{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:2BFWVXVRXQFQ2LIN64F4BU7XFM","short_pith_number":"pith:2BFWVXVR","schema_version":"1.0","canonical_sha256":"d04b6adeb1bc0b0d2d0df70bc0d3f72b04253a8cae353eb9603054ef23e2c288","source":{"kind":"arxiv","id":"2602.06759","version":2},"attestation_state":"computed","paper":{"title":"\"Tab, Tab, Bug\": Security Pitfalls of Next Edit Suggestions in AI-Integrated IDEs","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"Next Edit Suggestions in AI IDEs expand context retrieval in ways that enable poisoning attacks.","cross_cats":["cs.HC"],"primary_cat":"cs.CR","authors_text":"Hao Chen, Peng Chen, Tian Dong, Xinyu Wang, Yixuan Tang, Yunlong Lyu, Zhiqiang Dong","submitted_at":"2026-02-06T15:06:36Z","abstract_excerpt":"Modern AI-integrated IDEs are shifting from passive code completion to proactive Next Edit Suggestions (NES). Unlike traditional autocompletion, NES is designed to construct a richer context from both recent user interactions and the broader codebase to suggest multi-line, cross-line, or even cross-file modifications. This evolution significantly streamlines the programming workflow into a tab-by-tab interaction and enhances developer productivity. Consequently, NES introduces a more complex context retrieval mechanism and sophisticated interaction patterns. However, existing studies focus alm"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":true,"formal_links_present":false},"canonical_record":{"source":{"id":"2602.06759","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-02-06T15:06:36Z","cross_cats_sorted":["cs.HC"],"title_canon_sha256":"4b98bc934976e304b0c5a858cc5574a977f455afacd91aafa899b1be68b62938","abstract_canon_sha256":"3c0808451367da56d440b0131bef199293e727c7c7ad00a00f7e3444bd4d7c48"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:39:16.287869Z","signature_b64":"Jtn1N8wuN7FRbp4QQrk5kjJz0diWrt815o/fbdU9FJtnEkVKYECVjet1kaPx1GzLUz9MucUmZ6X376dTdkxDDQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"d04b6adeb1bc0b0d2d0df70bc0d3f72b04253a8cae353eb9603054ef23e2c288","last_reissued_at":"2026-05-17T23:39:16.287168Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:39:16.287168Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"\"Tab, Tab, Bug\": Security Pitfalls of Next Edit Suggestions in AI-Integrated IDEs","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"Next Edit Suggestions in AI IDEs expand context retrieval in ways that enable poisoning attacks.","cross_cats":["cs.HC"],"primary_cat":"cs.CR","authors_text":"Hao Chen, Peng Chen, Tian Dong, Xinyu Wang, Yixuan Tang, Yunlong Lyu, Zhiqiang Dong","submitted_at":"2026-02-06T15:06:36Z","abstract_excerpt":"Modern AI-integrated IDEs are shifting from passive code completion to proactive Next Edit Suggestions (NES). Unlike traditional autocompletion, NES is designed to construct a richer context from both recent user interactions and the broader codebase to suggest multi-line, cross-line, or even cross-file modifications. This evolution significantly streamlines the programming workflow into a tab-by-tab interaction and enhances developer productivity. Consequently, NES introduces a more complex context retrieval mechanism and sophisticated interaction patterns. However, existing studies focus alm"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"NES is susceptible to context poisoning and is sensitive to transactional edits and human-IDE interactions; developers show a general lack of awareness of these security pitfalls.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The in-lab attack scenarios and survey responses accurately reflect real-world attacker capabilities and developer behavior without significant selection or reporting bias.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"NES systems in AI IDEs expand attack surfaces via context poisoning from imperceptible actions and global codebase retrieval, with professional developers largely unaware of the risks.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"Next Edit Suggestions in AI IDEs expand context retrieval in ways that enable poisoning attacks.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"ac1e22452980d68bf7fbab94f7364b63e7b4eb2456d2e3370cf70aff66f63ee0"},"source":{"id":"2602.06759","kind":"arxiv","version":2},"verdict":{"id":"84a6dd57-2917-4fb9-85a5-b2d0993a9e15","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-16T06:50:18.687412Z","strongest_claim":"NES is susceptible to context poisoning and is sensitive to transactional edits and human-IDE interactions; developers show a general lack of awareness of these security pitfalls.","one_line_summary":"NES systems in AI IDEs expand attack surfaces via context poisoning from imperceptible actions and global codebase retrieval, with professional developers largely unaware of the risks.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The in-lab attack scenarios and survey responses accurately reflect real-world attacker capabilities and developer behavior without significant selection or reporting bias.","pith_extraction_headline":"Next Edit Suggestions in AI IDEs expand context retrieval in ways that enable poisoning attacks."},"references":{"count":49,"sample":[{"doi":"10.1145/2702123.2702322","year":2015,"title":"Brock Kirwan, Jeffrey L","work_id":"34d25f97-0979-4a3c-a67f-be04f2ea127a","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2022,"title":"Efficient training of language models to fill in the middle","work_id":"54afe4f8-4d93-4829-99ae-2a27143a9641","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2023,"title":"Purple llama CyberSecEval : A secure coding benchmark for language models","work_id":"45b8079b-5204-450f-8024-f3a8142583a9","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2021,"title":"Evaluating Large Language Models Trained on Code","work_id":"042493e9-b26f-4b4e-bbde-382072ca9b08","ref_index":4,"cited_arxiv_id":"2107.03374","is_internal_anchor":true},{"doi":"","year":2025,"title":"An efficient and adaptive next edit suggestion framework with zero human instructions in ides, 2025","work_id":"a015fdac-6db4-45bd-83f9-18e050a5e437","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":49,"snapshot_sha256":"3b0d2e38dc653df8bc023863dd1b1850bd337adb6a8c6115cf4bf90070ecd3a1","internal_anchors":7},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2602.06759","created_at":"2026-05-17T23:39:16.287294+00:00"},{"alias_kind":"arxiv_version","alias_value":"2602.06759v2","created_at":"2026-05-17T23:39:16.287294+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2602.06759","created_at":"2026-05-17T23:39:16.287294+00:00"},{"alias_kind":"pith_short_12","alias_value":"2BFWVXVRXQFQ","created_at":"2026-05-18T12:33:37.589309+00:00"},{"alias_kind":"pith_short_16","alias_value":"2BFWVXVRXQFQ2LIN","created_at":"2026-05-18T12:33:37.589309+00:00"},{"alias_kind":"pith_short_8","alias_value":"2BFWVXVR","created_at":"2026-05-18T12:33:37.589309+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/2BFWVXVRXQFQ2LIN64F4BU7XFM","json":"https://pith.science/pith/2BFWVXVRXQFQ2LIN64F4BU7XFM.json","graph_json":"https://pith.science/api/pith-number/2BFWVXVRXQFQ2LIN64F4BU7XFM/graph.json","events_json":"https://pith.science/api/pith-number/2BFWVXVRXQFQ2LIN64F4BU7XFM/events.json","paper":"https://pith.science/paper/2BFWVXVR"},"agent_actions":{"view_html":"https://pith.science/pith/2BFWVXVRXQFQ2LIN64F4BU7XFM","download_json":"https://pith.science/pith/2BFWVXVRXQFQ2LIN64F4BU7XFM.json","view_paper":"https://pith.science/paper/2BFWVXVR","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2602.06759&json=true","fetch_graph":"https://pith.science/api/pith-number/2BFWVXVRXQFQ2LIN64F4BU7XFM/graph.json","fetch_events":"https://pith.science/api/pith-number/2BFWVXVRXQFQ2LIN64F4BU7XFM/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/2BFWVXVRXQFQ2LIN64F4BU7XFM/action/timestamp_anchor","attest_storage":"https://pith.science/pith/2BFWVXVRXQFQ2LIN64F4BU7XFM/action/storage_attestation","attest_author":"https://pith.science/pith/2BFWVXVRXQFQ2LIN64F4BU7XFM/action/author_attestation","sign_citation":"https://pith.science/pith/2BFWVXVRXQFQ2LIN64F4BU7XFM/action/citation_signature","submit_replication":"https://pith.science/pith/2BFWVXVRXQFQ2LIN64F4BU7XFM/action/replication_record"}},"created_at":"2026-05-17T23:39:16.287294+00:00","updated_at":"2026-05-17T23:39:16.287294+00:00"}