REVIEW 3 major objections 6 minor 77 references
Context compression is a defense choke point: invisible Unicode perturbations can make agent summaries unusable while leaving the page looking unchanged to human readers.
Reviewed by Pith at T0; open to challenge. T0 means a machine referee read the full paper against a public rubric. the ladder, T0–T4 →
T0 review · grok-4.5
2026-07-10 11:46 UTC pith:MRQYAOSP
load-bearing objection Solid systems paper that makes compression a real content-protection chokepoint and backs it with thorough multi-target evidence; the only load-bearing soft spot is the no-sanitization threat model the authors already flag. the 3 major comments →
Out of Sight: Compression-Aware Content Protection against Agentic Crawlers
The pith
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
Context compression, the routine agent step that condenses retrieved content to fit limited context, can be turned into a content-layer defense. By injecting optimized invisible perturbations, CAPE induces severe textual and informational degradation in the compressed output—up to 75.8% more information loss than the strongest baseline—while the protected text remains visually indistinguishable from the original for human readers, and the effect transfers to real agent pipelines.
What carries the argument
CAPE (Compression-Aware Protective Evolution): a three-stage procedure that discovers degradation-linked structural priors of invisible-token patterns on a surrogate compressor, adapts them to query-only targets by prior-guided evolutionary search, and allocates scarce target queries with a preference-calibrated local ranker.
Load-bearing premise
The agent must send the harvested page into its compressor essentially as published, without first stripping zero-width or other invisible Unicode characters.
What would settle it
Strip all invisible and zero-width Unicode from a CAPE-protected document, re-run the same compressor or LangGraph/Copilot pipeline on the cleaned text, and check whether textual and information degradation fall back to the unprotected baseline.
If this is right
- Publishers can ship pages that stay fully readable for people but yield unreliable agent memories and summaries once perimeter access controls are bypassed.
- Compression becomes a complementary defense layer rather than a neutral preprocessing step in agent pipelines.
- Protection transfers beyond lab compressors into real stacks such as LangGraph workflows and GitHub Copilot code assistance.
- Perturbations optimized for several mainstream targets can be composed into one payload when the future compressor is unknown at publication time.
- Future content-protection research should treat agent compression and memory-construction modules as security-sensitive interfaces.
Where Pith is reading between the lines
- Widespread default Unicode normalization in agent crawlers would neutralize this class of defense, but could also damage legitimate formatting-sensitive content such as code and structured markup, so sanitization may stay incomplete for some time.
- The same invisible surface could be dual-use: defenders degrade fidelity while attackers might try to steer compression toward preferred summaries, creating an arms race over tokenizer and sanitization defaults.
- A standardized, machine-readable protection signal for compression (analogous to robots.txt for crawling) could achieve similar goals without relying on invisible characters if platforms and agent vendors agreed to honor it.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper argues that context compression in LLM agent pipelines is an overlooked chokepoint for content protection, and proposes CAPE: a three-stage framework that injects invisible Unicode perturbations (preserving human-visible form) so that agent compressors lose structural fidelity and task-relevant information. Stage 1 discovers structural priors on accessible surrogate compressors via a distributional (entropy / anomalous-continuation) objective; Stages 2–3 adapt those seeds to query-only targets with prior-guided evolution and a preference-calibrated ranker under a 100-query budget. Experiments on long-form text, code, and dialogue against GPT-4.1, Gemini 3 Flash, LangGraph, and GitHub Copilot report large gains in textual/information degradation and downstream utility loss (e.g., LangGraph DRAD up to 59.7%) while keeping automated HVID low; ablations, compositional transfer, and cross-paradigm compression (abstractive, Selective Context, LLMLingua, ICAE) support the design.
Significance. If the threat model holds, the work is significant for agent-era content protection: it reframes compression as a complementary defense layer when access controls fail, and supplies a concrete, low-query adaptation pipeline with real-world transfer to LangGraph and GitHub Copilot. Strengths include paired evaluation across three content types and four target settings, stage-level and component ablations (Fig. 3–4), compositional multi-target transfer (Table 5), generalization across hard/soft/abstractive compressors (Table 6), near-window stress tests, fixed held-out hyperparameters, and a public prototype release. The contribution is primarily empirical and systems-oriented rather than theoretical, but the compression-chokepoint framing is novel and actionable for publishers and agent developers.
major comments (3)
- [§3.1 Threat Model; Limitations] §3.1 (Threat Model) and Limitations: The central protection claim rests on the adversary forwarding harvested text 'verbatim, without aggressive preprocessing or sanitization' and not stripping zero-width/invisible Unicode. Limitations correctly notes that Unicode normalization or whitespace sanitization would prevent perturbations from reaching the compressor, collapsing all reported gains (up to 75.8% information-loss improvement, LangGraph DRAD 59.7%, Copilot CSD/MOR). This assumption is load-bearing and currently untested. The manuscript needs either (i) experiments under light/realistic sanitization (NFC/NFKC, zero-width stripping, common HTML/text cleaners) with residual degradation reported, or (ii) a quantitative scoping of which real agent/crawler pipelines leave invisible tokens intact, plus clearer claim language that CAPE is a first-line content-layer defense only when saniti
- [§5.1 Metrics; §A.11 HVID] §5.1 Metrics and claims of 'visually indistinguishable' / 'human-visible difference ~1.4%': HVID (§A.11, Eq. for HVID) is a five-component automated score (invisible-set membership, multi-mode OCR/render NED, adjacent-window NED, log-PPL naturalness, semantic similarity). No human subject study validates that protected pages are perceived as identical to originals under ordinary reading (browser, Markdown, code viewers). For a core selling point—'without changing its human-visible surface form'—either a small human indistinguishability study or softer language (e.g., 'low automated HVID; human study left to future work') is needed so the imperceptibility claim is not overstated relative to the evidence.
- [Abstract; §5.2; Table 1] Abstract / Contributions vs §5.2: The abstract and contribution list claim CAPE 'improves information loss by up to 75.8% over the strongest baseline,' while §5.2 reports 'up to 62.6%' for GPT-4.1 information loss and separately 'TD by 241.7%' on Gemini. The 75.8% figure is not clearly traceable to a specific cell in Table 1–3 or the appendix tables. Please pin the headline percentage to an explicit table entry (metric, content type, target, baseline) and align abstract, intro, and results so the strongest claim is reproducible from the reported numbers.
minor comments (6)
- [§2; Fig. 1] Fig. 1 and the five-stage agent workflow are clear, but the figure caption and §2 should briefly note which commercial/open compressors map to 'LLM-driven compression' vs hard token selection vs soft representation, so readers can connect the background to Table 6.
- [§4.1; Eq. (4); §A.4] Eq. (4) and §A.4: Vanom / Vlang construction is described at a high level (clean-run frequent tokens vs rare/control tokens plus search-induced tokens). A short pseudocode or fixed recipe (frequency thresholds, exclusion of special IDs) would improve reproducibility of Structural Prior Discovery.
- [Table 1] Table 1 formatting: dual numbers with colored subscripts are dense; consider moving absolute deltas to a supplement or using a single primary score plus Δ in parentheses for readability in print.
- [§A.8; Table 8] §A.8 case study (Table 8) is useful but very long; a shortened main-text excerpt with the full table in the appendix would help readers without breaking flow.
- [Throughout] Minor typos / consistency: 'agentic crawlers' vs 'agent-driven crawlers'; occasional encoding artifacts in the manuscript text (e.g., 'RAGâs'); standardize 'Invisible Perturbation' capitalization.
- [§5.1; §A.7] §5.1 Implementation: coefficients from grid search are listed; stating the validation split size and that the same grid was not re-run per target (as claimed in §A.7) in the main text would help readers trust the frozen-hyperparameter claim.
Circularity Check
No significant circularity; CAPE is an empirical optimization-and-evaluation framework whose protection gains are measured against external compressors and independent baselines, not derived by construction from its own inputs.
full rationale
The paper's central claims are empirical performance numbers (up to 75.8% information-loss improvement, low HVID, LangGraph DRAD 59.7%, Copilot CSD/MOR) obtained by running a three-stage search (surrogate prior discovery via Eq. 4, prior-guided evolution with regularized fitness, preference-calibrated query selection via Eqs. 5-6) against closed-source and commercial compressors under a fixed 100-query budget. Hyper-parameters are selected once by grid search on a held-out validation split and then frozen; they are never re-fit to the reported test numbers. Metrics (TD, ID, OSD, HVID, DRAD, CSD, MOR) are defined independently of the search objective and compare protected versus unmodified outputs under identical prompts and decoding. Ablations (Fig. 3, Fig. 4), compositional transfer (Table 5), and cross-paradigm generalization (Table 6) further isolate components against external baselines (TAP, HardCom, REGTEXT, I-GCG, SoftCom, random/fixed invisible controls). There is no self-definitional equation, no fitted parameter renamed as a prediction, no load-bearing self-citation of a uniqueness theorem, and no ansatz smuggled via prior author work. The only load-bearing assumption is the threat-model statement that the adversary forwards text verbatim without stripping invisible characters; that is an external scope condition, not an internal circular reduction. The derivation chain is therefore self-contained against external benchmarks.
Axiom & Free-Parameter Ledger
free parameters (6)
- λ_a (anomalous-continuation weight) =
0.75
- λ_l (language-suppression weight) =
0.30
- λ_p, λ_u, λ_r (fitness regularizers) =
0.30 / 0.15 / 0.10
- β_u, β_n (acquisition coefficients) =
0.25 / 0.15
- perturbation length ratio =
1/20
- target query budget B =
100
axioms (4)
- domain assumption Modern agent pipelines routinely invoke an LLM-based or token-selection compressor before reasoning or memory write.
- domain assumption Invisible Unicode characters (zero-width, variation selectors, etc.) survive rendering for humans yet alter tokenizer IDs and future-token distributions inside LLMs.
- ad hoc to paper Adversary treats harvested content as pristine and does not apply aggressive Unicode normalization or invisible-character stripping before compression.
- domain assumption Surrogate open-source compressors yield structural priors that remain useful after low-budget evolutionary adaptation to unknown black-box targets.
invented entities (2)
-
Structural descriptors (local fragments, co-occurrence patterns, position-length cells)
no independent evidence
-
Preference-calibrated local ranker f_ϕ
no independent evidence
read the original abstract
The rise of LLM-based agents with reasoning, summarization, and memory capabilities has created a new threat surface for online content that conventional defenses fail to address. Existing defenses like access controls can be circumvented by agents mimicking ordinary browsers, and injection-based defenses often degrade human readability. In this paper, we revisit the agent pipeline and identify context compression, which agents routinely invoke to fit context budgets, as a critical yet overlooked defense layer. We propose CAPE, a framework that protects high-value textual content by injecting invisible perturbations without changing its human-visible surface form, thereby inducing severe information loss during agent compression. CAPE extracts disruptive seed perturbations from an accessible surrogate compressor, then adapts them to query-only target compressors through prior-guided evolution and preference-calibrated candidate prioritization, achieving effective protection under a low query budget. Experiments on three content types and four compression settings show that CAPE improves information loss by up to 75.8% over the strongest baseline while keeping protected content visually indistinguishable from originals. CAPE also transfers to real-world settings, including the LangGraph agent workflow and GitHub Copilot, highlighting its generality and practical value. This paper aims to reveal context compression as a new defense layer, promoting content protection research in the agent era.
Figures
Reference graph
Works this paper leans on
- [1]
-
[2]
Publications Manual , year = "1983", publisher =
work page 1983
-
[3]
Ashok K. Chandra and Dexter C. Kozen and Larry J. Stockmeyer , year = "1981", title =. doi:10.1145/322234.322243
- [4]
-
[5]
Dan Gusfield , title =. 1997
work page 1997
-
[6]
Mohammad Sadegh Rasooli and Joel R. Tetreault , title =. Computing Research Repository , volume =. 2015 , url =
work page 2015
-
[7]
A Framework for Learning Predictive Structures from Multiple Tasks and Unlabeled Data , Volume =
Ando, Rie Kubota and Zhang, Tong , Issn =. A Framework for Learning Predictive Structures from Multiple Tasks and Unlabeled Data , Volume =. Journal of Machine Learning Research , Month = dec, Numpages =
-
[8]
Advances in Neural Information Processing Systems , volume=
Agentdojo: A dynamic environment to evaluate prompt injection attacks and defenses for llm agents , author=. Advances in Neural Information Processing Systems , volume=
-
[9]
Automatic prompt optimization with “gradient descent” and beam search , author=. Proceedings of the 2023 conference on empirical methods in natural language processing , pages=
work page 2023
-
[10]
Universal and Transferable Adversarial Attacks on Aligned Language Models
Universal and transferable adversarial attacks on aligned language models , author=. arXiv preprint arXiv:2307.15043 , year=
work page internal anchor Pith review Pith/arXiv arXiv
-
[11]
AutoDAN: Generating Stealthy Jailbreak Prompts on Aligned Large Language Models
Autodan: Generating stealthy jailbreak prompts on aligned large language models , author=. arXiv preprint arXiv:2310.04451 , year=
work page internal anchor Pith review Pith/arXiv arXiv
-
[12]
33rd USENIX Security Symposium (USENIX Security 24) , pages=
Formalizing and benchmarking prompt injection attacks and defenses , author=. 33rd USENIX Security Symposium (USENIX Security 24) , pages=
-
[13]
Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing , pages=
Waterfall: Scalable framework for robust text watermarking and provenance for llms , author=. Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing , pages=
work page 2024
-
[14]
Towards operationalizing right to data protection , author=. Proceedings of the 2025 Conference of the Nations of the Americas Chapter of the Association for Computational Linguistics: Human Language Technologies (Volume 1: Long Papers) , pages=
work page 2025
-
[15]
Data Poisoning in Deep Learning: A Survey
Data poisoning in deep learning: A survey , author=. arXiv preprint arXiv:2503.22759 , year=
work page internal anchor Pith review Pith/arXiv arXiv
-
[16]
32nd USENIX Security Symposium (USENIX Security 23) , pages=
Extracting Training Data from Large Language Models , author=. 32nd USENIX Security Symposium (USENIX Security 23) , pages=
-
[17]
LLML ingua-2: Data Distillation for Efficient and Faithful Task-Agnostic Prompt Compression
Pan, Zhuoshi and Wu, Qianhui and Jiang, Huiqiang and Xia, Menglin and Luo, Xufang and Zhang, Jue and Lin, Qingwei and R. LLML ingua-2: Data Distillation for Efficient and Faithful Task-Agnostic Prompt Compression. Findings of the Association for Computational Linguistics: ACL 2024. 2024. doi:10.18653/v1/2024.findings-acl.57
-
[18]
When Compression Becomes an Attack Surface: Black-Box Attacks on Prompt-Compressed LLM Agents
CompressionAttack: Exploiting Prompt Compression as a New Attack Surface in LLM-Powered Agents , author=. arXiv preprint arXiv:2510.22963 , year=
work page internal anchor Pith review Pith/arXiv arXiv
-
[19]
Proceedings of the 2023 Conference on Empirical Methods in Natural Language Processing , pages=
Adapting language models to compress contexts , author=. Proceedings of the 2023 Conference on Empirical Methods in Natural Language Processing , pages=
work page 2023
-
[20]
In-context Autoencoder for Context Compression in a Large Language Model
In-context autoencoder for context compression in a large language model , author=. arXiv preprint arXiv:2307.06945 , year=
work page internal anchor Pith review Pith/arXiv arXiv
- [21]
-
[22]
Proceedings of the 36th annual acm symposium on user interface software and technology , pages=
Generative agents: Interactive simulacra of human behavior , author=. Proceedings of the 36th annual acm symposium on user interface software and technology , pages=
-
[23]
Proceedings of the 2025 Conference on Empirical Methods in Natural Language Processing , pages=
Web Intellectual Property at Risk: Preventing Unauthorized Real-Time Retrieval by Large Language Models , author=. Proceedings of the 2025 Conference on Empirical Methods in Natural Language Processing , pages=
work page 2025
-
[24]
txt directives: evidence from a large-scale empirical study , author=
Scrapers selectively respect robots. txt directives: evidence from a large-scale empirical study , author=. Proceedings of the 2025 ACM Internet Measurement Conference , pages=
work page 2025
-
[25]
Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing , pages=
Enhancing training data attribution for large language models with fitting error consideration , author=. Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing , pages=
work page 2024
-
[26]
AdvPrompter: Fast Adaptive Adversarial Prompting for LLMs
Advprompter: Fast adaptive adversarial prompting for llms , author=. arXiv preprint arXiv:2404.16873 , year=
work page internal anchor Pith review Pith/arXiv arXiv
-
[27]
Proceedings of the 2023 conference on empirical methods in natural language processing , pages=
Llmlingua: Compressing prompts for accelerated inference of large language models , author=. Proceedings of the 2023 conference on empirical methods in natural language processing , pages=
work page 2023
-
[28]
Advances in neural information processing systems , volume=
Jailbroken: How does llm safety training fail? , author=. Advances in neural information processing systems , volume=
-
[29]
AI and Data Scraping on the Archive , year =
-
[30]
Tome, Joao and Pacheco, Jorge and Azevedo, Carlos , title =. 2025 , note =
work page 2025
-
[31]
Bocharov, Alex and Vargas, Santiago and Martinetti, Adam and Tatoris, Reid and Azevedo, Carlos , title =. 2024 , note =
work page 2024
-
[32]
Proceedings of the 16th ACM workshop on artificial intelligence and security , pages=
Not what you've signed up for: Compromising real-world llm-integrated applications with indirect prompt injection , author=. Proceedings of the 16th ACM workshop on artificial intelligence and security , pages=
-
[33]
Advances in Neural Information Processing Systems , volume=
Agentpoison: Red-teaming llm agents via poisoning memory or knowledge bases , author=. Advances in Neural Information Processing Systems , volume=
-
[34]
Prompt Injection Attack to Tool Selection in LLM Agents
Prompt injection attack to tool selection in llm agents , author=. arXiv preprint arXiv:2504.19793 , year=
work page internal anchor Pith review Pith/arXiv arXiv
-
[35]
Proceedings of the 2023 conference on empirical methods in natural language processing , pages=
Compressing context to enhance inference efficiency of large language models , author=. Proceedings of the 2023 conference on empirical methods in natural language processing , pages=
work page 2023
-
[36]
International Conference on Learning Representations , volume=
Quantifying the plausibility of context reliance in neural machine translation , author=. International Conference on Learning Representations , volume=
-
[37]
Findings of the Association for Computational Linguistics: EMNLP 2022 , pages=
Generating textual adversaries with minimal perturbation , author=. Findings of the Association for Computational Linguistics: EMNLP 2022 , pages=
work page 2022
-
[38]
Tourism service scheduling in smart city based on hybrid genetic algorithm simulated annealing algorithm , author=. Sustainability , volume=. 2022 , publisher=
work page 2022
-
[39]
Computer and Decision Making: An International Journal , volume=
A Hybrid Genetic Algorithm and Simulated Annealing Approach for the Uncapacitated Facility Location Problem , author=. Computer and Decision Making: An International Journal , volume=
-
[40]
Findings of the Association for Computational Linguistics: EMNLP 2024 , pages=
Typos that broke the rag’s back: Genetic attack on rag pipeline by simulating documents in the wild via low-level perturbations , author=. Findings of the Association for Computational Linguistics: EMNLP 2024 , pages=
work page 2024
-
[41]
Advances in Neural Information Processing Systems , volume=
Babilong: Testing the limits of llms with long context reasoning-in-a-haystack , author=. Advances in Neural Information Processing Systems , volume=
-
[42]
Advances in Neural Information Processing Systems , volume=
Stress-testing long-context language models with lifelong icl and task haystack , author=. Advances in Neural Information Processing Systems , volume=
-
[43]
Advances in Neural Information Processing Systems , volume=
Core: Benchmarking LLMs’ code reasoning capabilities through static analysis tasks , author=. Advances in Neural Information Processing Systems , volume=
-
[44]
Advances in Neural Information Processing Systems , volume=
CodeAssistBench (CAB): Dataset & benchmarking for multi-turn chat-based code assistance , author=. Advances in Neural Information Processing Systems , volume=
-
[45]
Advances in Neural Information Processing Systems , volume=
T1: A tool-oriented conversational dataset for multi-turn agentic planning , author=. Advances in Neural Information Processing Systems , volume=
-
[46]
Improved Techniques for Optimization-Based Jailbreaking on Large Language Models
Improved techniques for optimization-based jailbreaking on large language models , author=. arXiv preprint arXiv:2405.21018 , year=
work page internal anchor Pith review Pith/arXiv arXiv
-
[47]
Advances in Neural Information Processing Systems , volume=
Tree of attacks: Jailbreaking black-box llms automatically , author=. Advances in Neural Information Processing Systems , volume=
-
[48]
PAL: Proxy-Guided Black-Box Attack on Large Language Models
Pal: Proxy-guided black-box attack on large language models , author=. arXiv preprint arXiv:2402.09674 , year=
work page internal anchor Pith review Pith/arXiv arXiv
-
[49]
The Unicode Standard, Version 17.0: Special Areas and Format Characters , author =. 2025 , howpublished =
work page 2025
-
[50]
Proceedings of the 43rd IEEE Symposium on Security and Privacy , year =
Bad Characters: Imperceptible NLP Attacks , author =. Proceedings of the 43rd IEEE Symposium on Security and Privacy , year =
-
[51]
Special-Character Adversarial Attacks on Open-Source Language Models , author =. 2025 , howpublished =
work page 2025
-
[52]
International Conference on Learning Representations , year =
The Curious Case of Neural Text Degeneration , author =. International Conference on Learning Representations , year =
-
[53]
Pillutla, Krishna and Swayamdipta, Swabha and Zellers, Rowan and Thickstun, John and Welleck, Sean and Choi, Yejin and Harchaoui, Zaid , booktitle =
-
[54]
Fabbri, Alexander R. and Kry. Transactions of the Association for Computational Linguistics , year =
-
[55]
Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics , year =
Asking and Answering Questions to Evaluate the Factual Consistency of Summaries , author =. Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics , year =
-
[56]
Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing , year =
Q^2 : Evaluating Factual Consistency in Knowledge-Grounded Dialogues via Question Generation and Question Answering , author =. Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing , year =
work page 2021
- [57]
-
[58]
International Conference on Learning Representations , volume=
Compressed context memory for online language model interaction , author=. International Conference on Learning Representations , volume=
-
[59]
Semantic compression with large language models , author=. 2023 Tenth International Conference on Social Networks Analysis, Management and Security (SNAMS) , pages=. 2023 , organization=
work page 2023
-
[60]
Adversarial tokenization , author=. Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers) , pages=
-
[61]
Understanding the Ability of LLMs to Handle Character-Level Perturbation
On the Ability of LLMs to Handle Character-Level Perturbations: How Well and How? , author=. arXiv preprint arXiv:2510.14365 , year=
work page internal anchor Pith review Pith/arXiv arXiv
-
[62]
Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing , pages=
Fishing for magikarp: Automatically detecting under-trained tokens in large language models , author=. Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing , pages=
work page 2024
-
[63]
Evil twins are not that evil: Qualitative insights into machine-generated prompts , author=. Proceedings of the 8th BlackboxNLP Workshop: Analyzing and Interpreting Neural Networks for NLP , pages=
-
[64]
Proceedings of the ACM on Software Engineering , volume=
Glitch tokens in large language models: Categorization taxonomy and effective detection , author=. Proceedings of the ACM on Software Engineering , volume=. 2024 , publisher=
work page 2024
-
[65]
Findings of the Association for Computational Linguistics: EMNLP 2023 , pages=
Toward Human Readable Prompt Tuning: Kubrick’s The Shining is a good movie, and a good prompt too? , author=. Findings of the Association for Computational Linguistics: EMNLP 2023 , pages=
work page 2023
-
[66]
Advances in Neural Information Processing Systems , volume=
The refinedweb dataset for falcon llm: Outperforming curated corpora with web data only , author=. Advances in Neural Information Processing Systems , volume=
-
[67]
Dolma: An open corpus of three trillion tokens for language model pretraining research , author=. Proceedings of the 62nd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers) , pages=
-
[68]
Google Keyword Blog.-12/17/2025.-[Electronic resource] URL: https://blog
Gemini 3 Flash: frontier intelligence built for speed , author=. Google Keyword Blog.-12/17/2025.-[Electronic resource] URL: https://blog. google/products/gemini/gemini-3-flash/(accessed: 10/16/2025) , year=
work page 2025
- [69]
-
[70]
Science China Information Sciences , volume=
The rise and potential of large language model based agents: A survey , author=. Science China Information Sciences , volume=. 2025 , publisher=
work page 2025
-
[71]
Transactions on Machine Learning Research , year=
Cognitive architectures for language agents , author=. Transactions on Machine Learning Research , year=
-
[72]
Frontiers of Computer Science , volume=
A survey on large language model based autonomous agents , author=. Frontiers of Computer Science , volume=. 2024 , publisher=
work page 2024
-
[73]
RECOMP: Improving Retrieval-Augmented LMs with Compression and Selective Augmentation
Recomp: Improving retrieval-augmented lms with compression and selective augmentation , author=. arXiv preprint arXiv:2310.04408 , year=
work page internal anchor Pith review Pith/arXiv arXiv
-
[74]
Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing , pages=
Compact: Compressing retrieved documents actively for question answering , author=. Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing , pages=
work page 2024
-
[75]
2022 IEEE symposium on security and privacy (SP) , pages=
Bad characters: Imperceptible nlp attacks , author=. 2022 IEEE symposium on security and privacy (SP) , pages=. 2022 , organization=
work page 2022
-
[76]
International Conference on Machine Learning , pages=
A Human-Inspired Reading Agent with Gist Memory of Very Long Contexts , author=. International Conference on Machine Learning , pages=. 2024 , organization=
work page 2024
-
[77]
Proceedings of the AAAI conference on artificial intelligence , volume=
Memorybank: Enhancing large language models with long-term memory , author=. Proceedings of the AAAI conference on artificial intelligence , volume=
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.