{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:EVOAK5DPMU732LSAUBXTZ44AGY","short_pith_number":"pith:EVOAK5DP","schema_version":"1.0","canonical_sha256":"255c05746f653fbd2e40a06f3cf380361ce7cbec7630c99f07c8e5ef8cbaf90a","source":{"kind":"arxiv","id":"2605.24421","version":1},"attestation_state":"computed","paper":{"title":"Poisoning the Watchtower: Prompt Injection Attacks Against LLM-Augmented Security Operations Through Adversarial Log Content","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"Archit Bhujang, Rohan Pandey","submitted_at":"2026-05-23T06:21:10Z","abstract_excerpt":"Large language models (LLMs) are increasingly used as analyst assistants in security operations centers (SOCs), where they ingest log and alert data to produce triage labels, incident summaries, or remediation advice. We study a structural failure mode of this design: many log fields are attacker controlled. User agents, URLs, payloads, DNS queries, and attempted usernames can therefore carry instructions to the model alongside evidence of the intrusion. We call this setting \\emph{log-substrate prompt injection}. We introduce a four-class taxonomy of log-substrate attacks: direct override (S1)"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2605.24421","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-23T06:21:10Z","cross_cats_sorted":["cs.LG"],"title_canon_sha256":"16f68ddb20df2cd1c9be7769fdde38289bfb452cb6f7a34624f836c0efba658e","abstract_canon_sha256":"ceb4209e48685ef6a8f9b0193bdd6c57f0ed654f4acaf672958d96a9bcb77c70"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-26T01:03:38.875720Z","signature_b64":"GIK+elZqabkIhTXyecwfg+30N0UnGeB4hx9SWGsFU44MxiA3UShDbEi1yaDI5tW0+TTPqQyo6fbNJKkCHNyRAQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"255c05746f653fbd2e40a06f3cf380361ce7cbec7630c99f07c8e5ef8cbaf90a","last_reissued_at":"2026-05-26T01:03:38.874925Z","signature_status":"signed_v1","first_computed_at":"2026-05-26T01:03:38.874925Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Poisoning the Watchtower: Prompt Injection Attacks Against LLM-Augmented Security Operations Through Adversarial Log Content","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"Archit Bhujang, Rohan Pandey","submitted_at":"2026-05-23T06:21:10Z","abstract_excerpt":"Large language models (LLMs) are increasingly used as analyst assistants in security operations centers (SOCs), where they ingest log and alert data to produce triage labels, incident summaries, or remediation advice. We study a structural failure mode of this design: many log fields are attacker controlled. User agents, URLs, payloads, DNS queries, and attempted usernames can therefore carry instructions to the model alongside evidence of the intrusion. We call this setting \\emph{log-substrate prompt injection}. We introduce a four-class taxonomy of log-substrate attacks: direct override (S1)"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2605.24421","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.24421/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2605.24421","created_at":"2026-05-26T01:03:38.875053+00:00"},{"alias_kind":"arxiv_version","alias_value":"2605.24421v1","created_at":"2026-05-26T01:03:38.875053+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.24421","created_at":"2026-05-26T01:03:38.875053+00:00"},{"alias_kind":"pith_short_12","alias_value":"EVOAK5DPMU73","created_at":"2026-05-26T01:03:38.875053+00:00"},{"alias_kind":"pith_short_16","alias_value":"EVOAK5DPMU732LSA","created_at":"2026-05-26T01:03:38.875053+00:00"},{"alias_kind":"pith_short_8","alias_value":"EVOAK5DP","created_at":"2026-05-26T01:03:38.875053+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/EVOAK5DPMU732LSAUBXTZ44AGY","json":"https://pith.science/pith/EVOAK5DPMU732LSAUBXTZ44AGY.json","graph_json":"https://pith.science/api/pith-number/EVOAK5DPMU732LSAUBXTZ44AGY/graph.json","events_json":"https://pith.science/api/pith-number/EVOAK5DPMU732LSAUBXTZ44AGY/events.json","paper":"https://pith.science/paper/EVOAK5DP"},"agent_actions":{"view_html":"https://pith.science/pith/EVOAK5DPMU732LSAUBXTZ44AGY","download_json":"https://pith.science/pith/EVOAK5DPMU732LSAUBXTZ44AGY.json","view_paper":"https://pith.science/paper/EVOAK5DP","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2605.24421&json=true","fetch_graph":"https://pith.science/api/pith-number/EVOAK5DPMU732LSAUBXTZ44AGY/graph.json","fetch_events":"https://pith.science/api/pith-number/EVOAK5DPMU732LSAUBXTZ44AGY/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/EVOAK5DPMU732LSAUBXTZ44AGY/action/timestamp_anchor","attest_storage":"https://pith.science/pith/EVOAK5DPMU732LSAUBXTZ44AGY/action/storage_attestation","attest_author":"https://pith.science/pith/EVOAK5DPMU732LSAUBXTZ44AGY/action/author_attestation","sign_citation":"https://pith.science/pith/EVOAK5DPMU732LSAUBXTZ44AGY/action/citation_signature","submit_replication":"https://pith.science/pith/EVOAK5DPMU732LSAUBXTZ44AGY/action/replication_record"}},"created_at":"2026-05-26T01:03:38.875053+00:00","updated_at":"2026-05-26T01:03:38.875053+00:00"}