{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:FHN3RHVUTUPU7EZLVD3ZVEZB6Q","short_pith_number":"pith:FHN3RHVU","schema_version":"1.0","canonical_sha256":"29dbb89eb49d1f4f932ba8f79a9321f42e6525b82e69643656cc29c920330f2f","source":{"kind":"arxiv","id":"2606.19660","version":1},"attestation_state":"computed","paper":{"title":"A Layered Security Framework Against Prompt Injection in RAG-Based Chatbots","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.CL"],"primary_cat":"cs.CR","authors_text":"Ali Hassan, Gulshan Saleem, Muhammad Imran Zaman, Nisar Ahmed","submitted_at":"2026-06-17T23:59:57Z","abstract_excerpt":"Prompt injection is ranked as the most critical vulnerability in large language model (LLM) deployments by the OWASP Top 10 for LLM Applications, yet existing defenses operate at isolated pipeline stages and remain incomplete. Input filters cannot inspect retrieved documents, while output monitors cannot prevent malicious payloads from reaching the model. Consequently, retrieval-augmented generation (RAG) chatbots remain vulnerable to indirect injection, where a poisoned knowledge-base document compromises every user whose query retrieves it. We present a three-layer framework that intercepts "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2606.19660","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-17T23:59:57Z","cross_cats_sorted":["cs.CL"],"title_canon_sha256":"b455cb74d2b9d7bb1259d066f8094426acd09b913bb51288ee027a665983258c","abstract_canon_sha256":"f8805caa693556442c8910342c154a0d14607b5958216c264f781d5dcee9851c"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-19T16:12:31.544439Z","signature_b64":"inzXeGHyn5Ej9aeLjUS2ByCcEfNnqOMBG85+LVqCmxwwsnqyyDpnJ7LRMVJRpCMlOwR+/3MkdrBHlwucHnSADA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"29dbb89eb49d1f4f932ba8f79a9321f42e6525b82e69643656cc29c920330f2f","last_reissued_at":"2026-06-19T16:12:31.544001Z","signature_status":"signed_v1","first_computed_at":"2026-06-19T16:12:31.544001Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"A Layered Security Framework Against Prompt Injection in RAG-Based Chatbots","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.CL"],"primary_cat":"cs.CR","authors_text":"Ali Hassan, Gulshan Saleem, Muhammad Imran Zaman, Nisar Ahmed","submitted_at":"2026-06-17T23:59:57Z","abstract_excerpt":"Prompt injection is ranked as the most critical vulnerability in large language model (LLM) deployments by the OWASP Top 10 for LLM Applications, yet existing defenses operate at isolated pipeline stages and remain incomplete. Input filters cannot inspect retrieved documents, while output monitors cannot prevent malicious payloads from reaching the model. Consequently, retrieval-augmented generation (RAG) chatbots remain vulnerable to indirect injection, where a poisoned knowledge-base document compromises every user whose query retrieves it. We present a three-layer framework that intercepts "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.19660","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2606.19660/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2606.19660","created_at":"2026-06-19T16:12:31.544057+00:00"},{"alias_kind":"arxiv_version","alias_value":"2606.19660v1","created_at":"2026-06-19T16:12:31.544057+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.19660","created_at":"2026-06-19T16:12:31.544057+00:00"},{"alias_kind":"pith_short_12","alias_value":"FHN3RHVUTUPU","created_at":"2026-06-19T16:12:31.544057+00:00"},{"alias_kind":"pith_short_16","alias_value":"FHN3RHVUTUPU7EZL","created_at":"2026-06-19T16:12:31.544057+00:00"},{"alias_kind":"pith_short_8","alias_value":"FHN3RHVU","created_at":"2026-06-19T16:12:31.544057+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/FHN3RHVUTUPU7EZLVD3ZVEZB6Q","json":"https://pith.science/pith/FHN3RHVUTUPU7EZLVD3ZVEZB6Q.json","graph_json":"https://pith.science/api/pith-number/FHN3RHVUTUPU7EZLVD3ZVEZB6Q/graph.json","events_json":"https://pith.science/api/pith-number/FHN3RHVUTUPU7EZLVD3ZVEZB6Q/events.json","paper":"https://pith.science/paper/FHN3RHVU"},"agent_actions":{"view_html":"https://pith.science/pith/FHN3RHVUTUPU7EZLVD3ZVEZB6Q","download_json":"https://pith.science/pith/FHN3RHVUTUPU7EZLVD3ZVEZB6Q.json","view_paper":"https://pith.science/paper/FHN3RHVU","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2606.19660&json=true","fetch_graph":"https://pith.science/api/pith-number/FHN3RHVUTUPU7EZLVD3ZVEZB6Q/graph.json","fetch_events":"https://pith.science/api/pith-number/FHN3RHVUTUPU7EZLVD3ZVEZB6Q/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/FHN3RHVUTUPU7EZLVD3ZVEZB6Q/action/timestamp_anchor","attest_storage":"https://pith.science/pith/FHN3RHVUTUPU7EZLVD3ZVEZB6Q/action/storage_attestation","attest_author":"https://pith.science/pith/FHN3RHVUTUPU7EZLVD3ZVEZB6Q/action/author_attestation","sign_citation":"https://pith.science/pith/FHN3RHVUTUPU7EZLVD3ZVEZB6Q/action/citation_signature","submit_replication":"https://pith.science/pith/FHN3RHVUTUPU7EZLVD3ZVEZB6Q/action/replication_record"}},"created_at":"2026-06-19T16:12:31.544057+00:00","updated_at":"2026-06-19T16:12:31.544057+00:00"}