X/Twitter
GitHub
Bluesky
About Taylor Hornby
Defuse Security is Taylor Hornby's personal homepage for security research, consulting services, and a whole bunch of other random stuff, like an argument that the universe is made out of cheese.
I build useful tools for security engineers like the online x86 assembler, I think about how to write user-friendly threat models, and I solve cryptography vulnerabilities by writing secure implementations and explainers that teach the adversarial mindset. I can also be hired for professional security audits.
I've recently been exploring a niche of "high assurance AI coding" (discovering the extent to which that is even possible) by creating tools like vfy while simultaneously developing a set of Claude-based agents for cryptographic security auditing. I also make EDM and fun tools for music producers. Or, when I'm feeling unhinged, a future bass track coded in Rust.
What I enjoy most of all is thinking critically about systems to understand their intricate behavior, a kind of naturalism applied to invented things, and leveraging my understanding of those intricacies to make the system do something unexpected. I see exploits as proofs that a system has behaviors even its creators don't understand, and vulnerabilities as instances of users relying on security properties that don't exist, bringing usability and user experience concerns into the picture, not just focusing on code bugs.
I like cryptography for its ability to level out power imbalances through decentralization and for its ability to increase our freedom by protecting our privacy and right to express our deepest thoughts to only those we trust. I'm also interested in complexity theory, mathematical logic, physics, philosophy of mind, and applying learnings from safety engineering to information security. I've been told that alongside my technical rigor, I also have a good "product" mindset.
I have a degree in Computer Science and a Master's in Quantum Information. Most of my career has been centered around auditing cryptography-related software; my most recent project being to provide audits and security support to the Zcash community. Before that, I was a Senior Security Engineer at the Electric Coin Company, working on Zcash. I'm currently a board member of the Zcash Foundation, elected by the community.
I've found some cool bugs through my work, including one that would have made it possible to create free money out of thin air had the problem not been found early, and a way to steal money out of a hardware wallet by confusing its state machine. I've also applied the Flush+Reload side-channel to spy on everyday applications like your web browser and PDF reader.
If you would like to hire me for a security audit, see my security consulting page. I specialize in auditing all sorts of cryptography protocols and cryptography-related software, but I do general application security audits as well. I can also help you by writing a threat model that's simple enough for your users to actually understand.
taylor@defuse.ca
