{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2025:G3S7DTOC3AF2J4UY6HQLWI4SL3","short_pith_number":"pith:G3S7DTOC","schema_version":"1.0","canonical_sha256":"36e5f1cdc2d80ba4f298f1e0bb23925ef8ead6d75d55d5f16206b5ff45d094ef","source":{"kind":"arxiv","id":"2504.20984","version":3},"attestation_state":"computed","paper":{"title":"ACE: A Security Architecture for LLM-Integrated App Systems","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"Alina Oprea, Cristina Nita-Rotaru, Evan Li, Evan Rose, Tushin Mallick, William Robertson","submitted_at":"2025-04-29T17:55:52Z","abstract_excerpt":"LLM-integrated app systems extend the utility of Large Language Models (LLMs) with third-party apps that are invoked by a system LLM using interleaved planning and execution phases to answer user queries. These systems introduce new attack vectors where malicious apps can cause integrity violation of planning or execution, availability breakdown, or privacy compromise during execution.\n  In this work, we identify new attacks impacting the integrity of planning, as well as the integrity and availability of execution in LLM-integrated apps, and demonstrate them against IsolateGPT, a recent solut"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2504.20984","kind":"arxiv","version":3},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2025-04-29T17:55:52Z","cross_cats_sorted":["cs.LG"],"title_canon_sha256":"4501fbaf5152d061d55abcfa29931ad90a75aca7baadabb170d11c1a6df1914a","abstract_canon_sha256":"667c82eb335140e8150f319207edd6db192dc6a9fcd5bc2f06db071530ec4ac9"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:39:18.073246Z","signature_b64":"y6fUmkuuMgFL9AssPPJTZ/K3F82p7QL8U8BFxcSzSwsxjwbkq+sXr5wtrQ4jUKKVyG6k7kJqRVSLy/9eLb1hDw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"36e5f1cdc2d80ba4f298f1e0bb23925ef8ead6d75d55d5f16206b5ff45d094ef","last_reissued_at":"2026-05-17T23:39:18.072758Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:39:18.072758Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"ACE: A Security Architecture for LLM-Integrated App Systems","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.LG"],"primary_cat":"cs.CR","authors_text":"Alina Oprea, Cristina Nita-Rotaru, Evan Li, Evan Rose, Tushin Mallick, William Robertson","submitted_at":"2025-04-29T17:55:52Z","abstract_excerpt":"LLM-integrated app systems extend the utility of Large Language Models (LLMs) with third-party apps that are invoked by a system LLM using interleaved planning and execution phases to answer user queries. These systems introduce new attack vectors where malicious apps can cause integrity violation of planning or execution, availability breakdown, or privacy compromise during execution.\n  In this work, we identify new attacks impacting the integrity of planning, as well as the integrity and availability of execution in LLM-integrated apps, and demonstrate them against IsolateGPT, a recent solut"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2504.20984","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2504.20984","created_at":"2026-05-17T23:39:18.072830+00:00"},{"alias_kind":"arxiv_version","alias_value":"2504.20984v3","created_at":"2026-05-17T23:39:18.072830+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2504.20984","created_at":"2026-05-17T23:39:18.072830+00:00"},{"alias_kind":"pith_short_12","alias_value":"G3S7DTOC3AF2","created_at":"2026-05-18T12:33:37.589309+00:00"},{"alias_kind":"pith_short_16","alias_value":"G3S7DTOC3AF2J4UY","created_at":"2026-05-18T12:33:37.589309+00:00"},{"alias_kind":"pith_short_8","alias_value":"G3S7DTOC","created_at":"2026-05-18T12:33:37.589309+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":8,"internal_anchor_count":8,"sample":[{"citing_arxiv_id":"2603.09002","citing_title":"Security Considerations for Multi-agent Systems","ref_index":209,"is_internal_anchor":true},{"citing_arxiv_id":"2605.10907","citing_title":"Engineering Robustness into Personal Agents with the AI Workflow Store","ref_index":30,"is_internal_anchor":true},{"citing_arxiv_id":"2605.10907","citing_title":"Engineering Robustness into Personal Agents with the AI Workflow Store","ref_index":30,"is_internal_anchor":true},{"citing_arxiv_id":"2605.03378","citing_title":"ARGUS: Defending LLM Agents Against Context-Aware Prompt Injection","ref_index":20,"is_internal_anchor":true},{"citing_arxiv_id":"2605.06205","citing_title":"ClawGuard: Out-of-Band Detection of LLM Agent Workflow Hijacking via EM Side Channel","ref_index":26,"is_internal_anchor":true},{"citing_arxiv_id":"2604.19657","citing_title":"An AI Agent Execution Environment to Safeguard User Data","ref_index":32,"is_internal_anchor":true},{"citing_arxiv_id":"2604.12986","citing_title":"Parallax: Why AI Agents That Think Must Never Act","ref_index":50,"is_internal_anchor":true},{"citing_arxiv_id":"2604.06284","citing_title":"ClawLess: A Security Model of AI Agents","ref_index":14,"is_internal_anchor":true}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/G3S7DTOC3AF2J4UY6HQLWI4SL3","json":"https://pith.science/pith/G3S7DTOC3AF2J4UY6HQLWI4SL3.json","graph_json":"https://pith.science/api/pith-number/G3S7DTOC3AF2J4UY6HQLWI4SL3/graph.json","events_json":"https://pith.science/api/pith-number/G3S7DTOC3AF2J4UY6HQLWI4SL3/events.json","paper":"https://pith.science/paper/G3S7DTOC"},"agent_actions":{"view_html":"https://pith.science/pith/G3S7DTOC3AF2J4UY6HQLWI4SL3","download_json":"https://pith.science/pith/G3S7DTOC3AF2J4UY6HQLWI4SL3.json","view_paper":"https://pith.science/paper/G3S7DTOC","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2504.20984&json=true","fetch_graph":"https://pith.science/api/pith-number/G3S7DTOC3AF2J4UY6HQLWI4SL3/graph.json","fetch_events":"https://pith.science/api/pith-number/G3S7DTOC3AF2J4UY6HQLWI4SL3/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/G3S7DTOC3AF2J4UY6HQLWI4SL3/action/timestamp_anchor","attest_storage":"https://pith.science/pith/G3S7DTOC3AF2J4UY6HQLWI4SL3/action/storage_attestation","attest_author":"https://pith.science/pith/G3S7DTOC3AF2J4UY6HQLWI4SL3/action/author_attestation","sign_citation":"https://pith.science/pith/G3S7DTOC3AF2J4UY6HQLWI4SL3/action/citation_signature","submit_replication":"https://pith.science/pith/G3S7DTOC3AF2J4UY6HQLWI4SL3/action/replication_record"}},"created_at":"2026-05-17T23:39:18.072830+00:00","updated_at":"2026-05-17T23:39:18.072830+00:00"}