{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:DIAUVKKU6L2QNJ3U46TTYIW7QH","short_pith_number":"pith:DIAUVKKU","canonical_record":{"source":{"id":"2601.07177","kind":"arxiv","version":5},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-01-12T04:01:03Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"3d0195cdce21ac69659d64220e660d1496aa211f382002cb4cddb1fe43f1e1d1","abstract_canon_sha256":"8ead2f6db993213c21eb1f5236c8143fc1e023b1b9d7329e66ff229bf94e73b3"},"schema_version":"1.0"},"canonical_sha256":"1a014aa954f2f506a774e7a73c22df81fe4b83001b2fd0c57c0866ee9a558ca6","source":{"kind":"arxiv","id":"2601.07177","version":5},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2601.07177","created_at":"2026-06-02T01:03:40Z"},{"alias_kind":"arxiv_version","alias_value":"2601.07177v5","created_at":"2026-06-02T01:03:40Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2601.07177","created_at":"2026-06-02T01:03:40Z"},{"alias_kind":"pith_short_12","alias_value":"DIAUVKKU6L2Q","created_at":"2026-06-02T01:03:40Z"},{"alias_kind":"pith_short_16","alias_value":"DIAUVKKU6L2QNJ3U","created_at":"2026-06-02T01:03:40Z"},{"alias_kind":"pith_short_8","alias_value":"DIAUVKKU","created_at":"2026-06-02T01:03:40Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:DIAUVKKU6L2QNJ3U46TTYIW7QH","target":"record","payload":{"canonical_record":{"source":{"id":"2601.07177","kind":"arxiv","version":5},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-01-12T04:01:03Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"3d0195cdce21ac69659d64220e660d1496aa211f382002cb4cddb1fe43f1e1d1","abstract_canon_sha256":"8ead2f6db993213c21eb1f5236c8143fc1e023b1b9d7329e66ff229bf94e73b3"},"schema_version":"1.0"},"canonical_sha256":"1a014aa954f2f506a774e7a73c22df81fe4b83001b2fd0c57c0866ee9a558ca6","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-02T01:03:40.643117Z","signature_b64":"0jgcS5m8WEYUBQnbH0ivydjwqWBNmkXWroiIkfPQLbc1RII+DiSDFqJaLxzrjCStub/Kq1XIgkoV68aO74I8Aw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"1a014aa954f2f506a774e7a73c22df81fe4b83001b2fd0c57c0866ee9a558ca6","last_reissued_at":"2026-06-02T01:03:40.642598Z","signature_status":"signed_v1","first_computed_at":"2026-06-02T01:03:40.642598Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2601.07177","source_version":5,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-02T01:03:40Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"16ImBJk/E1JNi9zNTqG7ZOQfjbJkXp0uPfxgOB0Vc+NnUZx8V2sgpvDRCL6787HSm7GWMA+r/9YrNalFlwZ+Dg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-30T22:40:18.115408Z"},"content_sha256":"ba74c650b691f3940d38a36aae7ac7aaf41a00d1d6db4f8cfaddbf8b416ea43d","schema_version":"1.0","event_id":"sha256:ba74c650b691f3940d38a36aae7ac7aaf41a00d1d6db4f8cfaddbf8b416ea43d"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:DIAUVKKU6L2QNJ3U46TTYIW7QH","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Safe-FedLLM: Delving into the Safety of Federated Large Language Models","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"Safe-FedLLM detects malicious client updates in federated LLM training by classifying distinct patterns in LoRA parameters with lightweight probes.","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Mingxiang Tao, Wenxuan Tu, Xiangyan Tang, Xue Yang, Yue Yang, Yu Tian","submitted_at":"2026-01-12T04:01:03Z","abstract_excerpt":"Federated learning (FL) addresses privacy and data-silo issues in the training of large language models (LLMs). Most prior work focuses on improving the efficiency of federated learning for LLMs (FedLLM). However, security in open federated environments, particularly defenses against malicious clients, remains underexplored. To investigate the security of FedLLM, we conduct a preliminary study to analyze potential attack surfaces and defensive characteristics from the perspective of LoRA updates. We find two key properties of FedLLM: 1) LLMs are vulnerable to attacks from malicious clients in "},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"Safe-FedLLM effectively improves FedLLM's robustness against malicious clients while maintaining competitive performance on benign data, and remains effective even under high malicious client ratios.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"That LoRA updates from malicious clients exhibit reliably distinct behavioral patterns that lightweight classifiers can separate from benign updates without introducing harmful false positives or requiring attack-specific tuning.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"Safe-FedLLM detects malicious client LoRA updates in federated LLM training via step-, client-, and shadow-level probes with lightweight classifiers, improving robustness while preserving benign performance.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"Safe-FedLLM detects malicious client updates in federated LLM training by classifying distinct patterns in LoRA parameters with lightweight probes.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"707c8bcd2a2b65f81ed4fceee6d80acc4b6620afb6de19ba606a852be35c03e2"},"source":{"id":"2601.07177","kind":"arxiv","version":5},"verdict":{"id":"1acebef2-2e42-499b-b4e3-77b80feb2cda","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-16T15:43:51.224984Z","strongest_claim":"Safe-FedLLM effectively improves FedLLM's robustness against malicious clients while maintaining competitive performance on benign data, and remains effective even under high malicious client ratios.","one_line_summary":"Safe-FedLLM detects malicious client LoRA updates in federated LLM training via step-, client-, and shadow-level probes with lightweight classifiers, improving robustness while preserving benign performance.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"That LoRA updates from malicious clients exhibit reliably distinct behavioral patterns that lightweight classifiers can separate from benign updates without introducing harmful false positives or requiring attack-specific tuning.","pith_extraction_headline":"Safe-FedLLM detects malicious client updates in federated LLM training by classifying distinct patterns in LoRA parameters with lightweight probes."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2601.07177/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":2,"snapshot_sha256":"ba7b342cfbb3cb2dddd9850db94f9f36a0df732a961990e37428bc5ef1602e44"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":"1acebef2-2e42-499b-b4e3-77b80feb2cda"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-02T01:03:40Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"5GUYGVnZrwUdAZmAEbaOx9s3aeCcSYRn1R1Msmm6Cx9G+WtjgQhU3UD8QVYdylpzsWnOLdTQyEO7csGQeKhWCA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-30T22:40:18.115909Z"},"content_sha256":"93cddc33ac8d8744530bc658890b97cf76fa3fb4efb4f3b78c393cb8ba149fbd","schema_version":"1.0","event_id":"sha256:93cddc33ac8d8744530bc658890b97cf76fa3fb4efb4f3b78c393cb8ba149fbd"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/DIAUVKKU6L2QNJ3U46TTYIW7QH/bundle.json","state_url":"https://pith.science/pith/DIAUVKKU6L2QNJ3U46TTYIW7QH/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/DIAUVKKU6L2QNJ3U46TTYIW7QH/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-30T22:40:18Z","links":{"resolver":"https://pith.science/pith/DIAUVKKU6L2QNJ3U46TTYIW7QH","bundle":"https://pith.science/pith/DIAUVKKU6L2QNJ3U46TTYIW7QH/bundle.json","state":"https://pith.science/pith/DIAUVKKU6L2QNJ3U46TTYIW7QH/state.json","well_known_bundle":"https://pith.science/.well-known/pith/DIAUVKKU6L2QNJ3U46TTYIW7QH/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:DIAUVKKU6L2QNJ3U46TTYIW7QH","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"8ead2f6db993213c21eb1f5236c8143fc1e023b1b9d7329e66ff229bf94e73b3","cross_cats_sorted":["cs.AI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-01-12T04:01:03Z","title_canon_sha256":"3d0195cdce21ac69659d64220e660d1496aa211f382002cb4cddb1fe43f1e1d1"},"schema_version":"1.0","source":{"id":"2601.07177","kind":"arxiv","version":5}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2601.07177","created_at":"2026-06-02T01:03:40Z"},{"alias_kind":"arxiv_version","alias_value":"2601.07177v5","created_at":"2026-06-02T01:03:40Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2601.07177","created_at":"2026-06-02T01:03:40Z"},{"alias_kind":"pith_short_12","alias_value":"DIAUVKKU6L2Q","created_at":"2026-06-02T01:03:40Z"},{"alias_kind":"pith_short_16","alias_value":"DIAUVKKU6L2QNJ3U","created_at":"2026-06-02T01:03:40Z"},{"alias_kind":"pith_short_8","alias_value":"DIAUVKKU","created_at":"2026-06-02T01:03:40Z"}],"graph_snapshots":[{"event_id":"sha256:93cddc33ac8d8744530bc658890b97cf76fa3fb4efb4f3b78c393cb8ba149fbd","target":"graph","created_at":"2026-06-02T01:03:40Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":4,"items":[{"attestation":"unclaimed","claim_id":"C1","kind":"strongest_claim","source":"verdict.strongest_claim","status":"machine_extracted","text":"Safe-FedLLM effectively improves FedLLM's robustness against malicious clients while maintaining competitive performance on benign data, and remains effective even under high malicious client ratios."},{"attestation":"unclaimed","claim_id":"C2","kind":"weakest_assumption","source":"verdict.weakest_assumption","status":"machine_extracted","text":"That LoRA updates from malicious clients exhibit reliably distinct behavioral patterns that lightweight classifiers can separate from benign updates without introducing harmful false positives or requiring attack-specific tuning."},{"attestation":"unclaimed","claim_id":"C3","kind":"one_line_summary","source":"verdict.one_line_summary","status":"machine_extracted","text":"Safe-FedLLM detects malicious client LoRA updates in federated LLM training via step-, client-, and shadow-level probes with lightweight classifiers, improving robustness while preserving benign performance."},{"attestation":"unclaimed","claim_id":"C4","kind":"headline","source":"verdict.pith_extraction.headline","status":"machine_extracted","text":"Safe-FedLLM detects malicious client updates in federated LLM training by classifying distinct patterns in LoRA parameters with lightweight probes."}],"snapshot_sha256":"707c8bcd2a2b65f81ed4fceee6d80acc4b6620afb6de19ba606a852be35c03e2"},"formal_canon":{"evidence_count":2,"snapshot_sha256":"ba7b342cfbb3cb2dddd9850db94f9f36a0df732a961990e37428bc5ef1602e44"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2601.07177/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Federated learning (FL) addresses privacy and data-silo issues in the training of large language models (LLMs). Most prior work focuses on improving the efficiency of federated learning for LLMs (FedLLM). However, security in open federated environments, particularly defenses against malicious clients, remains underexplored. To investigate the security of FedLLM, we conduct a preliminary study to analyze potential attack surfaces and defensive characteristics from the perspective of LoRA updates. We find two key properties of FedLLM: 1) LLMs are vulnerable to attacks from malicious clients in ","authors_text":"Mingxiang Tao, Wenxuan Tu, Xiangyan Tang, Xue Yang, Yue Yang, Yu Tian","cross_cats":["cs.AI"],"headline":"Safe-FedLLM detects malicious client updates in federated LLM training by classifying distinct patterns in LoRA parameters with lightweight probes.","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-01-12T04:01:03Z","title":"Safe-FedLLM: Delving into the Safety of Federated Large Language Models"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2601.07177","kind":"arxiv","version":5},"verdict":{"created_at":"2026-05-16T15:43:51.224984Z","id":"1acebef2-2e42-499b-b4e3-77b80feb2cda","model_set":{"reader":"grok-4.3"},"one_line_summary":"Safe-FedLLM detects malicious client LoRA updates in federated LLM training via step-, client-, and shadow-level probes with lightweight classifiers, improving robustness while preserving benign performance.","pipeline_version":"pith-pipeline@v0.9.0","pith_extraction_headline":"Safe-FedLLM detects malicious client updates in federated LLM training by classifying distinct patterns in LoRA parameters with lightweight probes.","strongest_claim":"Safe-FedLLM effectively improves FedLLM's robustness against malicious clients while maintaining competitive performance on benign data, and remains effective even under high malicious client ratios.","weakest_assumption":"That LoRA updates from malicious clients exhibit reliably distinct behavioral patterns that lightweight classifiers can separate from benign updates without introducing harmful false positives or requiring attack-specific tuning."}},"verdict_id":"1acebef2-2e42-499b-b4e3-77b80feb2cda"}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:ba74c650b691f3940d38a36aae7ac7aaf41a00d1d6db4f8cfaddbf8b416ea43d","target":"record","created_at":"2026-06-02T01:03:40Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"8ead2f6db993213c21eb1f5236c8143fc1e023b1b9d7329e66ff229bf94e73b3","cross_cats_sorted":["cs.AI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-01-12T04:01:03Z","title_canon_sha256":"3d0195cdce21ac69659d64220e660d1496aa211f382002cb4cddb1fe43f1e1d1"},"schema_version":"1.0","source":{"id":"2601.07177","kind":"arxiv","version":5}},"canonical_sha256":"1a014aa954f2f506a774e7a73c22df81fe4b83001b2fd0c57c0866ee9a558ca6","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"1a014aa954f2f506a774e7a73c22df81fe4b83001b2fd0c57c0866ee9a558ca6","first_computed_at":"2026-06-02T01:03:40.642598Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-02T01:03:40.642598Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"0jgcS5m8WEYUBQnbH0ivydjwqWBNmkXWroiIkfPQLbc1RII+DiSDFqJaLxzrjCStub/Kq1XIgkoV68aO74I8Aw==","signature_status":"signed_v1","signed_at":"2026-06-02T01:03:40.643117Z","signed_message":"canonical_sha256_bytes"},"source_id":"2601.07177","source_kind":"arxiv","source_version":5}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:ba74c650b691f3940d38a36aae7ac7aaf41a00d1d6db4f8cfaddbf8b416ea43d","sha256:93cddc33ac8d8744530bc658890b97cf76fa3fb4efb4f3b78c393cb8ba149fbd"],"state_sha256":"2fada1c3eef1089553cd75028809e55df155bace4c89f338c877594763c5a9ab"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"tKeaYjZyfR3vpoVwPRjqeD1tGNcciQ+D56Wk/9qCvVbfh5H+lom9q9n7McYKQXLk5nu8kxZbHfyrs1kZ0kvJDA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-30T22:40:18.118286Z","bundle_sha256":"e1cef7e72daeeb0b3fc51f96e7e6ddd526fb4703b57e709d995e8cd1556a6cd9"}}