{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:CGAISUAEVSANQECFSA2U4DGWA4","short_pith_number":"pith:CGAISUAE","canonical_record":{"source":{"id":"2604.01905","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","primary_cat":"cs.CR","submitted_at":"2026-04-02T11:22:07Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"5a72ed65c92b6e1918c2e427fb1232f02829c0d2c50adfde6ce6d8a00c7a0a3c","abstract_canon_sha256":"5417d668169c624a7415de78fd91170cc985db4b653b1f9ba7c38805d253454e"},"schema_version":"1.0"},"canonical_sha256":"1180895004ac80d8104590354e0cd60724ed504c2de1c33727474cf7673b12de","source":{"kind":"arxiv","id":"2604.01905","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2604.01905","created_at":"2026-05-20T01:05:12Z"},{"alias_kind":"arxiv_version","alias_value":"2604.01905v2","created_at":"2026-05-20T01:05:12Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2604.01905","created_at":"2026-05-20T01:05:12Z"},{"alias_kind":"pith_short_12","alias_value":"CGAISUAEVSAN","created_at":"2026-05-20T01:05:12Z"},{"alias_kind":"pith_short_16","alias_value":"CGAISUAEVSANQECF","created_at":"2026-05-20T01:05:12Z"},{"alias_kind":"pith_short_8","alias_value":"CGAISUAE","created_at":"2026-05-20T01:05:12Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:CGAISUAEVSANQECFSA2U4DGWA4","target":"record","payload":{"canonical_record":{"source":{"id":"2604.01905","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","primary_cat":"cs.CR","submitted_at":"2026-04-02T11:22:07Z","cross_cats_sorted":["cs.SE"],"title_canon_sha256":"5a72ed65c92b6e1918c2e427fb1232f02829c0d2c50adfde6ce6d8a00c7a0a3c","abstract_canon_sha256":"5417d668169c624a7415de78fd91170cc985db4b653b1f9ba7c38805d253454e"},"schema_version":"1.0"},"canonical_sha256":"1180895004ac80d8104590354e0cd60724ed504c2de1c33727474cf7673b12de","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-20T01:05:12.414387Z","signature_b64":"vWw2VxaNOsBS8s//0JsfxWqe8dQORaa6q647PH3siCP7FwTOboz6a3LZLs3vfbsBePhlouayqMtTj1KMqBlABw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"1180895004ac80d8104590354e0cd60724ed504c2de1c33727474cf7673b12de","last_reissued_at":"2026-05-20T01:05:12.413572Z","signature_status":"signed_v1","first_computed_at":"2026-05-20T01:05:12.413572Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2604.01905","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-20T01:05:12Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"PTmBQNdno2lEGCKPvso4SIcl5lBgK1dEWMo23dGZOgzeE3KWxu2BRjkb5ncD5Y7U/+5d9JFFDlH58JQaWTlbCw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-23T18:04:59.565503Z"},"content_sha256":"7f295aef4206792d092e5344c34d1d4ac5c9e4f1086118ad134ef70191474c01","schema_version":"1.0","event_id":"sha256:7f295aef4206792d092e5344c34d1d4ac5c9e4f1086118ad134ef70191474c01"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:CGAISUAEVSANQECFSA2U4DGWA4","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers","license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","headline":"","cross_cats":["cs.SE"],"primary_cat":"cs.CR","authors_text":"Bihuan Chen, Susheng Wu, Xin Hu, Xin Peng, Yiheng Cao, Yiheng Huang, Zhijia Zhao, Zhuotong Zhou","submitted_at":"2026-04-02T11:22:07Z","abstract_excerpt":"The model context protocol (MCP) standardizes how LLMs connect to external tools and data sources, enabling faster integration but introducing new attack vectors. Despite the growing adoption of MCP, existing MCP security studies classify attacks by their observable effects, obscuring how attacks behave across different MCP server components and overlooking multi-component attack chains. Meanwhile, existing defenses are less effective when facing multi-component attacks or previously unknown malicious behaviors.\n  This work presents a component-centric perspective for understanding and detecti"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2604.01905","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2604.01905/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-20T01:05:12Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"GdyA2pIxRYu6FFLgf8hCM/R+Lj1N43nmqaXvki30lm1z2Iwn5BiCjpZCR+CvJXdHW5aU9eVZ2SmZJbiXD54hDQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-23T18:04:59.566237Z"},"content_sha256":"ff4137b2e8d74ff26a75548ff4d36f69d569254a89b0244a3ae1de4f493425fa","schema_version":"1.0","event_id":"sha256:ff4137b2e8d74ff26a75548ff4d36f69d569254a89b0244a3ae1de4f493425fa"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/CGAISUAEVSANQECFSA2U4DGWA4/bundle.json","state_url":"https://pith.science/pith/CGAISUAEVSANQECFSA2U4DGWA4/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/CGAISUAEVSANQECFSA2U4DGWA4/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-23T18:04:59Z","links":{"resolver":"https://pith.science/pith/CGAISUAEVSANQECFSA2U4DGWA4","bundle":"https://pith.science/pith/CGAISUAEVSANQECFSA2U4DGWA4/bundle.json","state":"https://pith.science/pith/CGAISUAEVSANQECFSA2U4DGWA4/state.json","well_known_bundle":"https://pith.science/.well-known/pith/CGAISUAEVSANQECFSA2U4DGWA4/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:CGAISUAEVSANQECFSA2U4DGWA4","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"5417d668169c624a7415de78fd91170cc985db4b653b1f9ba7c38805d253454e","cross_cats_sorted":["cs.SE"],"license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","primary_cat":"cs.CR","submitted_at":"2026-04-02T11:22:07Z","title_canon_sha256":"5a72ed65c92b6e1918c2e427fb1232f02829c0d2c50adfde6ce6d8a00c7a0a3c"},"schema_version":"1.0","source":{"id":"2604.01905","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2604.01905","created_at":"2026-05-20T01:05:12Z"},{"alias_kind":"arxiv_version","alias_value":"2604.01905v2","created_at":"2026-05-20T01:05:12Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2604.01905","created_at":"2026-05-20T01:05:12Z"},{"alias_kind":"pith_short_12","alias_value":"CGAISUAEVSAN","created_at":"2026-05-20T01:05:12Z"},{"alias_kind":"pith_short_16","alias_value":"CGAISUAEVSANQECF","created_at":"2026-05-20T01:05:12Z"},{"alias_kind":"pith_short_8","alias_value":"CGAISUAE","created_at":"2026-05-20T01:05:12Z"}],"graph_snapshots":[{"event_id":"sha256:ff4137b2e8d74ff26a75548ff4d36f69d569254a89b0244a3ae1de4f493425fa","target":"graph","created_at":"2026-05-20T01:05:12Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2604.01905/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"The model context protocol (MCP) standardizes how LLMs connect to external tools and data sources, enabling faster integration but introducing new attack vectors. Despite the growing adoption of MCP, existing MCP security studies classify attacks by their observable effects, obscuring how attacks behave across different MCP server components and overlooking multi-component attack chains. Meanwhile, existing defenses are less effective when facing multi-component attacks or previously unknown malicious behaviors.\n  This work presents a component-centric perspective for understanding and detecti","authors_text":"Bihuan Chen, Susheng Wu, Xin Hu, Xin Peng, Yiheng Cao, Yiheng Huang, Zhijia Zhao, Zhuotong Zhou","cross_cats":["cs.SE"],"headline":"","license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","primary_cat":"cs.CR","submitted_at":"2026-04-02T11:22:07Z","title":"From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2604.01905","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:7f295aef4206792d092e5344c34d1d4ac5c9e4f1086118ad134ef70191474c01","target":"record","created_at":"2026-05-20T01:05:12Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"5417d668169c624a7415de78fd91170cc985db4b653b1f9ba7c38805d253454e","cross_cats_sorted":["cs.SE"],"license":"http://creativecommons.org/licenses/by-nc-nd/4.0/","primary_cat":"cs.CR","submitted_at":"2026-04-02T11:22:07Z","title_canon_sha256":"5a72ed65c92b6e1918c2e427fb1232f02829c0d2c50adfde6ce6d8a00c7a0a3c"},"schema_version":"1.0","source":{"id":"2604.01905","kind":"arxiv","version":2}},"canonical_sha256":"1180895004ac80d8104590354e0cd60724ed504c2de1c33727474cf7673b12de","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"1180895004ac80d8104590354e0cd60724ed504c2de1c33727474cf7673b12de","first_computed_at":"2026-05-20T01:05:12.413572Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-20T01:05:12.413572Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"vWw2VxaNOsBS8s//0JsfxWqe8dQORaa6q647PH3siCP7FwTOboz6a3LZLs3vfbsBePhlouayqMtTj1KMqBlABw==","signature_status":"signed_v1","signed_at":"2026-05-20T01:05:12.414387Z","signed_message":"canonical_sha256_bytes"},"source_id":"2604.01905","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:7f295aef4206792d092e5344c34d1d4ac5c9e4f1086118ad134ef70191474c01","sha256:ff4137b2e8d74ff26a75548ff4d36f69d569254a89b0244a3ae1de4f493425fa"],"state_sha256":"e00656237a0ebd7ea08c4ea13174d5941df896cd7e85d9fdb9bb3c02b908136e"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Sk7AkCEBB/OhwN9FLEFUkb2GLZffT9EP8XUxYCgZt+bLFVZmsAP4NujFMgxU/HakLyFKpbAmeBNjrPk9nklzDA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-23T18:04:59.569926Z","bundle_sha256":"84af4a58ff525a58b785c957a376949e7b8e5d01e4054e139508066e931a8618"}}