{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:6RY5U7QF5DYR6JFWNNFUKDBFJ7","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"9ebf1b77ab8a0b17fb83df66d639a4afaaa3fa9876320486b53aa9d4f5569601","cross_cats_sorted":["cs.AI"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-19T13:02:47Z","title_canon_sha256":"e0f68dbf552b06af4d6f6edd169e05b6d08a2f89540e9e1e6e9c1cd11bf9903b"},"schema_version":"1.0","source":{"id":"2606.21397","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.21397","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"arxiv_version","alias_value":"2606.21397v1","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.21397","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"pith_short_12","alias_value":"6RY5U7QF5DYR","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"pith_short_16","alias_value":"6RY5U7QF5DYR6JFW","created_at":"2026-06-23T01:13:08Z"},{"alias_kind":"pith_short_8","alias_value":"6RY5U7QF","created_at":"2026-06-23T01:13:08Z"}],"graph_snapshots":[{"event_id":"sha256:5d9c44bc3c3f26a7dddb5ff61d0a93f990c26db03cd171ede0e82ff7fdecae16","target":"graph","created_at":"2026-06-23T01:13:08Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2606.21397/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Large Language Models (LLMs) have emerged as a promising tool for automated vulnerability detection, yet their effectiveness on web-specific vulnerabilities remains to be explored.\n  This work benchmarks six frontier (Claude Opus 4.6, Codex GPT-5.4, Gemini 3.1-pro-preview) and open-weight models (Qwen 3.5, Qwen 3 Coder Next, MiniMax M2.5) on their ability to detect real-world web vulnerabilities using static analysis in WordPress plugins, including SQL injection, stored cross-site scripting, path traversal, and remote code execution. Using five prompt designs of varying structure, scope, and c","authors_text":"Antonio Benjamin Buchholz, Luca Jungnickel, Sebastian Neef, Valene Spence, Vicente Birke Gonzalez","cross_cats":["cs.AI"],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-19T13:02:47Z","title":"Evaluating LLMs for Real-World Web Vulnerability Detection"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.21397","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:78030fbb818b7f3ec32a0ea610be1c50f858e10f81ee6cc379593d5130204a79","target":"record","created_at":"2026-06-23T01:13:08Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"9ebf1b77ab8a0b17fb83df66d639a4afaaa3fa9876320486b53aa9d4f5569601","cross_cats_sorted":["cs.AI"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-19T13:02:47Z","title_canon_sha256":"e0f68dbf552b06af4d6f6edd169e05b6d08a2f89540e9e1e6e9c1cd11bf9903b"},"schema_version":"1.0","source":{"id":"2606.21397","kind":"arxiv","version":1}},"canonical_sha256":"f471da7e05e8f11f24b66b4b450c254fd8a3e0ca4eb5ed9dbb52b2ab91adf427","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"f471da7e05e8f11f24b66b4b450c254fd8a3e0ca4eb5ed9dbb52b2ab91adf427","first_computed_at":"2026-06-23T01:13:08.937972Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-23T01:13:08.937972Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"mDwfge+dDTqd3ORo9pq+k2yuFpN8cluTHHXPw0fJ9ZLXr0a8kPlTVQivppbJ7+dC2sURKgA+a9qBzOY+e/sXAQ==","signature_status":"signed_v1","signed_at":"2026-06-23T01:13:08.938401Z","signed_message":"canonical_sha256_bytes"},"source_id":"2606.21397","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:78030fbb818b7f3ec32a0ea610be1c50f858e10f81ee6cc379593d5130204a79","sha256:5d9c44bc3c3f26a7dddb5ff61d0a93f990c26db03cd171ede0e82ff7fdecae16"],"state_sha256":"02a52a6216d49d058291f5ed3bcf8ea4f3e3b8e21f0f3ddb91f83e51a98770f6"}