{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:E426ZFPE3RX6YWB47SPEZ4GHJB","short_pith_number":"pith:E426ZFPE","schema_version":"1.0","canonical_sha256":"2735ec95e4dc6fec583cfc9e4cf0c748769872cf72e7a5240c0b4943b4b26684","source":{"kind":"arxiv","id":"2606.22263","version":1},"attestation_state":"computed","paper":{"title":"Revelio: Cost-Efficient Agentic Memory Safety Vulnerability Detection For Repository-Scale Codebases","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI","cs.MA","cs.SE"],"primary_cat":"cs.CR","authors_text":"David Wagner, Dawn Song, Eric Nguyen, Hao Wang, Koushik Sen, Marius Momeu, Muxi Lyu, Taige Yang, Yiwei Hou","submitted_at":"2026-06-20T23:17:23Z","abstract_excerpt":"Memory safety vulnerabilities remain a significant threat even for projects with extensive fuzzing and manual auditing. Recent results suggest that large language models hold great promise for detecting such vulnerabilities, but they are unreliable, at risk of hallucination, and challenging to scale to repository-size codebases. This paper presents Revelio, a cost-efficient end-to-end agentic framework for memory-safety vulnerability discovery. Revelio addresses the problem of hallucination by generating an executable Proof-of-Vulnerability, which is checked with a deterministic sanitizer. It "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2606.22263","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-20T23:17:23Z","cross_cats_sorted":["cs.AI","cs.MA","cs.SE"],"title_canon_sha256":"698dc2feb3267813bc82fdb1279316910a1fe150c04836ec11899131efdef659","abstract_canon_sha256":"84dbe09363e8358bfbb47e19a7978ebbadd9f8a9c7d5aa481924b319289d6ad5"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-23T02:13:33.447062Z","signature_b64":"FKCtsaS4qn4jv0nXHaziN7qtFuJIBc8sR+7zRI4pCJkBIsm59HK4FauNGSEwTbSoWfejo+MFD45X06wE/BlbCg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"2735ec95e4dc6fec583cfc9e4cf0c748769872cf72e7a5240c0b4943b4b26684","last_reissued_at":"2026-06-23T02:13:33.446712Z","signature_status":"signed_v1","first_computed_at":"2026-06-23T02:13:33.446712Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Revelio: Cost-Efficient Agentic Memory Safety Vulnerability Detection For Repository-Scale Codebases","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI","cs.MA","cs.SE"],"primary_cat":"cs.CR","authors_text":"David Wagner, Dawn Song, Eric Nguyen, Hao Wang, Koushik Sen, Marius Momeu, Muxi Lyu, Taige Yang, Yiwei Hou","submitted_at":"2026-06-20T23:17:23Z","abstract_excerpt":"Memory safety vulnerabilities remain a significant threat even for projects with extensive fuzzing and manual auditing. Recent results suggest that large language models hold great promise for detecting such vulnerabilities, but they are unreliable, at risk of hallucination, and challenging to scale to repository-size codebases. This paper presents Revelio, a cost-efficient end-to-end agentic framework for memory-safety vulnerability discovery. Revelio addresses the problem of hallucination by generating an executable Proof-of-Vulnerability, which is checked with a deterministic sanitizer. It "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.22263","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2606.22263/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2606.22263","created_at":"2026-06-23T02:13:33.446773+00:00"},{"alias_kind":"arxiv_version","alias_value":"2606.22263v1","created_at":"2026-06-23T02:13:33.446773+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.22263","created_at":"2026-06-23T02:13:33.446773+00:00"},{"alias_kind":"pith_short_12","alias_value":"E426ZFPE3RX6","created_at":"2026-06-23T02:13:33.446773+00:00"},{"alias_kind":"pith_short_16","alias_value":"E426ZFPE3RX6YWB4","created_at":"2026-06-23T02:13:33.446773+00:00"},{"alias_kind":"pith_short_8","alias_value":"E426ZFPE","created_at":"2026-06-23T02:13:33.446773+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB","json":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB.json","graph_json":"https://pith.science/api/pith-number/E426ZFPE3RX6YWB47SPEZ4GHJB/graph.json","events_json":"https://pith.science/api/pith-number/E426ZFPE3RX6YWB47SPEZ4GHJB/events.json","paper":"https://pith.science/paper/E426ZFPE"},"agent_actions":{"view_html":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB","download_json":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB.json","view_paper":"https://pith.science/paper/E426ZFPE","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2606.22263&json=true","fetch_graph":"https://pith.science/api/pith-number/E426ZFPE3RX6YWB47SPEZ4GHJB/graph.json","fetch_events":"https://pith.science/api/pith-number/E426ZFPE3RX6YWB47SPEZ4GHJB/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB/action/timestamp_anchor","attest_storage":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB/action/storage_attestation","attest_author":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB/action/author_attestation","sign_citation":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB/action/citation_signature","submit_replication":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB/action/replication_record"}},"created_at":"2026-06-23T02:13:33.446773+00:00","updated_at":"2026-06-23T02:13:33.446773+00:00"}