Trenchant Ex-Director Accused of Selling Secrets to Russia

The former high-ranking official in a U.S. non-offensive cybersecurity firm is accused of stealing valuable hacking tools he developed and selling them for profit to a Russian buyer, according to Justice Department filings that mark a rare, high-stakes breach of the government’s closely held exploitation ecosystem.

The filing names the defendant as Peter Williams and seeks to seize $1.3 million, a property in Washington, D.C., and dozens of luxury wristwatches.

Williams, according to TechCrunch, held a behind-the-scenes role, working as a manager and then director for Trenchant — an L3Harris subsidiary focused on vulnerability research and device access. According to U.K. corporate filings, Williams is an Australian citizen.

What the DOJ alleges in its five-page court filing

According to the Justice Department, in a five-page court filing, Williams was part of a conspiracy to steal and sell eight trade secrets over this time period, from April 2019 through August 2022. The filing mentions two unspecified companies and discusses a buyer within Russia, but it does not identify whether the purchaser was state-affiliated. The government’s move to seek the seizure of cash as well as luxury items is not unusual in cases where investigators suspect that illicit funds were used to buy property.

Though the document doesn’t articulate specifics about the stolen material (and it wouldn’t be expected to, in any event), the fact that “trade secrets” are cited strongly suggests exploit code, tooling, or methodologies for gaining access to targets’ systems — assets that can command seven-figure sums on gray and black markets based upon the capability and exclusivity of such resources.

Why Trenchant’s role in offensive research matters

Trenchant is nested within L3Harris, a big defense contractor, and came together after the acquisitions of Azimuth Security and Linchpin Labs. Public material focuses on zero-day research and operational access — exactly the types of capabilities that can be game-changers in digital intelligence work. The Washington Post has previously reported that Azimuth provided an exploit that was used to hack into an iPhone as part of a high-profile federal investigation, showing the sensitivity and value of the tools.

L3Harris declined to comment on the filing. TechCrunch also said Trenchant is looking into a leak of its tools, although the company has yet to say just how much. In the case of any compromise, however (if indeed this is what has occurred here), such a breach would have much broader implications than those of a single vendor, since offensive toolchains often incorporate customized vulnerabilities, evasion tradecraft, and operational methodologies.

The national security stakes of alleged tool leaks

Offensive potentials which escape controlled environments can repurpose themselves rapidly. History provides a chilling precedent: The EternalBlue exploit, part of an N.S.A. toolkit leaked online by the Shadow Brokers hackers in 2017, formed the basis for more global attacks — including WannaCry and NotPetya — that caused billions of dollars in damage worldwide. A comparable dynamic could play out if high-end mobile or endpoint intrusion chains were turned against adversarial operators who used them to leverage targeting of diplomats, defense contractors, or critical infrastructure; we refer to that scenario as Decapitate.

For Russia — which has already been active in cyber operations against Western targets — the ability to use new intrusion techniques would enable it to shorten development cycles, improve persistence on hardened networks, and make attribution more difficult. One unpatched exploit chain can be operationally decisive if it goes undetected.

Legal and compliance context for alleged trade secrets

Conduct like this can (and often does) fall under the rubric of the Economic Espionage Act, which includes sections dealing with stealing trade secrets as well as — as in some cases — economic espionage on behalf of a foreign power. Other separate export-control regimes also loom large. The Commerce Department’s Bureau of Industry and Security recently tightened controls on certain cyber intrusion and surveillance items, citing concerns that dual-use tools can be weaponized against the U.S. agenda.

The stakes are both economic and strategic. The IP Commission has said the U.S. loses between $225 billion and $600 billion annually to trade secret thievery. In the small realm of zero-days and custom implants, a single capability can earn from six to seven figures in a payoff, leading to strong incentives — and pressure — for insiders and vendors.

The latest developments and asset forfeiture details

Public records suggest Williams started as a director at Trenchant and left this year. The DOJ filing does not specify criminal charges or describe the reputed secrets, but instead emphasizes forfeiture — a tool often wielded in connection with or prior to bringing criminal charges that enables authorities to retain assets. Tucker said the proceeds targeted for forfeiture are associated with an alleged scheme that involved a Russian buyer.

Two companies are cited as victims but not identified. It’s a standard omission when the government is trying to prevent additional exposure of sensitive technology while an investigation is underway. For the moment, it is unknown if any exploit chains, implants, or motivational triggers were used in operations.

What to watch next as the investigation progresses

Key questions include whether prosecutors would bring a case under the Economic Espionage Act, whether additional conspirators would emerge, and if U.S. or allied cyber defense teams would find groups of related activity. Among the signs would be new advisories from CISA on exploitation, vendor patches issued for previously unknown bugs, or intelligence community warnings to cleared contractors.

For defense and tech companies, the case is a reminder that insider risk is often the most difficult threat to calculate. Strong code escrow, compartmentalization, ongoing oversight, and more-stringent export compliance are now table stakes — especially for companies that deal in capabilities whose true value resides in being kept under wraps.