pith. sign in
Pith Number

pith:KRSY2F27

pith:2026:KRSY2F27M2RULHLYJK6Y6NMALD
not attested not anchored not stored refs pending

PragLocker: Protecting Agent Intellectual Property in Untrusted Deployments via Non-Portable Prompts

Huifeng Zhu, Jianghui Hu, Jintao Chen, Qinfeng Li, Wenqi Zhang, Xuhong Zhang, Yier Jin, Yuntai Bao

PragLocker turns agent prompts into versions that only function correctly on one chosen LLM.

arxiv:2605.05974 v2 · 2026-05-07 · cs.CR · cs.AI

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{KRSY2F27M2RULHLYJK6Y6NMALD}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

PragLocker constructs function-preserving obfuscated prompts by anchoring semantics with code symbols and then using target-model feedback to inject noise, yielding prompts that only work on the target LLM.

C2weakest assumption

That noise injected via target-model feedback creates non-portability that cannot be removed or replicated by an adaptive adversary who has access to the obfuscated prompt and other models, while still preserving full functionality on the target.

C3one line summary

PragLocker protects agent prompts as IP by building non-portable obfuscated versions that function only on the intended LLM through code-symbol semantic anchoring followed by target-model feedback noise injection.

Receipt and verification
First computed 2026-05-20T01:05:15.518092Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

54658d175f66a3459d784abd8f358058dd210ecca1f646ff1b30232b8a080d09

Aliases

arxiv: 2605.05974 · arxiv_version: 2605.05974v2 · doi: 10.48550/arxiv.2605.05974 · pith_short_12: KRSY2F27M2RU · pith_short_16: KRSY2F27M2RULHLY · pith_short_8: KRSY2F27
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/KRSY2F27M2RULHLYJK6Y6NMALD \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 54658d175f66a3459d784abd8f358058dd210ecca1f646ff1b30232b8a080d09
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "bb559fb2b97c4a20346d87c310cb2aeda44f9014b77f9220371d7d7e3f8a0c96",
    "cross_cats_sorted": [
      "cs.AI"
    ],
    "license": "http://creativecommons.org/licenses/by-nc-nd/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-07T10:19:06Z",
    "title_canon_sha256": "7ba00c48f9528ba73436155d696a3e6bc70450c93c8341ea48433ccc1794c4bd"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.05974",
    "kind": "arxiv",
    "version": 2
  }
}