{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:E426ZFPE3RX6YWB47SPEZ4GHJB","short_pith_number":"pith:E426ZFPE","canonical_record":{"source":{"id":"2606.22263","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-20T23:17:23Z","cross_cats_sorted":["cs.AI","cs.MA","cs.SE"],"title_canon_sha256":"698dc2feb3267813bc82fdb1279316910a1fe150c04836ec11899131efdef659","abstract_canon_sha256":"84dbe09363e8358bfbb47e19a7978ebbadd9f8a9c7d5aa481924b319289d6ad5"},"schema_version":"1.0"},"canonical_sha256":"2735ec95e4dc6fec583cfc9e4cf0c748769872cf72e7a5240c0b4943b4b26684","source":{"kind":"arxiv","id":"2606.22263","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.22263","created_at":"2026-06-23T02:13:33Z"},{"alias_kind":"arxiv_version","alias_value":"2606.22263v1","created_at":"2026-06-23T02:13:33Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.22263","created_at":"2026-06-23T02:13:33Z"},{"alias_kind":"pith_short_12","alias_value":"E426ZFPE3RX6","created_at":"2026-06-23T02:13:33Z"},{"alias_kind":"pith_short_16","alias_value":"E426ZFPE3RX6YWB4","created_at":"2026-06-23T02:13:33Z"},{"alias_kind":"pith_short_8","alias_value":"E426ZFPE","created_at":"2026-06-23T02:13:33Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:E426ZFPE3RX6YWB47SPEZ4GHJB","target":"record","payload":{"canonical_record":{"source":{"id":"2606.22263","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-20T23:17:23Z","cross_cats_sorted":["cs.AI","cs.MA","cs.SE"],"title_canon_sha256":"698dc2feb3267813bc82fdb1279316910a1fe150c04836ec11899131efdef659","abstract_canon_sha256":"84dbe09363e8358bfbb47e19a7978ebbadd9f8a9c7d5aa481924b319289d6ad5"},"schema_version":"1.0"},"canonical_sha256":"2735ec95e4dc6fec583cfc9e4cf0c748769872cf72e7a5240c0b4943b4b26684","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-23T02:13:33.447062Z","signature_b64":"FKCtsaS4qn4jv0nXHaziN7qtFuJIBc8sR+7zRI4pCJkBIsm59HK4FauNGSEwTbSoWfejo+MFD45X06wE/BlbCg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"2735ec95e4dc6fec583cfc9e4cf0c748769872cf72e7a5240c0b4943b4b26684","last_reissued_at":"2026-06-23T02:13:33.446712Z","signature_status":"signed_v1","first_computed_at":"2026-06-23T02:13:33.446712Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2606.22263","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-23T02:13:33Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"G3MCdeR4nzunAX8lMYWDTFl9/uKtgRg8oEf6Dkcbtex32Yp85f5hjAJuR9qG2fkzsxzPp24i6maCBrNTl2g+Bg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-27T13:29:11.404661Z"},"content_sha256":"0b3e36ad7dd8a89d06d846b90744b9b1009e56d0aebc2aa58109268bb39b02a5","schema_version":"1.0","event_id":"sha256:0b3e36ad7dd8a89d06d846b90744b9b1009e56d0aebc2aa58109268bb39b02a5"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:E426ZFPE3RX6YWB47SPEZ4GHJB","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Revelio: Cost-Efficient Agentic Memory Safety Vulnerability Detection For Repository-Scale Codebases","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI","cs.MA","cs.SE"],"primary_cat":"cs.CR","authors_text":"David Wagner, Dawn Song, Eric Nguyen, Hao Wang, Koushik Sen, Marius Momeu, Muxi Lyu, Taige Yang, Yiwei Hou","submitted_at":"2026-06-20T23:17:23Z","abstract_excerpt":"Memory safety vulnerabilities remain a significant threat even for projects with extensive fuzzing and manual auditing. Recent results suggest that large language models hold great promise for detecting such vulnerabilities, but they are unreliable, at risk of hallucination, and challenging to scale to repository-size codebases. This paper presents Revelio, a cost-efficient end-to-end agentic framework for memory-safety vulnerability discovery. Revelio addresses the problem of hallucination by generating an executable Proof-of-Vulnerability, which is checked with a deterministic sanitizer. It "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.22263","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2606.22263/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-23T02:13:33Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"ZKFka3NoiZl2yi7ksS8hhmAMtBkdUrr0ylkY3gLpOV/ShTcHbIF/Nk0mlGJaN85/Y1LV89nxml3P4koF7crBDQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-27T13:29:11.405034Z"},"content_sha256":"b661bd0d152f70c1e56d79a352061a75e957380019728ee6f6f60d1e3b1fed88","schema_version":"1.0","event_id":"sha256:b661bd0d152f70c1e56d79a352061a75e957380019728ee6f6f60d1e3b1fed88"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB/bundle.json","state_url":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/E426ZFPE3RX6YWB47SPEZ4GHJB/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-27T13:29:11Z","links":{"resolver":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB","bundle":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB/bundle.json","state":"https://pith.science/pith/E426ZFPE3RX6YWB47SPEZ4GHJB/state.json","well_known_bundle":"https://pith.science/.well-known/pith/E426ZFPE3RX6YWB47SPEZ4GHJB/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:E426ZFPE3RX6YWB47SPEZ4GHJB","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"84dbe09363e8358bfbb47e19a7978ebbadd9f8a9c7d5aa481924b319289d6ad5","cross_cats_sorted":["cs.AI","cs.MA","cs.SE"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-20T23:17:23Z","title_canon_sha256":"698dc2feb3267813bc82fdb1279316910a1fe150c04836ec11899131efdef659"},"schema_version":"1.0","source":{"id":"2606.22263","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.22263","created_at":"2026-06-23T02:13:33Z"},{"alias_kind":"arxiv_version","alias_value":"2606.22263v1","created_at":"2026-06-23T02:13:33Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.22263","created_at":"2026-06-23T02:13:33Z"},{"alias_kind":"pith_short_12","alias_value":"E426ZFPE3RX6","created_at":"2026-06-23T02:13:33Z"},{"alias_kind":"pith_short_16","alias_value":"E426ZFPE3RX6YWB4","created_at":"2026-06-23T02:13:33Z"},{"alias_kind":"pith_short_8","alias_value":"E426ZFPE","created_at":"2026-06-23T02:13:33Z"}],"graph_snapshots":[{"event_id":"sha256:b661bd0d152f70c1e56d79a352061a75e957380019728ee6f6f60d1e3b1fed88","target":"graph","created_at":"2026-06-23T02:13:33Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2606.22263/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Memory safety vulnerabilities remain a significant threat even for projects with extensive fuzzing and manual auditing. Recent results suggest that large language models hold great promise for detecting such vulnerabilities, but they are unreliable, at risk of hallucination, and challenging to scale to repository-size codebases. This paper presents Revelio, a cost-efficient end-to-end agentic framework for memory-safety vulnerability discovery. Revelio addresses the problem of hallucination by generating an executable Proof-of-Vulnerability, which is checked with a deterministic sanitizer. It ","authors_text":"David Wagner, Dawn Song, Eric Nguyen, Hao Wang, Koushik Sen, Marius Momeu, Muxi Lyu, Taige Yang, Yiwei Hou","cross_cats":["cs.AI","cs.MA","cs.SE"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-20T23:17:23Z","title":"Revelio: Cost-Efficient Agentic Memory Safety Vulnerability Detection For Repository-Scale Codebases"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.22263","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:0b3e36ad7dd8a89d06d846b90744b9b1009e56d0aebc2aa58109268bb39b02a5","target":"record","created_at":"2026-06-23T02:13:33Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"84dbe09363e8358bfbb47e19a7978ebbadd9f8a9c7d5aa481924b319289d6ad5","cross_cats_sorted":["cs.AI","cs.MA","cs.SE"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2026-06-20T23:17:23Z","title_canon_sha256":"698dc2feb3267813bc82fdb1279316910a1fe150c04836ec11899131efdef659"},"schema_version":"1.0","source":{"id":"2606.22263","kind":"arxiv","version":1}},"canonical_sha256":"2735ec95e4dc6fec583cfc9e4cf0c748769872cf72e7a5240c0b4943b4b26684","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"2735ec95e4dc6fec583cfc9e4cf0c748769872cf72e7a5240c0b4943b4b26684","first_computed_at":"2026-06-23T02:13:33.446712Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-23T02:13:33.446712Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"FKCtsaS4qn4jv0nXHaziN7qtFuJIBc8sR+7zRI4pCJkBIsm59HK4FauNGSEwTbSoWfejo+MFD45X06wE/BlbCg==","signature_status":"signed_v1","signed_at":"2026-06-23T02:13:33.447062Z","signed_message":"canonical_sha256_bytes"},"source_id":"2606.22263","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:0b3e36ad7dd8a89d06d846b90744b9b1009e56d0aebc2aa58109268bb39b02a5","sha256:b661bd0d152f70c1e56d79a352061a75e957380019728ee6f6f60d1e3b1fed88"],"state_sha256":"5896c0b7b259a6c07cb48f54b29f004c7083268061d8b81860917749675e200b"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"jIJwgjKlvP+CN3/xP6+HV+/TdRm1Ujt4YQ8RMGwfz5LYnsP7eG0Xq9+8UGiiWO5OzKUJtEV8cS7KmhuFXOLqCA==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-27T13:29:11.407014Z","bundle_sha256":"536a2070656a878a29e36bcd0d205bece068056c8c38b52b1f087ba55df1890e"}}