{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:6RY5U7QF5DYR6JFWNNFUKDBFJ7","short_pith_number":"pith:6RY5U7QF","canonical_record":{"source":{"id":"2606.21397","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-19T13:02:47Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"e0f68dbf552b06af4d6f6edd169e05b6d08a2f89540e9e1e6e9c1cd11bf9903b","abstract_canon_sha256":"9ebf1b77ab8a0b17fb83df66d639a4afaaa3fa9876320486b53aa9d4f5569601"},"schema_version":"1.0"},"canonical_sha256":"f471da7e05e8f11f24b66b4b450c254fd8a3e0ca4eb5ed9dbb52b2ab91adf427","source":{"kind":"arxiv","id":"2606.21397","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.21397","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"arxiv_version","alias_value":"2606.21397v1","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.21397","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"pith_short_12","alias_value":"6RY5U7QF5DYR","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"pith_short_16","alias_value":"6RY5U7QF5DYR6JFW","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"pith_short_8","alias_value":"6RY5U7QF","created_at":"2026-06-23T01:13:08Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:6RY5U7QF5DYR6JFWNNFUKDBFJ7","target":"record","payload":{"canonical_record":{"source":{"id":"2606.21397","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-19T13:02:47Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"e0f68dbf552b06af4d6f6edd169e05b6d08a2f89540e9e1e6e9c1cd11bf9903b","abstract_canon_sha256":"9ebf1b77ab8a0b17fb83df66d639a4afaaa3fa9876320486b53aa9d4f5569601"},"schema_version":"1.0"},"canonical_sha256":"f471da7e05e8f11f24b66b4b450c254fd8a3e0ca4eb5ed9dbb52b2ab91adf427","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-23T01:13:08.938401Z","signature_b64":"mDwfge+dDTqd3ORo9pq+k2yuFpN8cluTHHXPw0fJ9ZLXr0a8kPlTVQivppbJ7+dC2sURKgA+a9qBzOY+e/sXAQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"f471da7e05e8f11f24b66b4b450c254fd8a3e0ca4eb5ed9dbb52b2ab91adf427","last_reissued_at":"2026-06-23T01:13:08.937972Z","signature_status":"signed_v1","first_computed_at":"2026-06-23T01:13:08.937972Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2606.21397","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-23T01:13:08Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"J0QTCeYkz2aMKMGquyPJjqT3ph/zoVECqy5NrjE95WE1tJhk4peDYgaqWneELP1f41x/mdn+0i4LN4hhsteSDQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-28T07:22:26.791924Z"},"content_sha256":"78030fbb818b7f3ec32a0ea610be1c50f858e10f81ee6cc379593d5130204a79","schema_version":"1.0","event_id":"sha256:78030fbb818b7f3ec32a0ea610be1c50f858e10f81ee6cc379593d5130204a79"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:6RY5U7QF5DYR6JFWNNFUKDBFJ7","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Evaluating LLMs for Real-World Web Vulnerability Detection","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Antonio Benjamin Buchholz, Luca Jungnickel, Sebastian Neef, Valene Spence, Vicente Birke Gonzalez","submitted_at":"2026-06-19T13:02:47Z","abstract_excerpt":"Large Language Models (LLMs) have emerged as a promising tool for automated vulnerability detection, yet their effectiveness on web-specific vulnerabilities remains to be explored.\n  This work benchmarks six frontier (Claude Opus 4.6, Codex GPT-5.4, Gemini 3.1-pro-preview) and open-weight models (Qwen 3.5, Qwen 3 Coder Next, MiniMax M2.5) on their ability to detect real-world web vulnerabilities using static analysis in WordPress plugins, including SQL injection, stored cross-site scripting, path traversal, and remote code execution. Using five prompt designs of varying structure, scope, and c"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.21397","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2606.21397/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-23T01:13:08Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"TPy4tJIxE4LyTSc94aP5Hgl8OWxENf/UJMmtc04GIM2xUyEhdy4Q4ulWiwKpzyPra2ENxNdeflHjENTPdp/pDw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-28T07:22:26.792293Z"},"content_sha256":"5d9c44bc3c3f26a7dddb5ff61d0a93f990c26db03cd171ede0e82ff7fdecae16","schema_version":"1.0","event_id":"sha256:5d9c44bc3c3f26a7dddb5ff61d0a93f990c26db03cd171ede0e82ff7fdecae16"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/6RY5U7QF5DYR6JFWNNFUKDBFJ7/bundle.json","state_url":"https://pith.science/pith/6RY5U7QF5DYR6JFWNNFUKDBFJ7/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/6RY5U7QF5DYR6JFWNNFUKDBFJ7/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-28T07:22:26Z","links":{"resolver":"https://pith.science/pith/6RY5U7QF5DYR6JFWNNFUKDBFJ7","bundle":"https://pith.science/pith/6RY5U7QF5DYR6JFWNNFUKDBFJ7/bundle.json","state":"https://pith.science/pith/6RY5U7QF5DYR6JFWNNFUKDBFJ7/state.json","well_known_bundle":"https://pith.science/.well-known/pith/6RY5U7QF5DYR6JFWNNFUKDBFJ7/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:6RY5U7QF5DYR6JFWNNFUKDBFJ7","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"9ebf1b77ab8a0b17fb83df66d639a4afaaa3fa9876320486b53aa9d4f5569601","cross_cats_sorted":["cs.AI"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-19T13:02:47Z","title_canon_sha256":"e0f68dbf552b06af4d6f6edd169e05b6d08a2f89540e9e1e6e9c1cd11bf9903b"},"schema_version":"1.0","source":{"id":"2606.21397","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.21397","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"arxiv_version","alias_value":"2606.21397v1","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.21397","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"pith_short_12","alias_value":"6RY5U7QF5DYR","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"pith_short_16","alias_value":"6RY5U7QF5DYR6JFW","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"pith_short_8","alias_value":"6RY5U7QF","created_at":"2026-06-23T01:13:08Z"}],"graph_snapshots":[{"event_id":"sha256:5d9c44bc3c3f26a7dddb5ff61d0a93f990c26db03cd171ede0e82ff7fdecae16","target":"graph","created_at":"2026-06-23T01:13:08Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2606.21397/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Large Language Models (LLMs) have emerged as a promising tool for automated vulnerability detection, yet their effectiveness on web-specific vulnerabilities remains to be explored.\n  This work benchmarks six frontier (Claude Opus 4.6, Codex GPT-5.4, Gemini 3.1-pro-preview) and open-weight models (Qwen 3.5, Qwen 3 Coder Next, MiniMax M2.5) on their ability to detect real-world web vulnerabilities using static analysis in WordPress plugins, including SQL injection, stored cross-site scripting, path traversal, and remote code execution. Using five prompt designs of varying structure, scope, and c","authors_text":"Antonio Benjamin Buchholz, Luca Jungnickel, Sebastian Neef, Valene Spence, Vicente Birke Gonzalez","cross_cats":["cs.AI"],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-19T13:02:47Z","title":"Evaluating LLMs for Real-World Web Vulnerability Detection"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.21397","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:78030fbb818b7f3ec32a0ea610be1c50f858e10f81ee6cc379593d5130204a79","target":"record","created_at":"2026-06-23T01:13:08Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"9ebf1b77ab8a0b17fb83df66d639a4afaaa3fa9876320486b53aa9d4f5569601","cross_cats_sorted":["cs.AI"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-19T13:02:47Z","title_canon_sha256":"e0f68dbf552b06af4d6f6edd169e05b6d08a2f89540e9e1e6e9c1cd11bf9903b"},"schema_version":"1.0","source":{"id":"2606.21397","kind":"arxiv","version":1}},"canonical_sha256":"f471da7e05e8f11f24b66b4b450c254fd8a3e0ca4eb5ed9dbb52b2ab91adf427","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"f471da7e05e8f11f24b66b4b450c254fd8a3e0ca4eb5ed9dbb52b2ab91adf427","first_computed_at":"2026-06-23T01:13:08.937972Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-23T01:13:08.937972Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"mDwfge+dDTqd3ORo9pq+k2yuFpN8cluTHHXPw0fJ9ZLXr0a8kPlTVQivppbJ7+dC2sURKgA+a9qBzOY+e/sXAQ==","signature_status":"signed_v1","signed_at":"2026-06-23T01:13:08.938401Z","signed_message":"canonical_sha256_bytes"},"source_id":"2606.21397","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:78030fbb818b7f3ec32a0ea610be1c50f858e10f81ee6cc379593d5130204a79","sha256:5d9c44bc3c3f26a7dddb5ff61d0a93f990c26db03cd171ede0e82ff7fdecae16"],"state_sha256":"02a52a6216d49d058291f5ed3bcf8ea4f3e3b8e21f0f3ddb91f83e51a98770f6"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"2g02eb5hTh7xr7TxC9rYinHj1sqVR4tn34a/nUkpyurzBKw8XnZ1N2KH2D/Pm4WBcpL/1/FLMqyKigCdpUSeAA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-28T07:22:26.794182Z","bundle_sha256":"e88b137b9f9bb567d8c4e5d0e2b38baf105cbb0ac1b4f5849a1a517292467778"}}