Pith Number

pith:R4YIVGVC

pith:2026:R4YIVGVCVUZRMNSRNSHEP3HSRL

not attested not anchored not stored refs resolved

uGen: An Agentic Framework for Generating Microarchitectural Attack PoCs

Berk Gulmezoglu, Debopriya Roy Dipta, Eduard Marin, Thomas Eisenbarth, Thore Tiemann

uGen generates functionally correct microarchitectural attack PoCs by using multi-agent retrieval to fill LLM knowledge gaps.

arxiv:2605.15503 v1 · 2026-05-15 · cs.CR

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?

Add to your LaTeX paper

\usepackage{pith}
\pithnumber{R4YIVGVCVUZRMNSRNSHEP3HSRL}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp

2 Internet Archive

3 Author claim open · sign in to claim

4 Citations open

5 Replications open

✓ Portable graph bundle live · download bundle · merged state

The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

In the deployment stage, uGen achieves up to 100% success rate for Spectre-v1 (Claude Sonnet-4) and 80% for Prime+Probe (Qwen3-Coder). Finally, we demonstrate that uGen can generate a successful PoC code with a cost of $1.25 in under four minutes.

C2weakest assumption

That identifying LLM knowledge gaps via systematic study and injecting missing attack primitives through retrieval-augmented multi-agent generation will reliably produce functionally correct and portable PoC code across diverse microarchitectures, vulnerable functions, and execution environments.

C3one line summary

uGen is the first retrieval-augmented multi-agent LLM framework for generating functionally correct microarchitectural attack PoCs, reporting up to 100% success on Spectre-v1 and 80% on Prime+Probe at low cost.

References

63 extracted · 63 resolved · 5 Pith anchors

[1] Introducing Claude 4 2025

[2] Anthropic’s transparency hub 2026

[3] Branch history injection: On the effectiveness of hardware mitigations against cross-privilege Spectre-v2 attacks 2022

[4] SMoTherSpectre: Exploiting speculative execution through port contention 2019

[5] Rae, Erich Elsen, and Laurent Sifre 2022

Formal links

2 machine-checked theorem links

Receipt and verification

First computed	2026-05-20T00:01:02.027843Z
Builder	pith-number-builder-2026-05-17-v1
Signature	Pith Ed25519 (`pith-v1-2026-05`) · public key
Schema	pith-number/v1.0

Canonical hash

8f308a9aa2ad331636516c8e47ecf28aeef62214089ccdd6e219639b670e8f12

Aliases

arxiv: 2605.15503 · arxiv_version: 2605.15503v1 · doi: 10.48550/arxiv.2605.15503 · pith_short_12: R4YIVGVCVUZR · pith_short_16: R4YIVGVCVUZRMNSR · pith_short_8: R4YIVGVC

Agent API

Resolver JSON Graph JSON Events JSON Schema Signing key

Verify this Pith Number yourself

curl -sH 'Accept: application/ld+json' https://pith.science/pith/R4YIVGVCVUZRMNSRNSHEP3HSRL \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: 8f308a9aa2ad331636516c8e47ecf28aeef62214089ccdd6e219639b670e8f12

Canonical record JSON

{
  "metadata": {
    "abstract_canon_sha256": "aa9f9b05268882ea844c64cb42a29079a8740b4f4e0a6173dcf3be64e10b2f8d",
    "cross_cats_sorted": [],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-15T00:50:49Z",
    "title_canon_sha256": "7f52283caca36d22c5f81346b37f05517f098a6e45fd97c68cf8f646369d88f0"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.15503",
    "kind": "arxiv",
    "version": 1
  }
}