{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:GAZNCQ3PBQVJ5XDEADRNX33HKW","short_pith_number":"pith:GAZNCQ3P","canonical_record":{"source":{"id":"2606.28666","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-27T01:00:39Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"2e452331cef78fd5d4c921a583fe478edaf31542a7821ef8de37e73011e40de3","abstract_canon_sha256":"b2746bae428ec2bd1e7a5429f36c23f65d2cdf02b8d40aa3e10b3949e82d4ab3"},"schema_version":"1.0"},"canonical_sha256":"3032d1436f0c2a9edc6400e2dbef6755baba6bba412d2884c7bc1eb5e240c041","source":{"kind":"arxiv","id":"2606.28666","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.28666","created_at":"2026-06-30T01:16:46Z"},{"alias_kind":"arxiv_version","alias_value":"2606.28666v1","created_at":"2026-06-30T01:16:46Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.28666","created_at":"2026-06-30T01:16:46Z"},{"alias_kind":"pith_short_12","alias_value":"GAZNCQ3PBQVJ","created_at":"2026-06-30T01:16:46Z"},{"alias_kind":"pith_short_16","alias_value":"GAZNCQ3PBQVJ5XDE","created_at":"2026-06-30T01:16:46Z"},{"alias_kind":"pith_short_8","alias_value":"GAZNCQ3P","created_at":"2026-06-30T01:16:46Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:GAZNCQ3PBQVJ5XDEADRNX33HKW","target":"record","payload":{"canonical_record":{"source":{"id":"2606.28666","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-27T01:00:39Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"2e452331cef78fd5d4c921a583fe478edaf31542a7821ef8de37e73011e40de3","abstract_canon_sha256":"b2746bae428ec2bd1e7a5429f36c23f65d2cdf02b8d40aa3e10b3949e82d4ab3"},"schema_version":"1.0"},"canonical_sha256":"3032d1436f0c2a9edc6400e2dbef6755baba6bba412d2884c7bc1eb5e240c041","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-30T01:16:46.577711Z","signature_b64":"5hPik5osadk7204feSEmUIrDJLUNsxPepTJxA3481uFdiZoOPV9RJUtni+uIsGHqGk2i7KkpHW3QZKjWtPfXBQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"3032d1436f0c2a9edc6400e2dbef6755baba6bba412d2884c7bc1eb5e240c041","last_reissued_at":"2026-06-30T01:16:46.576705Z","signature_status":"signed_v1","first_computed_at":"2026-06-30T01:16:46.576705Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2606.28666","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-30T01:16:46Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"mWULSYDap3JglCdIDoSWZFtaX4AlbhTxhBL5LgCxMbUY92BqKYr5gM24K/9oIbH6gL1rjkgKAk17pYwkuNJjCg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-01T00:29:14.258818Z"},"content_sha256":"52d2facd0f4fbaf4923c8a07731dc804aeb5d031cb0bcbd7a7227761e783db7b","schema_version":"1.0","event_id":"sha256:52d2facd0f4fbaf4923c8a07731dc804aeb5d031cb0bcbd7a7227761e783db7b"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:GAZNCQ3PBQVJ5XDEADRNX33HKW","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Why Trust Your Agent? Empirical Security Gains from TRiSM-Guided Agentic Workflows in Healthcare","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Liam Kearns","submitted_at":"2026-06-27T01:00:39Z","abstract_excerpt":"Agent-based AI has enabled the automation of tasks by exposing application tools and resources to large language models (LLMs). However, to improve scope and accuracy, agents are often given access rights that exceed those of ordinary users, introducing significant security risks. AI is routinely integrated into applications with a disregard to security, risking data exposure and breaching regulations. This paper applies the AI Trust, Risk, and Security Management (TRiSM) framework to a medical report-generation application to demonstrate how an insecure agent workflow can be transformed into "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.28666","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2606.28666/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-30T01:16:46Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"8ryMWFBX/UCOkjpdru0InPGd//usbPCzGokpYh6sfJjVjZWqxtuNrxZZUmhkN1msZzZECADCQfQhutqOsP7OBg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-01T00:29:14.259193Z"},"content_sha256":"77472fd7ad4da73dd3ed050542d6a8635eda50772bc216317571925bc30b877f","schema_version":"1.0","event_id":"sha256:77472fd7ad4da73dd3ed050542d6a8635eda50772bc216317571925bc30b877f"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/GAZNCQ3PBQVJ5XDEADRNX33HKW/bundle.json","state_url":"https://pith.science/pith/GAZNCQ3PBQVJ5XDEADRNX33HKW/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/GAZNCQ3PBQVJ5XDEADRNX33HKW/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-01T00:29:14Z","links":{"resolver":"https://pith.science/pith/GAZNCQ3PBQVJ5XDEADRNX33HKW","bundle":"https://pith.science/pith/GAZNCQ3PBQVJ5XDEADRNX33HKW/bundle.json","state":"https://pith.science/pith/GAZNCQ3PBQVJ5XDEADRNX33HKW/state.json","well_known_bundle":"https://pith.science/.well-known/pith/GAZNCQ3PBQVJ5XDEADRNX33HKW/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:GAZNCQ3PBQVJ5XDEADRNX33HKW","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"b2746bae428ec2bd1e7a5429f36c23f65d2cdf02b8d40aa3e10b3949e82d4ab3","cross_cats_sorted":["cs.AI"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-27T01:00:39Z","title_canon_sha256":"2e452331cef78fd5d4c921a583fe478edaf31542a7821ef8de37e73011e40de3"},"schema_version":"1.0","source":{"id":"2606.28666","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.28666","created_at":"2026-06-30T01:16:46Z"},{"alias_kind":"arxiv_version","alias_value":"2606.28666v1","created_at":"2026-06-30T01:16:46Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.28666","created_at":"2026-06-30T01:16:46Z"},{"alias_kind":"pith_short_12","alias_value":"GAZNCQ3PBQVJ","created_at":"2026-06-30T01:16:46Z"},{"alias_kind":"pith_short_16","alias_value":"GAZNCQ3PBQVJ5XDE","created_at":"2026-06-30T01:16:46Z"},{"alias_kind":"pith_short_8","alias_value":"GAZNCQ3P","created_at":"2026-06-30T01:16:46Z"}],"graph_snapshots":[{"event_id":"sha256:77472fd7ad4da73dd3ed050542d6a8635eda50772bc216317571925bc30b877f","target":"graph","created_at":"2026-06-30T01:16:46Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2606.28666/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Agent-based AI has enabled the automation of tasks by exposing application tools and resources to large language models (LLMs). However, to improve scope and accuracy, agents are often given access rights that exceed those of ordinary users, introducing significant security risks. AI is routinely integrated into applications with a disregard to security, risking data exposure and breaching regulations. This paper applies the AI Trust, Risk, and Security Management (TRiSM) framework to a medical report-generation application to demonstrate how an insecure agent workflow can be transformed into ","authors_text":"Liam Kearns","cross_cats":["cs.AI"],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-27T01:00:39Z","title":"Why Trust Your Agent? Empirical Security Gains from TRiSM-Guided Agentic Workflows in Healthcare"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.28666","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:52d2facd0f4fbaf4923c8a07731dc804aeb5d031cb0bcbd7a7227761e783db7b","target":"record","created_at":"2026-06-30T01:16:46Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"b2746bae428ec2bd1e7a5429f36c23f65d2cdf02b8d40aa3e10b3949e82d4ab3","cross_cats_sorted":["cs.AI"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-27T01:00:39Z","title_canon_sha256":"2e452331cef78fd5d4c921a583fe478edaf31542a7821ef8de37e73011e40de3"},"schema_version":"1.0","source":{"id":"2606.28666","kind":"arxiv","version":1}},"canonical_sha256":"3032d1436f0c2a9edc6400e2dbef6755baba6bba412d2884c7bc1eb5e240c041","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"3032d1436f0c2a9edc6400e2dbef6755baba6bba412d2884c7bc1eb5e240c041","first_computed_at":"2026-06-30T01:16:46.576705Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-30T01:16:46.576705Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"5hPik5osadk7204feSEmUIrDJLUNsxPepTJxA3481uFdiZoOPV9RJUtni+uIsGHqGk2i7KkpHW3QZKjWtPfXBQ==","signature_status":"signed_v1","signed_at":"2026-06-30T01:16:46.577711Z","signed_message":"canonical_sha256_bytes"},"source_id":"2606.28666","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:52d2facd0f4fbaf4923c8a07731dc804aeb5d031cb0bcbd7a7227761e783db7b","sha256:77472fd7ad4da73dd3ed050542d6a8635eda50772bc216317571925bc30b877f"],"state_sha256":"9f53bc12637b064e00cdcdf3dd909f110d3e836cf8cb8a10f1ee4c03f84bb2db"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"bbBEYEcrXv2jM475FWuLE/VA0xsCaRJtKt7E46omOvBr1E1soKXKHB6EfYXEWPTN2jF/8qzHtF9A8TfCdHbRBQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-01T00:29:14.261419Z","bundle_sha256":"d0176c45f785681a1b70b0d573cceab708efeedd4d4583f620d79ec6dd499ac8"}}