pith. machine review for the scientific record.
sign in
Pith Number

pith:EVMVJGMC

pith:2026:EVMVJGMCU5XAGTYTNMMNE7UG5L
not attested not anchored not stored refs resolved

Veritas: A Semantically Grounded Agentic Framework for Memory Corruption Vulnerability Detection in Binaries

Alfredo Pesoli, Lorenzo Cavallaro, Marco Valleri, Suman Jana, Xinran Zheng

Veritas detects memory corruption in stripped binaries by grounding LLM reasoning in reconstructed value flows and runtime validation.

arxiv:2605.15097 v1 · 2026-05-14 · cs.SE · cs.CR

Open paper page JSON Open Graph Bundle Merged state What is a Pith Number?

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

Veritas achieves 90% recall on a curated benchmark of real-world binary vulnerability cases, produces no false positives on an exhaustive validation of 623 detector candidates, identifies only two false positives in a larger audit, and discovered a previously unknown Apple vulnerability that was confirmed and assigned a CVE.

C2weakest assumption

The static slicer over RetDec-lifted LLVM IR can reliably reconstruct value-flow relations, object semantics, and interprocedural propagation from lossy stripped binaries without missing critical paths or introducing semantic mismatches that would invalidate downstream LLM reasoning.

C3one line summary

Veritas detects memory corruption vulnerabilities in stripped binaries by combining static value-flow slicing, dual-view LLM reasoning, and multi-agent runtime validation, reporting 90% recall, zero false positives on 623 exhaustive cases, and discovery of a real Apple CVE.

References

60 extracted · 60 resolved · 1 Pith anchors

[1] 0xdea. 2025. semgrep-rules. https://github.com/0xdea/semgrep-rules. [Online; accessed 29-Jan-2025] 2025
[2] Talor Abramovich, Meet Udeshi, Minghao Shao, Kilian Lieret, Haoran Xi, Kim- berly Milner, Sofija Jancheska, John Yang, Carlos E Jimenez, Farshad Khorrami, et al. [n. d.]. EnIGMA: Interactive Tools Sub
[3] Jimenez, Farshad Khorrami, Prashanth Krishnamurthy, Brendan Dolan-Gavitt, Muhammad Shafique, Karthik Narasimhan, Ramesh Karri, and Ofir Press 2024
[4] AFL++ Team. 2023. AFL++: Combining Incremental Steps of Fuzzing Research. https://github.com/AFLplusplus/AFLplusplus. Accessed: 2026-01-20 2023
[5] Anthropic. [n. d.]. Claude Code Overview. https://code.claude.com/docs/en/ overview. Claude Code Docs, accessed April 6, 2026 2026
Receipt and verification
First computed 2026-05-17T21:40:25.851786Z
Last reissued 2026-05-17T21:57:19.180479Z
Builder pith-number-builder-2026-05-17-v1
Signature unsigned_v0
Schema pith-number/v1.0

Canonical hash

2559549982a76e034f136b18d27e86eaf504955dd7acd86b866742f8cf44647f

Aliases

arxiv: 2605.15097 · arxiv_version: 2605.15097v1 · pith_short_12: EVMVJGMCU5XA · pith_short_16: EVMVJGMCU5XAGTYT · pith_short_8: EVMVJGMC
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/EVMVJGMCU5XAGTYTNMMNE7UG5L \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 2559549982a76e034f136b18d27e86eaf504955dd7acd86b866742f8cf44647f
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "84accd98470e101c483a13fb0f5ea76bb86ef4fc104bdc15ebb196ed2a7f717d",
    "cross_cats_sorted": [
      "cs.CR"
    ],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.SE",
    "submitted_at": "2026-05-14T17:16:11Z",
    "title_canon_sha256": "4f70bacdef37437ab92854e06dcfcaf4c9a80b04fa696d367f6942e3f6575df9"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.15097",
    "kind": "arxiv",
    "version": 1
  }
}