{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2026:PHBBMTKUWJG4LZDZ4RDQLF372L","short_pith_number":"pith:PHBBMTKU","schema_version":"1.0","canonical_sha256":"79c2164d54b24dc5e479e44705977fd2cd05eda1daf1e34a9e17366551d00acf","source":{"kind":"arxiv","id":"2605.31593","version":1},"attestation_state":"computed","paper":{"title":"Stateful Online Monitoring Catches Distributed Agent Attacks","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Alexander Robey, Arav Santhanam, Davis Brown, Eric Wong, Hamed Hassani, Ivan Zhang, Kasper Hong, Matan Shtepel, Samarth Bhargav, Steffi Chern","submitted_at":"2026-05-29T17:57:00Z","abstract_excerpt":"Language models can find thousands of severe software vulnerabilities, and agents are increasingly being misused for cyberattacks. To avoid detection, attackers frequently distribute their misuse, splitting a harmful task across many user accounts so each individual transcript looks benign. Because safety monitors score only one agent context at a time, they are structurally blind to misuse that is only visible in aggregate, across many accounts. We show this gap is real by building, to our knowledge, the first distributed agent attack, a multi-agent scaffold that completes hard cybersecurity "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2605.31593","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-29T17:57:00Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"490c894236b47552d3161ccf669fcd76024e46333811432ebf685cb786d79b9d","abstract_canon_sha256":"8083e1b1a0d40cc05cf3921e9775b42d21157730839f1757552dd974d5b01e12"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-01T02:04:14.874348Z","signature_b64":"MeT4cD2N1+4erzGbmvYqIGu8E+eULYqX0S1H+LRuc4kZAzacn4yKJbVZSLH7lcJQuhhQ4PvSoY96XfAB0nfhCQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"79c2164d54b24dc5e479e44705977fd2cd05eda1daf1e34a9e17366551d00acf","last_reissued_at":"2026-06-01T02:04:14.873864Z","signature_status":"signed_v1","first_computed_at":"2026-06-01T02:04:14.873864Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Stateful Online Monitoring Catches Distributed Agent Attacks","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Alexander Robey, Arav Santhanam, Davis Brown, Eric Wong, Hamed Hassani, Ivan Zhang, Kasper Hong, Matan Shtepel, Samarth Bhargav, Steffi Chern","submitted_at":"2026-05-29T17:57:00Z","abstract_excerpt":"Language models can find thousands of severe software vulnerabilities, and agents are increasingly being misused for cyberattacks. To avoid detection, attackers frequently distribute their misuse, splitting a harmful task across many user accounts so each individual transcript looks benign. Because safety monitors score only one agent context at a time, they are structurally blind to misuse that is only visible in aggregate, across many accounts. We show this gap is real by building, to our knowledge, the first distributed agent attack, a multi-agent scaffold that completes hard cybersecurity "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2605.31593","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.31593/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2605.31593","created_at":"2026-06-01T02:04:14.873943+00:00"},{"alias_kind":"arxiv_version","alias_value":"2605.31593v1","created_at":"2026-06-01T02:04:14.873943+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.31593","created_at":"2026-06-01T02:04:14.873943+00:00"},{"alias_kind":"pith_short_12","alias_value":"PHBBMTKUWJG4","created_at":"2026-06-01T02:04:14.873943+00:00"},{"alias_kind":"pith_short_16","alias_value":"PHBBMTKUWJG4LZDZ","created_at":"2026-06-01T02:04:14.873943+00:00"},{"alias_kind":"pith_short_8","alias_value":"PHBBMTKU","created_at":"2026-06-01T02:04:14.873943+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":0,"internal_anchor_count":0,"sample":[]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/PHBBMTKUWJG4LZDZ4RDQLF372L","json":"https://pith.science/pith/PHBBMTKUWJG4LZDZ4RDQLF372L.json","graph_json":"https://pith.science/api/pith-number/PHBBMTKUWJG4LZDZ4RDQLF372L/graph.json","events_json":"https://pith.science/api/pith-number/PHBBMTKUWJG4LZDZ4RDQLF372L/events.json","paper":"https://pith.science/paper/PHBBMTKU"},"agent_actions":{"view_html":"https://pith.science/pith/PHBBMTKUWJG4LZDZ4RDQLF372L","download_json":"https://pith.science/pith/PHBBMTKUWJG4LZDZ4RDQLF372L.json","view_paper":"https://pith.science/paper/PHBBMTKU","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2605.31593&json=true","fetch_graph":"https://pith.science/api/pith-number/PHBBMTKUWJG4LZDZ4RDQLF372L/graph.json","fetch_events":"https://pith.science/api/pith-number/PHBBMTKUWJG4LZDZ4RDQLF372L/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/PHBBMTKUWJG4LZDZ4RDQLF372L/action/timestamp_anchor","attest_storage":"https://pith.science/pith/PHBBMTKUWJG4LZDZ4RDQLF372L/action/storage_attestation","attest_author":"https://pith.science/pith/PHBBMTKUWJG4LZDZ4RDQLF372L/action/author_attestation","sign_citation":"https://pith.science/pith/PHBBMTKUWJG4LZDZ4RDQLF372L/action/citation_signature","submit_replication":"https://pith.science/pith/PHBBMTKUWJG4LZDZ4RDQLF372L/action/replication_record"}},"created_at":"2026-06-01T02:04:14.873943+00:00","updated_at":"2026-06-01T02:04:14.873943+00:00"}