{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:TYGPHL5L5LWEDJMLLEWWSRUE3B","short_pith_number":"pith:TYGPHL5L","canonical_record":{"source":{"id":"2606.04739","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2026-06-03T11:20:37Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"e8978905d84bd2edca23aecac6a6f1f3b001c82bf63ad0b22a22ba1f6c197780","abstract_canon_sha256":"8ece31e5ed8ea02c24c4114212de4ff78f03a29e1acdaacc5a96f85f68ccc02d"},"schema_version":"1.0"},"canonical_sha256":"9e0cf3afabeaec41a58b592d694684d8670abfdc5fe1adacb1448a6d296fb3cc","source":{"kind":"arxiv","id":"2606.04739","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.04739","created_at":"2026-06-04T01:09:27Z"},{"alias_kind":"arxiv_version","alias_value":"2606.04739v1","created_at":"2026-06-04T01:09:27Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.04739","created_at":"2026-06-04T01:09:27Z"},{"alias_kind":"pith_short_12","alias_value":"TYGPHL5L5LWE","created_at":"2026-06-04T01:09:27Z"},{"alias_kind":"pith_short_16","alias_value":"TYGPHL5L5LWEDJML","created_at":"2026-06-04T01:09:27Z"},{"alias_kind":"pith_short_8","alias_value":"TYGPHL5L","created_at":"2026-06-04T01:09:27Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:TYGPHL5L5LWEDJMLLEWWSRUE3B","target":"record","payload":{"canonical_record":{"source":{"id":"2606.04739","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2026-06-03T11:20:37Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"e8978905d84bd2edca23aecac6a6f1f3b001c82bf63ad0b22a22ba1f6c197780","abstract_canon_sha256":"8ece31e5ed8ea02c24c4114212de4ff78f03a29e1acdaacc5a96f85f68ccc02d"},"schema_version":"1.0"},"canonical_sha256":"9e0cf3afabeaec41a58b592d694684d8670abfdc5fe1adacb1448a6d296fb3cc","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-04T01:09:27.724810Z","signature_b64":"Elb5JftuP247q8LknlBL4TvOkL9jyB2db/GVrpnvH6kpjGLia3/ZoeftoQ2HZ16LQOdS86C6YzTYkLWI9+WmBA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"9e0cf3afabeaec41a58b592d694684d8670abfdc5fe1adacb1448a6d296fb3cc","last_reissued_at":"2026-06-04T01:09:27.724033Z","signature_status":"signed_v1","first_computed_at":"2026-06-04T01:09:27.724033Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2606.04739","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-04T01:09:27Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Gm6bCUYvBnc5OQBXRHSsDuAAsIpBo397H0+hnjJdH3hPoCfYY8bpI5kYQRj9NEuzlY6CnoUajZX66LITKokACw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-10T00:58:26.046569Z"},"content_sha256":"c687ad6bcc0888d26a6864d96a28202587b78fa4f4b555712d2cb780a7e98e4a","schema_version":"1.0","event_id":"sha256:c687ad6bcc0888d26a6864d96a28202587b78fa4f4b555712d2cb780a7e98e4a"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:TYGPHL5L5LWEDJMLLEWWSRUE3B","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Revisiting Vul-RAG: Reproducibility and Replicability of RAG-based Vulnerability Detection with Open-Weight Models","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.SE","authors_text":"Fabian Schmidt, Sabrina Kaniewski, Tobias Heer","submitted_at":"2026-06-03T11:20:37Z","abstract_excerpt":"Large language models (LLMs) have shown strong potential for automated software vulnerability detection, particularly in retrieval-augmented generation (RAG) settings. However, for approaches relying on proprietary models and APIs, reproducibility and replicability remain largely unexplored, raising the question of whether reported results generalize or depend primarily on specific model choices. In this work, we present a reproducibility study of Vul-RAG, a RAG-based framework for source code vulnerability detection that enhances LLMs with high-level vulnerability knowledge. We first replicat"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.04739","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2606.04739/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-04T01:09:27Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"AFax7N29bBSUMrSnIelqlnds561S3nTsUs7k1C9/4XffMVbL9P00g0+nOJQXTe1XH7oodS9o80RDaaQiRgR2Ag==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-10T00:58:26.047392Z"},"content_sha256":"d8c290f106e300d79d562e5c7a6cc7b7339e0b7c7b33aed57f4c2108bb1e224c","schema_version":"1.0","event_id":"sha256:d8c290f106e300d79d562e5c7a6cc7b7339e0b7c7b33aed57f4c2108bb1e224c"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/TYGPHL5L5LWEDJMLLEWWSRUE3B/bundle.json","state_url":"https://pith.science/pith/TYGPHL5L5LWEDJMLLEWWSRUE3B/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/TYGPHL5L5LWEDJMLLEWWSRUE3B/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-10T00:58:26Z","links":{"resolver":"https://pith.science/pith/TYGPHL5L5LWEDJMLLEWWSRUE3B","bundle":"https://pith.science/pith/TYGPHL5L5LWEDJMLLEWWSRUE3B/bundle.json","state":"https://pith.science/pith/TYGPHL5L5LWEDJMLLEWWSRUE3B/state.json","well_known_bundle":"https://pith.science/.well-known/pith/TYGPHL5L5LWEDJMLLEWWSRUE3B/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:TYGPHL5L5LWEDJMLLEWWSRUE3B","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"8ece31e5ed8ea02c24c4114212de4ff78f03a29e1acdaacc5a96f85f68ccc02d","cross_cats_sorted":["cs.AI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2026-06-03T11:20:37Z","title_canon_sha256":"e8978905d84bd2edca23aecac6a6f1f3b001c82bf63ad0b22a22ba1f6c197780"},"schema_version":"1.0","source":{"id":"2606.04739","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.04739","created_at":"2026-06-04T01:09:27Z"},{"alias_kind":"arxiv_version","alias_value":"2606.04739v1","created_at":"2026-06-04T01:09:27Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.04739","created_at":"2026-06-04T01:09:27Z"},{"alias_kind":"pith_short_12","alias_value":"TYGPHL5L5LWE","created_at":"2026-06-04T01:09:27Z"},{"alias_kind":"pith_short_16","alias_value":"TYGPHL5L5LWEDJML","created_at":"2026-06-04T01:09:27Z"},{"alias_kind":"pith_short_8","alias_value":"TYGPHL5L","created_at":"2026-06-04T01:09:27Z"}],"graph_snapshots":[{"event_id":"sha256:d8c290f106e300d79d562e5c7a6cc7b7339e0b7c7b33aed57f4c2108bb1e224c","target":"graph","created_at":"2026-06-04T01:09:27Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2606.04739/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Large language models (LLMs) have shown strong potential for automated software vulnerability detection, particularly in retrieval-augmented generation (RAG) settings. However, for approaches relying on proprietary models and APIs, reproducibility and replicability remain largely unexplored, raising the question of whether reported results generalize or depend primarily on specific model choices. In this work, we present a reproducibility study of Vul-RAG, a RAG-based framework for source code vulnerability detection that enhances LLMs with high-level vulnerability knowledge. We first replicat","authors_text":"Fabian Schmidt, Sabrina Kaniewski, Tobias Heer","cross_cats":["cs.AI"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2026-06-03T11:20:37Z","title":"Revisiting Vul-RAG: Reproducibility and Replicability of RAG-based Vulnerability Detection with Open-Weight Models"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.04739","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:c687ad6bcc0888d26a6864d96a28202587b78fa4f4b555712d2cb780a7e98e4a","target":"record","created_at":"2026-06-04T01:09:27Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"8ece31e5ed8ea02c24c4114212de4ff78f03a29e1acdaacc5a96f85f68ccc02d","cross_cats_sorted":["cs.AI"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2026-06-03T11:20:37Z","title_canon_sha256":"e8978905d84bd2edca23aecac6a6f1f3b001c82bf63ad0b22a22ba1f6c197780"},"schema_version":"1.0","source":{"id":"2606.04739","kind":"arxiv","version":1}},"canonical_sha256":"9e0cf3afabeaec41a58b592d694684d8670abfdc5fe1adacb1448a6d296fb3cc","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"9e0cf3afabeaec41a58b592d694684d8670abfdc5fe1adacb1448a6d296fb3cc","first_computed_at":"2026-06-04T01:09:27.724033Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-04T01:09:27.724033Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"Elb5JftuP247q8LknlBL4TvOkL9jyB2db/GVrpnvH6kpjGLia3/ZoeftoQ2HZ16LQOdS86C6YzTYkLWI9+WmBA==","signature_status":"signed_v1","signed_at":"2026-06-04T01:09:27.724810Z","signed_message":"canonical_sha256_bytes"},"source_id":"2606.04739","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:c687ad6bcc0888d26a6864d96a28202587b78fa4f4b555712d2cb780a7e98e4a","sha256:d8c290f106e300d79d562e5c7a6cc7b7339e0b7c7b33aed57f4c2108bb1e224c"],"state_sha256":"0d215796d6907067029b5f2ddcfbef9c5a62be5162b283bf8bab520a6e26f9a4"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"91I7s1qsASpQjjnY60XvdH+lb4uPI7xmpdLdJ6Jxowb8WujqR1+aCMwwt7kY52iwQvYKVPnuDcm7me+CUJ76Aw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-10T00:58:26.051701Z","bundle_sha256":"e32caeca1c5dcf13708f64de6f857f123a2bf3ad5d6bd0ec5d5870af937da1cb"}}