{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:BCXCD53JQH53PLR4VGFH2OGQA7","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"23906215d85f548b57e2e7554ffad9e806d6064d3610b1e36ce57f1ee97a3484","cross_cats_sorted":["cs.LG"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-02T08:54:37Z","title_canon_sha256":"dbb2042ef893a7c8041317e71cd2e48c5cd6b224975308b3a3ade2b5b66687f7"},"schema_version":"1.0","source":{"id":"2606.03344","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.03344","created_at":"2026-06-03T01:05:55Z"},{"alias_kind":"arxiv_version","alias_value":"2606.03344v1","created_at":"2026-06-03T01:05:55Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.03344","created_at":"2026-06-03T01:05:55Z"},{"alias_kind":"pith_short_12","alias_value":"BCXCD53JQH53","created_at":"2026-06-03T01:05:55Z"},{"alias_kind":"pith_short_16","alias_value":"BCXCD53JQH53PLR4","created_at":"2026-06-03T01:05:55Z"},{"alias_kind":"pith_short_8","alias_value":"BCXCD53J","created_at":"2026-06-03T01:05:55Z"}],"graph_snapshots":[{"event_id":"sha256:c3dce9ce73a1b891441cd6d23e6617b5a86134214d9a9ab3a6850fbaaa1cdd19","target":"graph","created_at":"2026-06-03T01:05:55Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2606.03344/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Model merging composes specialized capabilities into a single LLM by aggregating task vectors sourced from unverified public platforms, exposing a critical supply-chain attack surface: Because any malicious behavior can be encoded into a task vector, and merging grants third-party vectors direct write access to model weights, an attacker-provided task vector can enable or amplify diverse downstream threats. Prior work studies only backdoor attacks against model merging for classifiers using static arithmetic heuristics, which fail to effectively handle diverse attacks on generative LLMs for th","authors_text":"Fnu Suya, Han Zhao, Jinghuai Zhang, Kunlin Cai, Yetian He, Yuan Tian","cross_cats":["cs.LG"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-02T08:54:37Z","title":"RogueMerge: Robust and Unified Attacks against LLM Model Merging"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.03344","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:ccfa113deb050d461fb92ca38117b2093b8279130c5c98ed432cd68a1e5f656b","target":"record","created_at":"2026-06-03T01:05:55Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"23906215d85f548b57e2e7554ffad9e806d6064d3610b1e36ce57f1ee97a3484","cross_cats_sorted":["cs.LG"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-02T08:54:37Z","title_canon_sha256":"dbb2042ef893a7c8041317e71cd2e48c5cd6b224975308b3a3ade2b5b66687f7"},"schema_version":"1.0","source":{"id":"2606.03344","kind":"arxiv","version":1}},"canonical_sha256":"08ae21f76981fbb7ae3ca98a7d38d007ea89936f1cfec63f723c395a8319e553","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"08ae21f76981fbb7ae3ca98a7d38d007ea89936f1cfec63f723c395a8319e553","first_computed_at":"2026-06-03T01:05:55.561581Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-03T01:05:55.561581Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"c1v0xbUUWCbD20B0MDE/cdZrz0ku5VoaRSitDMRx2gHghCW8ipVtYKNle+olSQM6ryjuKKx6GIb1/GsXkIDpBA==","signature_status":"signed_v1","signed_at":"2026-06-03T01:05:55.562062Z","signed_message":"canonical_sha256_bytes"},"source_id":"2606.03344","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:ccfa113deb050d461fb92ca38117b2093b8279130c5c98ed432cd68a1e5f656b","sha256:c3dce9ce73a1b891441cd6d23e6617b5a86134214d9a9ab3a6850fbaaa1cdd19"],"state_sha256":"1ae30537071fd5e20889eb81090a521564d47e84a90fb82470873d2ee093d438"}