{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2025:62LITYX4MKZYGAMGR7SEYA55WL","short_pith_number":"pith:62LITYX4","schema_version":"1.0","canonical_sha256":"f69689e2fc62b38301868fe44c03bdb2dfb34081ecd3ee03d41701167590b226","source":{"kind":"arxiv","id":"2509.05372","version":2},"attestation_state":"computed","paper":{"title":"Adversarial Bug Reports as a Security Risk in Language Model-Based Automated Program Repair","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.SE","authors_text":"Andreas Happe, J\\\"urgen Cito, Piotr Przymus","submitted_at":"2025-09-04T09:41:57Z","abstract_excerpt":"Large Language Model (LLM) - based Automated Program Repair (APR) systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance on untrusted user input introduces a novel and underexplored attack surface. In this paper, we investigate the security risks posed by adversarial bug reports -- realistic-looking issue submissions crafted to mislead APR systems into producing insecure or harmful code changes.\n  We develop a comprehensive threat model and conduct an empirical study to evalu"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2509.05372","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-09-04T09:41:57Z","cross_cats_sorted":[],"title_canon_sha256":"5d5f1eecc82b811c987ab4298472ce769dfe5eff8b62fc4cf995689e2ddad5d3","abstract_canon_sha256":"d70dcb3fa76fbc0dc0efd2c33e8a92e3ace554f9e1692081473266703d2d67cc"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-26T02:03:54.564902Z","signature_b64":"MoUmmyp48cPWeM3LbOJF0QqwW41kcN5kLhTH2fRZHwm374Jn7r9D5VbX8r30BpwYDNlO3I906bsg/H4rTLWeBw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"f69689e2fc62b38301868fe44c03bdb2dfb34081ecd3ee03d41701167590b226","last_reissued_at":"2026-05-26T02:03:54.563877Z","signature_status":"signed_v1","first_computed_at":"2026-05-26T02:03:54.563877Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Adversarial Bug Reports as a Security Risk in Language Model-Based Automated Program Repair","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.SE","authors_text":"Andreas Happe, J\\\"urgen Cito, Piotr Przymus","submitted_at":"2025-09-04T09:41:57Z","abstract_excerpt":"Large Language Model (LLM) - based Automated Program Repair (APR) systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance on untrusted user input introduces a novel and underexplored attack surface. In this paper, we investigate the security risks posed by adversarial bug reports -- realistic-looking issue submissions crafted to mislead APR systems into producing insecure or harmful code changes.\n  We develop a comprehensive threat model and conduct an empirical study to evalu"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2509.05372","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2509.05372/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2509.05372","created_at":"2026-05-26T02:03:54.564030+00:00"},{"alias_kind":"arxiv_version","alias_value":"2509.05372v2","created_at":"2026-05-26T02:03:54.564030+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2509.05372","created_at":"2026-05-26T02:03:54.564030+00:00"},{"alias_kind":"pith_short_12","alias_value":"62LITYX4MKZY","created_at":"2026-05-26T02:03:54.564030+00:00"},{"alias_kind":"pith_short_16","alias_value":"62LITYX4MKZYGAMG","created_at":"2026-05-26T02:03:54.564030+00:00"},{"alias_kind":"pith_short_8","alias_value":"62LITYX4","created_at":"2026-05-26T02:03:54.564030+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":1,"internal_anchor_count":1,"sample":[{"citing_arxiv_id":"2603.18740","citing_title":"Measuring and Exploiting Contextual Bias in LLM-Assisted Security Code Review","ref_index":61,"is_internal_anchor":true}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL","json":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL.json","graph_json":"https://pith.science/api/pith-number/62LITYX4MKZYGAMGR7SEYA55WL/graph.json","events_json":"https://pith.science/api/pith-number/62LITYX4MKZYGAMGR7SEYA55WL/events.json","paper":"https://pith.science/paper/62LITYX4"},"agent_actions":{"view_html":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL","download_json":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL.json","view_paper":"https://pith.science/paper/62LITYX4","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2509.05372&json=true","fetch_graph":"https://pith.science/api/pith-number/62LITYX4MKZYGAMGR7SEYA55WL/graph.json","fetch_events":"https://pith.science/api/pith-number/62LITYX4MKZYGAMGR7SEYA55WL/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL/action/timestamp_anchor","attest_storage":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL/action/storage_attestation","attest_author":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL/action/author_attestation","sign_citation":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL/action/citation_signature","submit_replication":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL/action/replication_record"}},"created_at":"2026-05-26T02:03:54.564030+00:00","updated_at":"2026-05-26T02:03:54.564030+00:00"}