pith. sign in

arxiv: 2605.20208 · v1 · pith:YDIJUWR2new · submitted 2026-04-11 · 💻 cs.CR · cs.CY· q-bio.TO

Artificial Pancreas Implantables -- How Healthcare Professionals May Deal With DIY Bio Cases

Austin James , Xavier-Lewis Palmer , Lucas Potter , Celisha Oscar This is my paper

Pith reviewed 2026-05-21 08:59 UTC · model grok-4.3

classification 💻 cs.CR cs.CYq-bio.TO
keywords DIY artificial pancreasautomated insulin deliverycyberbiosecuritypatient reconfigurationhealthcare professionalsregulatory uncertaintyartificial pancreas systemsAID systems
0
0 comments X

The pith

Patient reconfiguration of automated insulin delivery into DIY artificial pancreas systems makes the user the primary threat vector, creating legal and clinical uncertainty across the stakeholder ecosystem.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper examines how routine clinical practices for handling automated insulin delivery systems intersect with cyberbiosecurity risks when patients build and operate their own versions outside standard regulatory approval and manufacturer oversight. It focuses on the shift that occurs when users take on manufacturer-level roles in creating bespoke systems without mandated governance. A sympathetic reader would care because these systems automate life-sustaining therapy, so bypassing conventional controls raises questions about safety, liability, and clinical responsibility for doctors and institutions. The central argument holds that this reconfiguration places the entire ecosystem in uncertainty.

Core claim

When insulin delivery systems are fundamentally reconfigured into a bespoke AID system, with the patient-user becoming the primary threat vector by assuming manufacturer-level roles without mandated governance, the entire ecosystem of stakeholders is placed in legal and clinical uncertainty.

What carries the argument

The patient-user as primary threat vector in reconfigured DIY AID systems that operate without regulatory approval or manufacturer governance.

If this is right

  • Clinicians must adapt routine handling practices to account for patients using systems outside conventional approval pathways.
  • The lack of post-market surveillance for DIY systems removes a key safety mechanism present in regulated AID devices.
  • Legal uncertainty extends to manufacturers, regulators, and healthcare providers when patient modifications cause harm.
  • Cyberbiosecurity risks rise because patients lack the institutional controls and testing required of commercial manufacturers.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar uncertainties could emerge in other patient-modified medical cyber-physical systems such as custom glucose monitors or wearable drug pumps.
  • Healthcare professional training may eventually need modules on identifying and responding to unregulated device modifications.
  • Regulators might develop new pathways that recognize limited patient reconfiguration while retaining some oversight.

Load-bearing premise

Patient reconfiguration of AID systems inherently positions the patient-user as the primary threat vector and creates substantial cyberbiosecurity risks without corresponding governance structures.

What would settle it

A documented case or study in which DIY AID users assume manufacturer roles yet produce no measurable increase in adverse clinical events, legal disputes, or cyber incidents compared with regulated commercial systems.

read the original abstract

Automated insulin delivery (AID) and artificial pancreas systems increasingly serve as safety-critical cyber-physical technologies in clinical care, integrating sensors, algorithms, software, and insulin-delivery hardware to automate a life-sustaining therapy. While regulated commercial systems are supported by formal approval pathways, manufacturer governance, and post-market surveillance, clinicians are also encountering patients who rely on do-it-yourself (DIY) artificial pancreas systems that operate outside conventional regulatory and institutional control structures. This paper examines how routine clinical handling practices intersect with cyberbiosecurity risk across both regulated and DIY AID systems. When insulin delivery systems are fundamentally reconfigured into a bespoke AID system, with the patient-user becoming the primary threat vector by assuming manufacturer-level roles without mandated governance, the entire ecosystem of stakeholders is placed in legal and clinical uncertainty.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 1 minor

Summary. The manuscript examines how routine clinical handling practices intersect with cyberbiosecurity risks in regulated commercial automated insulin delivery (AID) and artificial pancreas systems versus do-it-yourself (DIY) versions. It claims that patient reconfiguration of these systems into bespoke setups positions the patient-user as the primary threat vector by assuming manufacturer-level roles without mandated governance, thereby placing the entire ecosystem of stakeholders in legal and clinical uncertainty.

Significance. If the analysis holds, the work could be significant for drawing attention to regulatory and governance gaps in DIY modifications of safety-critical cyber-physical medical devices. It may help inform clinical guidelines and policy discussions on stakeholder roles in cyberbiosecurity for life-sustaining therapies.

major comments (1)
  1. [Abstract] Abstract: The central claim that patient reconfiguration of AID systems inherently makes the patient-user the primary threat vector (by assuming manufacturer-level roles without mandated governance) is asserted without enumerating concrete risk vectors introduced by reconfiguration, such as altered control loops, unverified software forks, or data exposure points; without referencing documented incidents; and without analyzing whether DIY communities maintain de facto standards or self-governance that might mitigate the claimed absence of oversight. This leaves the leap to ecosystem-wide legal and clinical uncertainty resting on an unelaborated premise rather than demonstrated causal links.
minor comments (1)
  1. [Abstract] The abstract provides no indication of the paper's methodology (e.g., conceptual analysis, literature review, or case studies), which would help readers assess the basis for the uncertainty assertions.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for their constructive feedback, which highlights opportunities to strengthen the clarity of our central claims. We address the major comment on the abstract point by point below.

read point-by-point responses

  1. Referee: [Abstract] The central claim that patient reconfiguration of AID systems inherently makes the patient-user the primary threat vector (by assuming manufacturer-level roles without mandated governance) is asserted without enumerating concrete risk vectors introduced by reconfiguration, such as altered control loops, unverified software forks, or data exposure points; without referencing documented incidents; and without analyzing whether DIY communities maintain de facto standards or self-governance that might mitigate the claimed absence of oversight. This leaves the leap to ecosystem-wide legal and clinical uncertainty resting on an unelaborated premise rather than demonstrated causal links.

    Authors: We agree the abstract would benefit from greater specificity to better support the premise. In revision we will enumerate key risk vectors including modified control loops from custom algorithms, unverified software forks in open-source implementations, and expanded data exposure points arising from non-regulated apps and cloud integrations. Publicly documented incidents remain sparse owing to the decentralized and often private nature of DIY deployments, but the manuscript grounds its analysis in established cyberbiosecurity frameworks for safety-critical cyber-physical systems rather than incident catalogs. We will also add a clause noting that while DIY communities maintain informal de-facto standards and self-governance practices, these do not substitute for manufacturer-level mandated regulatory oversight; this distinction is what generates the legal and clinical uncertainties for clinicians and other stakeholders. The body of the paper already develops these causal links in greater depth. revision: yes

Circularity Check

0 steps flagged

No circularity: qualitative discussion paper with no derivations, equations, or self-referential reductions.

full rationale

The manuscript is a policy-oriented discussion of clinical, legal, and cyberbiosecurity implications for DIY artificial pancreas systems. It advances a central premise about patient-users assuming manufacturer roles and creating uncertainty, but does so through description of stakeholder roles and regulatory contexts rather than any derivation chain, fitted parameters, or mathematical steps. No equations, predictions, ansatzes, or uniqueness theorems appear. The text does not reduce any claim to a self-citation or self-definition by construction, and the argument remains independent of the authors' prior work. This is a standard non-finding for a non-technical discussion paper.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

The paper draws on standard assumptions about regulatory frameworks for medical devices and known risks in cyber-physical systems but introduces no explicit free parameters, axioms, or new entities in the abstract.

pith-pipeline@v0.9.0 · 5671 in / 967 out tokens · 36882 ms · 2026-05-21T08:59:55.812618+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

35 extracted references · 35 canonical work pages

  1. [1]

    The TCF7L2 locus: A genetic window into the patho - genesis of type 1 and type 2 diabetes,

    S. F. Grant, “The TCF7L2 locus: A genetic window into the patho - genesis of type 1 and type 2 diabetes,” Diabetes Care, vol. 42, no. 9, pp. 1624–1629, 2019

    work page 2019

  2. [2]

    Is an artificial pancreas (closed - loop system) for type 1 diabetes effective?

    C. K. Boughton and R. Hovorka, “Is an artificial pancreas (closed - loop system) for type 1 diabetes effective?” Diabetic Medicine, vol. 36, no. 3, pp. 279–286, Mar. 2019

    work page 2019

  3. [3]

    SoK: Security and privacy in implantable medical devices and body area networks,

    M. Rushanan, A. D. Rubin, D. F. Kune, and C. M. Swanson, “SoK: Security and privacy in implantable medical devices and body area networks,” pp. 524–539, 2014

    work page 2014

  4. [4]

    Safety of a hybrid closed -loop insulin delivery system in patients with type 1 diabetes,

    R. M. Bergenstal, S. Garg, S. A. Weinzimer, B. A. Buckingham, B. W. Bode, W. V. Tamborlane, and F. R. Kaufman, “Safety of a hybrid closed -loop insulin delivery system in patients with type 1 diabetes,” New England Journal of Medicine , vol. 375, no. 7, pp. 697–707, 2016

    work page 2016

  5. [5]

    Navigating the unique challenges of automated insulin delivery systems to facilitate effective uptake and continued use,

    M. L. Tanenbaum, P. V. Commissariat, E. G. Wilmot, and K. Lange, “Navigating the unique challenges of automated insulin delivery systems to facilitate effective uptake and continued use,” Journal of Diabetes Science and Technology, vol. 19, no. 1, pp. 47–53, 2025

    work page 2025

  6. [6]

    Consensus recom - mendations for the use of automated insulin delivery technologies in clinical practice,

    M. Phillip, R. Nimri, R. M. Bergenstal et al. , “Consensus recom - mendations for the use of automated insulin delivery technologies in clinical practice,” Endocrine Reviews , vol. 44, no. 2, pp. 254 –280, 2023

    work page 2023

  7. [7]

    Alarm fatigue: A patient safety con - cern,

    S. Sendelbach and M. Funk, “Alarm fatigue: A patient safety con - cern,” AACN Advanced Critical Care , vol. 24, no. 4, pp. 378 –386, 2013

    work page 2013

  8. [8]

    Impacts and risks of adopting clinical decision support systems,

    W. Bonney, “Impacts and risks of adopting clinical decision support systems,” in Efficient Decision Support Systems: Practice and Chal - lenges in Biomedical Related Domain. InTech, 2011

    work page 2011

  9. [9]

    An overview of clinical decision support systems: Benefits, risks, and strategies for success,

    R. T. Sutton et al., “An overview of clinical decision support systems: Benefits, risks, and strategies for success,” NPJ Digital Medicine , vol. 3, p. 17, 2020

    work page 2020

  10. [10]

    The effects of alarm fatigue on the tendency to make medical errors in nurses working in intensive care units,

    G. Gu¨ndog˘an and S. Erdag˘ı Oral, “The effects of alarm fatigue on the tendency to make medical errors in nurses working in intensive care units,” Nursing in Critical Care , vol. 28, no. 6, pp. 996 –1003, 2023

    work page 2023

  11. [11]

    The relationship between alarm fatigue and medical error tendency in intensive care unit nurses,

    E. Sariog˘lu and M. Amarat, “The relationship between alarm fatigue and medical error tendency in intensive care unit nurses,” Nursing in Critical Care, vol. 30, no. 4, p. e70121, 2025

    work page 2025

  12. [12]

    Regulation (EU) 2017/745 on medical devices,

    European Union, “Regulation (EU) 2017/745 on medical devices,” Official Journal of the European Union, vol. L117, pp. 1–175, 2017

    work page 2017

  13. [13]

    Federal food, drug, and cosmetic act, 21 U.S.C. §360ff-2 (section 524b),

    United States Congress, “Federal food, drug, and cosmetic act, 21 U.S.C. §360ff-2 (section 524b),” United States Statutes, 2022

    work page 2022

  14. [14]

    Trust in automation: Designing for appropriate reliance,

    J. D. Lee and K. A. See, “Trust in automation: Designing for appropriate reliance,” Human Factors, vol. 46, no. 1, pp. 50–80, 2004

    work page 2004

  15. [15]

    Real-world use of open source artificial pancreas systems,

    D. Lewis, S. Leibrand, and OpenAPS Community, “Real-world use of open source artificial pancreas systems,” Journal of Diabetes Science and Technology, vol. 10, no. 6, pp. 1411–1411, 2016

    work page 2016

  16. [16]

    A. L. Liarakos et al. , “Long -term improvements in glycemia and user-reported outcomes associated with open -source automated in - sulin delivery systems in adults with type 1 diabetes in the United Kingdom,” Diabetes Technology & Therapeutics , vol. 27, no. 4, pp. 283–291, 2025

    work page 2025

  17. [17]

    Real - world use of do -it-yourself artificial pancreas systems,

    K. Braune, S. O’Donnell, B. Cleal, D. Lewis, and A. Tappe, “Real - world use of do -it-yourself artificial pancreas systems,” Diabetes Technology & Therapeutics, vol. 23, no. 3, pp. 225–234, 2021

    work page 2021

  18. [18]

    A european regulatory pathway for tidepool loop following clearance in the united states?

    L. Downey, S. O’Donnell, T. Melvin, and M. Quigley, “A european regulatory pathway for tidepool loop following clearance in the united states?” Diabetic Medicine, vol. 41, p. e15246, 2024

    work page 2024

  19. [19]

    Management of hyperglycemia in hospitalized patients in non-critical care setting,

    G. E. Umpierrez, R. Hellman, M. T. Korytkowski et al., “Management of hyperglycemia in hospitalized patients in non-critical care setting,” Journal of Clinical Endocrinology & Metabolism , vol. 97, no. 1, pp. 16–38, 2018

    work page 2018

  20. [20]

    “It is a false safety net

    C. Lange Ferreira, H. Habte-Asres, A. Forbes, and K. Winkley, ““It is a false safety net”: A qualitative exploration of insulin management in hospitalised older adults with diabetes undergoing surgery,” PLOS ONE, vol. 20, no. 10, p. e0332088, 2025

    work page 2025

  21. [21]

    Implementation of continuous glucose monitoring in the hospital: Emergent considerations for remote glucose monitoring during the COVID -19 pandemic,

    R. J. Galindo, G. Aleppo, D. C. Klonoff, E. K. Spanakis, S. Agarwal, P. Vellanki, D. E. Olson, G. E. Umpierrez, G. M. Davis, and F. J. Pasquel, “Implementation of continuous glucose monitoring in the hospital: Emergent considerations for remote glucose monitoring during the COVID -19 pandemic,” Journal of Diabetes Science and Technology, vol. 14, no. 4, p...

    work page 2020

  22. [22]

    The first regulatory clearance of an open -source automated insulin delivery algorithm,

    K. Braune, S. Hussain, and R. Lal, “The first regulatory clearance of an open -source automated insulin delivery algorithm,” Journal of Diabetes Science and Technology , vol. 17, no. 5, pp. 1139 –1141, 2023

    work page 2023

  23. [23]

    Position statement: Do -it-yourself diabetes tech- nology solutions,

    Diabetes Australia, “Position statement: Do -it-yourself diabetes tech- nology solutions,” Canberra, 2025

    work page 2025

  24. [24]

    Clinical practice guidelines: 2025 update on auto - mated insulin delivery systems,

    Diabetes Canada, “Clinical practice guidelines: 2025 update on auto - mated insulin delivery systems,” Toronto, 2025

    work page 2025

  25. [25]

    Position statement on type 1 diabetes diy technologies,

    Breakthrough T1D UK, “Position statement on type 1 diabetes diy technologies,” 2024, accessed Jan. 30, 2026. [Online]. Available: https://breakthrought1d.org.uk

    work page 2024

  26. [26]

    #WeAreNotWaiting—DIY artificial pancreas systems: The story so far,

    T. S. J. Crabtree, R. E. J. Ryder, and E. G. Wilmot, “#WeAreNotWaiting—DIY artificial pancreas systems: The story so far,” British Journal of Diabetes, vol. 22, no. Suppl 1, pp. S82 –S84, 2022. [Online]. Available: https://bjd - abcd.com/index.php/bjd/article/download/1069/1321/9589

    work page 2022

  27. [27]

    Open-source automated insulin delivery: international consen- sus statement and practical guidance for health -care professionals,

    K. Braune, R. A. Lal, L. Petruzelkova´, G. Scheiner, P. Winterdijk et al., “Open-source automated insulin delivery: international consen- sus statement and practical guidance for health -care professionals,” Lancet Diabetes & Endocrinology, vol. 10, no. 1, pp. 58–74, 2022

    work page 2022

  28. [28]

    Human factors systems approach to healthcare quality and patient safety,

    P. Carayon, T. B. Wetterneck, A. J. Rivera -Rodriguez et al., “Human factors systems approach to healthcare quality and patient safety,” Applied Ergonomics, vol. 45, no. 1, pp. 14–25, 2014

    work page 2014

  29. [29]

    N. G. Leveson, Engineering a safer world: Systems thinking applied to safety. Cambridge, MA: MIT Press, 2011

    work page 2011

  30. [30]

    Improving the security and privacy of implantable medical devices,

    W. H. Maisel and T. Kohno, “Improving the security and privacy of implantable medical devices,” New England Journal of Medicine, vol. 362, no. 13, pp. 1164–1166, 2010

    work page 2010

  31. [31]

    IEC 62304 edition 2: Software life cycle standard for health software,

    A. Va¨rri, P. Kranz-Zuppan, and R. de la Cruz, “IEC 62304 edition 2: Software life cycle standard for health software,” Studies in Health Technology and Informatics, vol. 264, pp. 868–872, 2019

    work page 2019

  32. [32]

    Supporting the use of a person’s own diabetes technology in the inpatient setting,

    J. Pattison, K. M. Dungan, and E. R. Faulds, “Supporting the use of a person’s own diabetes technology in the inpatient setting,” Diabetes Spectrum, vol. 35, no. 4, pp. 398–404, 2022

    work page 2022

  33. [33]

    The DIY artificial pancreas system: An ethical dilemma for doctors,

    D. Shaw, T. S. J. Crabtree, and E. G. Wilmot, “The DIY artificial pancreas system: An ethical dilemma for doctors,” Diabetic Medicine, vol. 37, no. 11, pp. 1951–1953, 2020

    work page 1951

  34. [34]

    Prescribing unapproved medical devices? the case of DIY artificial pancreas systems,

    J. T. F. Roberts, V. Moore, and M. Quigley, “Prescribing unapproved medical devices? the case of DIY artificial pancreas systems,” Med- ical Law International, vol. 21, no. 1, pp. 42–68, 2021

    work page 2021

  35. [35]

    Do- it-yourself artificial pancreas systems: User perspectives, glycemic control, and quality of life in type 1 diabetes,

    A. Basanth, M. Dhingra, V. Chandran, and R. Vaishnavi, “Do- it-yourself artificial pancreas systems: User perspectives, glycemic control, and quality of life in type 1 diabetes,” International Journal of Diabetes and Technology, vol. 4, no. 1, pp. 11–16, 2025

    work page 2025