examples from teams building systems where security failure is not an option.
Turnkey
Ongoing security partner for Turnkey's verifiable wallet infrastructure. Enclave-backed key management, reproducible builds, and remote attestation protect private keys without relying on blind trust.
turnkey.io
Mysten Labs
The team behind Sui uses Distrust tooling and architecture guidance to eliminate single points of failure in security-critical systems. Work included validator key ceremony threat modeling and reproducible, quorum-signed procedures.
mystenlabs.com
Sidero Labs
Talos Linux uses StageX to strengthen its software supply chain. Fully bootstrapped builds add reproducibility and auditability to Sidero Labs' signed, immutable Kubernetes OS.
siderolabs.com
ether.fi
Security advisory for the largest LRT protocol, spanning audits, architecture review, release guidance, and support evaluating security hires as ether.fi's protocol and infrastructure evolved.
ether.fi
Open source
Security tools, open to you.
The same tools we rely on to secure high-stakes systems, open-sourced and free for any team that needs them.
StageX
View websiteHermetic, deterministic, reproducible, multi-signed OCI-based build toolchain.
AirgapOS
View repoMinimal, immutable, offline-first swiss-army knife for secret management.
Keyfork
View repoDerive keys from a single entropy source to simplify their management.
Icepick
View repoFramework for offline cryptographic signing operations.
Trove
View repoDocumentation for managing secrets you can't afford to lose.
EnclaveOS
Coming soonImmutable OS for powering verifiable confidential compute on untrusted hosts.
Engineers
Who you'll work with.
Decades of low-level security depth, working directly with your team on the decisions that matter.
