{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:MCSNCEBKO2Y7IZDEFZIVNCFQ2S","short_pith_number":"pith:MCSNCEBK","canonical_record":{"source":{"id":"2605.15084","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-14T17:07:29Z","cross_cats_sorted":[],"title_canon_sha256":"07620001da2f460273aaff3abe68cd447f9455afb5da128ee7161b86d156e4bf","abstract_canon_sha256":"38f6854a91449ecd798685957118fe76e575ea2692e15f04e95727bd0831ecfc"},"schema_version":"1.0"},"canonical_sha256":"60a4d1102a76b1f464642e515688b0d4963405de68765c359199ac9dd027117c","source":{"kind":"arxiv","id":"2605.15084","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.15084","created_at":"2026-05-17T23:38:54Z"},{"alias_kind":"arxiv_version","alias_value":"2605.15084v1","created_at":"2026-05-17T23:38:54Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.15084","created_at":"2026-05-17T23:38:54Z"},{"alias_kind":"pith_short_12","alias_value":"MCSNCEBKO2Y7","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_16","alias_value":"MCSNCEBKO2Y7IZDE","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_8","alias_value":"MCSNCEBK","created_at":"2026-05-18T12:33:37Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:MCSNCEBKO2Y7IZDEFZIVNCFQ2S","target":"record","payload":{"canonical_record":{"source":{"id":"2605.15084","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-14T17:07:29Z","cross_cats_sorted":[],"title_canon_sha256":"07620001da2f460273aaff3abe68cd447f9455afb5da128ee7161b86d156e4bf","abstract_canon_sha256":"38f6854a91449ecd798685957118fe76e575ea2692e15f04e95727bd0831ecfc"},"schema_version":"1.0"},"canonical_sha256":"60a4d1102a76b1f464642e515688b0d4963405de68765c359199ac9dd027117c","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:38:54.136577Z","signature_b64":"tN/Mud5CSumVZdtZuXTu6sFcI3tylbKHx2mRNAvkqrLV4pv0za+ptm1KLZxcxTpC3P/PcH9GpVH6K1M5Ox17Ag==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"60a4d1102a76b1f464642e515688b0d4963405de68765c359199ac9dd027117c","last_reissued_at":"2026-05-17T23:38:54.135890Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:38:54.135890Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2605.15084","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:38:54Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"20GSd3cC8RzvDUklijMDf/gkbbUnf1b4tYa6lz+Ul7stW1KsPWC/r2l7tMWK80JBm77JctM7YDgeyQcnTvyYAg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-01T08:14:28.011805Z"},"content_sha256":"f149769fb621a7a3605bebb06fe6981b87a6777e46efb94584fb84d015952b0c","schema_version":"1.0","event_id":"sha256:f149769fb621a7a3605bebb06fe6981b87a6777e46efb94584fb84d015952b0c"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:MCSNCEBKO2Y7IZDEFZIVNCFQ2S","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"PickleFuzzer: A Case Study in Fuzzing for Discrepancies Between Python Pickle Implementations","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Andreas Kellas, Justin Applegate","submitted_at":"2026-05-14T17:07:29Z","abstract_excerpt":"Python's native serialization protocol, pickle, is a powerful but insecure format for transferring untrusted data. It is frequently used, especially for saving machine learning models, despite known security challenges. While developers sometimes mitigate this risk by restricting imports during unpickling or using static and dynamic analysis tools, these approaches are error-prone and depend heavily on accurate interpretations of the Pickle Virtual Machine (PVM) opcodes. Discrepancies across Python's three native PVM modules can lead to incorrect detection of malicious payloads and undermine e"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2605.15084","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:38:54Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"1MspJYG9XA0EEGj2D9M0qyTP8OjJJE1P/TqJ2ua0K93n8tQXCnirOVLluOtSREQs9sphszFgxGPISlUVHG4XDg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-01T08:14:28.012159Z"},"content_sha256":"40240d0d7ed6a53774fe97e60d38b493a6579698b14c15e03e3d5ce44daa6eed","schema_version":"1.0","event_id":"sha256:40240d0d7ed6a53774fe97e60d38b493a6579698b14c15e03e3d5ce44daa6eed"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/MCSNCEBKO2Y7IZDEFZIVNCFQ2S/bundle.json","state_url":"https://pith.science/pith/MCSNCEBKO2Y7IZDEFZIVNCFQ2S/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/MCSNCEBKO2Y7IZDEFZIVNCFQ2S/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-01T08:14:28Z","links":{"resolver":"https://pith.science/pith/MCSNCEBKO2Y7IZDEFZIVNCFQ2S","bundle":"https://pith.science/pith/MCSNCEBKO2Y7IZDEFZIVNCFQ2S/bundle.json","state":"https://pith.science/pith/MCSNCEBKO2Y7IZDEFZIVNCFQ2S/state.json","well_known_bundle":"https://pith.science/.well-known/pith/MCSNCEBKO2Y7IZDEFZIVNCFQ2S/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:MCSNCEBKO2Y7IZDEFZIVNCFQ2S","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"38f6854a91449ecd798685957118fe76e575ea2692e15f04e95727bd0831ecfc","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-14T17:07:29Z","title_canon_sha256":"07620001da2f460273aaff3abe68cd447f9455afb5da128ee7161b86d156e4bf"},"schema_version":"1.0","source":{"id":"2605.15084","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.15084","created_at":"2026-05-17T23:38:54Z"},{"alias_kind":"arxiv_version","alias_value":"2605.15084v1","created_at":"2026-05-17T23:38:54Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.15084","created_at":"2026-05-17T23:38:54Z"},{"alias_kind":"pith_short_12","alias_value":"MCSNCEBKO2Y7","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_16","alias_value":"MCSNCEBKO2Y7IZDE","created_at":"2026-05-18T12:33:37Z"},{"alias_kind":"pith_short_8","alias_value":"MCSNCEBK","created_at":"2026-05-18T12:33:37Z"}],"graph_snapshots":[{"event_id":"sha256:40240d0d7ed6a53774fe97e60d38b493a6579698b14c15e03e3d5ce44daa6eed","target":"graph","created_at":"2026-05-17T23:38:54Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Python's native serialization protocol, pickle, is a powerful but insecure format for transferring untrusted data. It is frequently used, especially for saving machine learning models, despite known security challenges. While developers sometimes mitigate this risk by restricting imports during unpickling or using static and dynamic analysis tools, these approaches are error-prone and depend heavily on accurate interpretations of the Pickle Virtual Machine (PVM) opcodes. Discrepancies across Python's three native PVM modules can lead to incorrect detection of malicious payloads and undermine e","authors_text":"Andreas Kellas, Justin Applegate","cross_cats":[],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-14T17:07:29Z","title":"PickleFuzzer: A Case Study in Fuzzing for Discrepancies Between Python Pickle Implementations"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2605.15084","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:f149769fb621a7a3605bebb06fe6981b87a6777e46efb94584fb84d015952b0c","target":"record","created_at":"2026-05-17T23:38:54Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"38f6854a91449ecd798685957118fe76e575ea2692e15f04e95727bd0831ecfc","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-14T17:07:29Z","title_canon_sha256":"07620001da2f460273aaff3abe68cd447f9455afb5da128ee7161b86d156e4bf"},"schema_version":"1.0","source":{"id":"2605.15084","kind":"arxiv","version":1}},"canonical_sha256":"60a4d1102a76b1f464642e515688b0d4963405de68765c359199ac9dd027117c","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"60a4d1102a76b1f464642e515688b0d4963405de68765c359199ac9dd027117c","first_computed_at":"2026-05-17T23:38:54.135890Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:38:54.135890Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"tN/Mud5CSumVZdtZuXTu6sFcI3tylbKHx2mRNAvkqrLV4pv0za+ptm1KLZxcxTpC3P/PcH9GpVH6K1M5Ox17Ag==","signature_status":"signed_v1","signed_at":"2026-05-17T23:38:54.136577Z","signed_message":"canonical_sha256_bytes"},"source_id":"2605.15084","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:f149769fb621a7a3605bebb06fe6981b87a6777e46efb94584fb84d015952b0c","sha256:40240d0d7ed6a53774fe97e60d38b493a6579698b14c15e03e3d5ce44daa6eed"],"state_sha256":"d4f8beef344133178ac488065d8587b39098e0936220d79a02d5d094612f1f4a"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Io4ubrRolRyvBDq9H9EMZfOTO391mw0mEhT4vkmo3MkhkqOQUAL08P+Jph5g6seExVNvkIG2OhUewko4xAFBBg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-01T08:14:28.014718Z","bundle_sha256":"0087bebfa50c33d79563e31097194872f2083c413b92c06cee09139eee53e0b5"}}