{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2025:62LITYX4MKZYGAMGR7SEYA55WL","short_pith_number":"pith:62LITYX4","canonical_record":{"source":{"id":"2509.05372","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-09-04T09:41:57Z","cross_cats_sorted":[],"title_canon_sha256":"5d5f1eecc82b811c987ab4298472ce769dfe5eff8b62fc4cf995689e2ddad5d3","abstract_canon_sha256":"d70dcb3fa76fbc0dc0efd2c33e8a92e3ace554f9e1692081473266703d2d67cc"},"schema_version":"1.0"},"canonical_sha256":"f69689e2fc62b38301868fe44c03bdb2dfb34081ecd3ee03d41701167590b226","source":{"kind":"arxiv","id":"2509.05372","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2509.05372","created_at":"2026-05-26T02:03:54Z"},{"alias_kind":"arxiv_version","alias_value":"2509.05372v2","created_at":"2026-05-26T02:03:54Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2509.05372","created_at":"2026-05-26T02:03:54Z"},{"alias_kind":"pith_short_12","alias_value":"62LITYX4MKZY","created_at":"2026-05-26T02:03:54Z"},{"alias_kind":"pith_short_16","alias_value":"62LITYX4MKZYGAMG","created_at":"2026-05-26T02:03:54Z"},{"alias_kind":"pith_short_8","alias_value":"62LITYX4","created_at":"2026-05-26T02:03:54Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2025:62LITYX4MKZYGAMGR7SEYA55WL","target":"record","payload":{"canonical_record":{"source":{"id":"2509.05372","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-09-04T09:41:57Z","cross_cats_sorted":[],"title_canon_sha256":"5d5f1eecc82b811c987ab4298472ce769dfe5eff8b62fc4cf995689e2ddad5d3","abstract_canon_sha256":"d70dcb3fa76fbc0dc0efd2c33e8a92e3ace554f9e1692081473266703d2d67cc"},"schema_version":"1.0"},"canonical_sha256":"f69689e2fc62b38301868fe44c03bdb2dfb34081ecd3ee03d41701167590b226","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-26T02:03:54.564902Z","signature_b64":"MoUmmyp48cPWeM3LbOJF0QqwW41kcN5kLhTH2fRZHwm374Jn7r9D5VbX8r30BpwYDNlO3I906bsg/H4rTLWeBw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"f69689e2fc62b38301868fe44c03bdb2dfb34081ecd3ee03d41701167590b226","last_reissued_at":"2026-05-26T02:03:54.563877Z","signature_status":"signed_v1","first_computed_at":"2026-05-26T02:03:54.563877Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2509.05372","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-26T02:03:54Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"xPab/SFMI99QgoGrbl3oLx6yHrkHhx9aWfAwE7NDWS8sJN6PruaXiVvNvJwZUUWYq//QqoGs+wrbQ7Fe4yfDBg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-26T23:14:09.522904Z"},"content_sha256":"4145deb43f604cc738c91821797fb941576bdd39595457f1940ba68eb1b93b33","schema_version":"1.0","event_id":"sha256:4145deb43f604cc738c91821797fb941576bdd39595457f1940ba68eb1b93b33"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2025:62LITYX4MKZYGAMGR7SEYA55WL","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Adversarial Bug Reports as a Security Risk in Language Model-Based Automated Program Repair","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.SE","authors_text":"Andreas Happe, J\\\"urgen Cito, Piotr Przymus","submitted_at":"2025-09-04T09:41:57Z","abstract_excerpt":"Large Language Model (LLM) - based Automated Program Repair (APR) systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance on untrusted user input introduces a novel and underexplored attack surface. In this paper, we investigate the security risks posed by adversarial bug reports -- realistic-looking issue submissions crafted to mislead APR systems into producing insecure or harmful code changes.\n  We develop a comprehensive threat model and conduct an empirical study to evalu"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2509.05372","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2509.05372/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-26T02:03:54Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"4VJsbPiBW+MBHGX22z73LQN19Z4pKCpSt0nnNJDMemTs0Dl3eRpLfqgS1DHr22tM86VBjVLIW7HuTLP0KQjbBw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-26T23:14:09.523600Z"},"content_sha256":"7d5614cea4328ddd8f5913ec0a15497db43a24cc2f7804a1aee3a49af4ab63f8","schema_version":"1.0","event_id":"sha256:7d5614cea4328ddd8f5913ec0a15497db43a24cc2f7804a1aee3a49af4ab63f8"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL/bundle.json","state_url":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/62LITYX4MKZYGAMGR7SEYA55WL/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-26T23:14:09Z","links":{"resolver":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL","bundle":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL/bundle.json","state":"https://pith.science/pith/62LITYX4MKZYGAMGR7SEYA55WL/state.json","well_known_bundle":"https://pith.science/.well-known/pith/62LITYX4MKZYGAMGR7SEYA55WL/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2025:62LITYX4MKZYGAMGR7SEYA55WL","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"d70dcb3fa76fbc0dc0efd2c33e8a92e3ace554f9e1692081473266703d2d67cc","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-09-04T09:41:57Z","title_canon_sha256":"5d5f1eecc82b811c987ab4298472ce769dfe5eff8b62fc4cf995689e2ddad5d3"},"schema_version":"1.0","source":{"id":"2509.05372","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2509.05372","created_at":"2026-05-26T02:03:54Z"},{"alias_kind":"arxiv_version","alias_value":"2509.05372v2","created_at":"2026-05-26T02:03:54Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2509.05372","created_at":"2026-05-26T02:03:54Z"},{"alias_kind":"pith_short_12","alias_value":"62LITYX4MKZY","created_at":"2026-05-26T02:03:54Z"},{"alias_kind":"pith_short_16","alias_value":"62LITYX4MKZYGAMG","created_at":"2026-05-26T02:03:54Z"},{"alias_kind":"pith_short_8","alias_value":"62LITYX4","created_at":"2026-05-26T02:03:54Z"}],"graph_snapshots":[{"event_id":"sha256:7d5614cea4328ddd8f5913ec0a15497db43a24cc2f7804a1aee3a49af4ab63f8","target":"graph","created_at":"2026-05-26T02:03:54Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2509.05372/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Large Language Model (LLM) - based Automated Program Repair (APR) systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance on untrusted user input introduces a novel and underexplored attack surface. In this paper, we investigate the security risks posed by adversarial bug reports -- realistic-looking issue submissions crafted to mislead APR systems into producing insecure or harmful code changes.\n  We develop a comprehensive threat model and conduct an empirical study to evalu","authors_text":"Andreas Happe, J\\\"urgen Cito, Piotr Przymus","cross_cats":[],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-09-04T09:41:57Z","title":"Adversarial Bug Reports as a Security Risk in Language Model-Based Automated Program Repair"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2509.05372","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:4145deb43f604cc738c91821797fb941576bdd39595457f1940ba68eb1b93b33","target":"record","created_at":"2026-05-26T02:03:54Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"d70dcb3fa76fbc0dc0efd2c33e8a92e3ace554f9e1692081473266703d2d67cc","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-09-04T09:41:57Z","title_canon_sha256":"5d5f1eecc82b811c987ab4298472ce769dfe5eff8b62fc4cf995689e2ddad5d3"},"schema_version":"1.0","source":{"id":"2509.05372","kind":"arxiv","version":2}},"canonical_sha256":"f69689e2fc62b38301868fe44c03bdb2dfb34081ecd3ee03d41701167590b226","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"f69689e2fc62b38301868fe44c03bdb2dfb34081ecd3ee03d41701167590b226","first_computed_at":"2026-05-26T02:03:54.563877Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-26T02:03:54.563877Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"MoUmmyp48cPWeM3LbOJF0QqwW41kcN5kLhTH2fRZHwm374Jn7r9D5VbX8r30BpwYDNlO3I906bsg/H4rTLWeBw==","signature_status":"signed_v1","signed_at":"2026-05-26T02:03:54.564902Z","signed_message":"canonical_sha256_bytes"},"source_id":"2509.05372","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:4145deb43f604cc738c91821797fb941576bdd39595457f1940ba68eb1b93b33","sha256:7d5614cea4328ddd8f5913ec0a15497db43a24cc2f7804a1aee3a49af4ab63f8"],"state_sha256":"22d03b7c07d3f53f495d4e0692470a82eee8a57213c99778fb5077c66fa1484f"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"IJHCUbbWtVEgUEZMLFWZDYptQH4VTTkAkU/fAOchnzc5sfwrJyxTPTOZyTD4c0ZU42+T+LWvaPt7CK+6EdbRCQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-26T23:14:09.527273Z","bundle_sha256":"09acdabd383264eb37d105de2a091ce9db1a6e3a4323620b63d84fc90547997d"}}