Pith Number

pith:PR26USGV

pith:2026:PR26USGVLAVGLZLDOWHSHXHI2V

not attested not anchored not stored refs resolved

State Contamination in Memory-Augmented LLM Agents

Agam Goyal, Hari Sundaram, Yian Wang, Yuen Chen

Toxic information can be compressed into memory summaries that pass toxicity detectors but still raise the chance of harmful future outputs in LLM agents.

arxiv:2605.16746 v1 · 2026-05-16 · cs.AI · cs.LG

Open paper page JSON Open Graph Bundle Merged state What is a Pith Number?

Add to your LaTeX paper

\usepackage{pith}
\pithnumber{PR26USGVLAVGLZLDOWHSHXHI2V}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more

Record completeness

1 Bitcoin timestamp

2 Internet Archive

3 Author claim open · sign in to claim

4 Citations open

5 Replications open

✓ Portable graph bundle live · download bundle · merged state

The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

toxic-origin memory summaries can remain below common toxicity thresholds while nevertheless increasing downstream toxicity relative to matched neutral baselines

C2weakest assumption

The paired counterfactual multi-agent rollouts successfully isolate the causal effect of memory state on downstream toxicity without confounding variables from agent behavior or prompt differences.

C3one line summary

Toxic context can be laundered into memory summaries that stay below toxicity thresholds while still driving higher downstream toxicity in LLM agents compared to neutral baselines.

References

26 extracted · 26 resolved · 7 Pith anchors

[1] MemoryBench: A Benchmark for Memory and Continual Learning in LLM Systems · arXiv:2510.17281

[2] Position: Safety and Fairness in Agentic AI Depend on Interaction Topology, Not on Model Scale or Alignment · arXiv:2605.01147

[3] Ai agents need memory control over more context.arXiv preprint arXiv:2601.11653,

[4] CoRR abs/2502.20383(2025) PIIGuard: Mitigating PII Harvesting under Adversarial Sanitization 17

[5] Ai safety in generative ai large language models: A survey.arXiv preprint arXiv:2407.18369,

Formal links

1 machine-checked theorem link

Receipt and verification

First computed	2026-05-20T00:02:39.578671Z
Builder	pith-number-builder-2026-05-17-v1
Signature	Pith Ed25519 (`pith-v1-2026-05`) · public key
Schema	pith-number/v1.0

Canonical hash

7c75ea48d5582a65e563758f23dce8d577496c7de5a41cf0efb5f8a2d475ca15

Aliases

arxiv: 2605.16746 · arxiv_version: 2605.16746v1 · doi: 10.48550/arxiv.2605.16746 · pith_short_12: PR26USGVLAVG · pith_short_16: PR26USGVLAVGLZLD · pith_short_8: PR26USGV

Agent API

Resolver JSON Graph JSON Events JSON Schema Signing key

Verify this Pith Number yourself

curl -sH 'Accept: application/ld+json' https://pith.science/pith/PR26USGVLAVGLZLDOWHSHXHI2V \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 7c75ea48d5582a65e563758f23dce8d577496c7de5a41cf0efb5f8a2d475ca15

Canonical record JSON

{
  "metadata": {
    "abstract_canon_sha256": "1b687951b4138a22468bcb2730f02c01f1926be03507f0d02c35f1c5f0d8f079",
    "cross_cats_sorted": [
      "cs.LG"
    ],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.AI",
    "submitted_at": "2026-05-16T01:55:06Z",
    "title_canon_sha256": "7d48ff6764571cba2494d33bdf45078aa1338414a0bc2758750fd1ffbf306dcd"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.16746",
    "kind": "arxiv",
    "version": 1
  }
}