{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:U4ENVT5GBKS5CPOKQDQ6VBUXTA","short_pith_number":"pith:U4ENVT5G","canonical_record":{"source":{"id":"2605.20641","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-20T02:55:56Z","cross_cats_sorted":["cs.AI","cs.LG"],"title_canon_sha256":"653dd1e7a44ecd8998b15c29e4a6196ba6c9baa092ae85d21fafc6ac14a0f17d","abstract_canon_sha256":"e62cd2ed574b4be48051e9f1752218435ba6f60d7f9941ac1856f0d45bbd7cdd"},"schema_version":"1.0"},"canonical_sha256":"a708dacfa60aa5d13dca80e1ea8697981031716c33b623681dc28e6aefd5205c","source":{"kind":"arxiv","id":"2605.20641","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.20641","created_at":"2026-05-21T01:04:46Z"},{"alias_kind":"arxiv_version","alias_value":"2605.20641v1","created_at":"2026-05-21T01:04:46Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.20641","created_at":"2026-05-21T01:04:46Z"},{"alias_kind":"pith_short_12","alias_value":"U4ENVT5GBKS5","created_at":"2026-05-21T01:04:46Z"},{"alias_kind":"pith_short_16","alias_value":"U4ENVT5GBKS5CPOK","created_at":"2026-05-21T01:04:46Z"},{"alias_kind":"pith_short_8","alias_value":"U4ENVT5G","created_at":"2026-05-21T01:04:46Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:U4ENVT5GBKS5CPOKQDQ6VBUXTA","target":"record","payload":{"canonical_record":{"source":{"id":"2605.20641","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-20T02:55:56Z","cross_cats_sorted":["cs.AI","cs.LG"],"title_canon_sha256":"653dd1e7a44ecd8998b15c29e4a6196ba6c9baa092ae85d21fafc6ac14a0f17d","abstract_canon_sha256":"e62cd2ed574b4be48051e9f1752218435ba6f60d7f9941ac1856f0d45bbd7cdd"},"schema_version":"1.0"},"canonical_sha256":"a708dacfa60aa5d13dca80e1ea8697981031716c33b623681dc28e6aefd5205c","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-21T01:04:46.365697Z","signature_b64":"FKFpzCAwWpxjWg+iD1iKju40pD3JXSrk1cPhfwOHdCPjCpNLiO5Y1qsq/2XYsmKAVYoPlsFcGjvo4TBUsySpAg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"a708dacfa60aa5d13dca80e1ea8697981031716c33b623681dc28e6aefd5205c","last_reissued_at":"2026-05-21T01:04:46.365067Z","signature_status":"signed_v1","first_computed_at":"2026-05-21T01:04:46.365067Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2605.20641","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-21T01:04:46Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"/HiNhZdKu9Cvi/AwSu3pwic0KdkezWGCRJzCuJjSOfDf2Uuu55a+j6Zj0FTvbwLayYjo3M6UZjyhgMmXwrf/Ag==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-02T06:06:15.053450Z"},"content_sha256":"324a296d7a1883f2015681d569bf478a3cbb35485104cdf6f192d30c6429ae47","schema_version":"1.0","event_id":"sha256:324a296d7a1883f2015681d569bf478a3cbb35485104cdf6f192d30c6429ae47"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:U4ENVT5GBKS5CPOKQDQ6VBUXTA","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Trusted Weights, Treacherous Optimizations? Optimization-Triggered Backdoor Attacks on LLMs","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI","cs.LG"],"primary_cat":"cs.CR","authors_text":"Li Pan, Tianlin Li, Xiaohan Zhang, Xiaoyu Zhang, Yida Yang, Yifei Wang","submitted_at":"2026-05-20T02:55:56Z","abstract_excerpt":"Inference optimization is a vital technique for deploying LLMs at scale. Compilation is the most widely adopted optimization technique for LLMs. While it assumes semantic equivalence between the original and compiled graphs, we first uncover its numerical side effects can be maliciously exploited to implant stealthy backdoors in LLMs. We propose a unified optimization-triggered attack framework comprising two complementary strategies. Without any modification to the compiler or hardware, one strategy flips predictions for specific inputs only when the model is compiled, while the other uses a "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2605.20641","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2605.20641/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-21T01:04:46Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"pcjcv7QkGfcoYyYhssMeL0JbcDCgasMOjw3DrfrFaX+fcihQgT8a6V/Jnl5t2z2h4wwV3IeX/TNNBoqwVVMfDA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-02T06:06:15.053823Z"},"content_sha256":"fedcf1eb79a69d4683d0249022ff720aa4601830d0241fad3c59b19e4825e368","schema_version":"1.0","event_id":"sha256:fedcf1eb79a69d4683d0249022ff720aa4601830d0241fad3c59b19e4825e368"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/U4ENVT5GBKS5CPOKQDQ6VBUXTA/bundle.json","state_url":"https://pith.science/pith/U4ENVT5GBKS5CPOKQDQ6VBUXTA/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/U4ENVT5GBKS5CPOKQDQ6VBUXTA/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-02T06:06:15Z","links":{"resolver":"https://pith.science/pith/U4ENVT5GBKS5CPOKQDQ6VBUXTA","bundle":"https://pith.science/pith/U4ENVT5GBKS5CPOKQDQ6VBUXTA/bundle.json","state":"https://pith.science/pith/U4ENVT5GBKS5CPOKQDQ6VBUXTA/state.json","well_known_bundle":"https://pith.science/.well-known/pith/U4ENVT5GBKS5CPOKQDQ6VBUXTA/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:U4ENVT5GBKS5CPOKQDQ6VBUXTA","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"e62cd2ed574b4be48051e9f1752218435ba6f60d7f9941ac1856f0d45bbd7cdd","cross_cats_sorted":["cs.AI","cs.LG"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-20T02:55:56Z","title_canon_sha256":"653dd1e7a44ecd8998b15c29e4a6196ba6c9baa092ae85d21fafc6ac14a0f17d"},"schema_version":"1.0","source":{"id":"2605.20641","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2605.20641","created_at":"2026-05-21T01:04:46Z"},{"alias_kind":"arxiv_version","alias_value":"2605.20641v1","created_at":"2026-05-21T01:04:46Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2605.20641","created_at":"2026-05-21T01:04:46Z"},{"alias_kind":"pith_short_12","alias_value":"U4ENVT5GBKS5","created_at":"2026-05-21T01:04:46Z"},{"alias_kind":"pith_short_16","alias_value":"U4ENVT5GBKS5CPOK","created_at":"2026-05-21T01:04:46Z"},{"alias_kind":"pith_short_8","alias_value":"U4ENVT5G","created_at":"2026-05-21T01:04:46Z"}],"graph_snapshots":[{"event_id":"sha256:fedcf1eb79a69d4683d0249022ff720aa4601830d0241fad3c59b19e4825e368","target":"graph","created_at":"2026-05-21T01:04:46Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2605.20641/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Inference optimization is a vital technique for deploying LLMs at scale. Compilation is the most widely adopted optimization technique for LLMs. While it assumes semantic equivalence between the original and compiled graphs, we first uncover its numerical side effects can be maliciously exploited to implant stealthy backdoors in LLMs. We propose a unified optimization-triggered attack framework comprising two complementary strategies. Without any modification to the compiler or hardware, one strategy flips predictions for specific inputs only when the model is compiled, while the other uses a ","authors_text":"Li Pan, Tianlin Li, Xiaohan Zhang, Xiaoyu Zhang, Yida Yang, Yifei Wang","cross_cats":["cs.AI","cs.LG"],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-20T02:55:56Z","title":"Trusted Weights, Treacherous Optimizations? Optimization-Triggered Backdoor Attacks on LLMs"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2605.20641","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:324a296d7a1883f2015681d569bf478a3cbb35485104cdf6f192d30c6429ae47","target":"record","created_at":"2026-05-21T01:04:46Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"e62cd2ed574b4be48051e9f1752218435ba6f60d7f9941ac1856f0d45bbd7cdd","cross_cats_sorted":["cs.AI","cs.LG"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-05-20T02:55:56Z","title_canon_sha256":"653dd1e7a44ecd8998b15c29e4a6196ba6c9baa092ae85d21fafc6ac14a0f17d"},"schema_version":"1.0","source":{"id":"2605.20641","kind":"arxiv","version":1}},"canonical_sha256":"a708dacfa60aa5d13dca80e1ea8697981031716c33b623681dc28e6aefd5205c","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"a708dacfa60aa5d13dca80e1ea8697981031716c33b623681dc28e6aefd5205c","first_computed_at":"2026-05-21T01:04:46.365067Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-21T01:04:46.365067Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"FKFpzCAwWpxjWg+iD1iKju40pD3JXSrk1cPhfwOHdCPjCpNLiO5Y1qsq/2XYsmKAVYoPlsFcGjvo4TBUsySpAg==","signature_status":"signed_v1","signed_at":"2026-05-21T01:04:46.365697Z","signed_message":"canonical_sha256_bytes"},"source_id":"2605.20641","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:324a296d7a1883f2015681d569bf478a3cbb35485104cdf6f192d30c6429ae47","sha256:fedcf1eb79a69d4683d0249022ff720aa4601830d0241fad3c59b19e4825e368"],"state_sha256":"7175c1c89a3fa7048f0b094c11635782285b856adcc3e558d16410725a5cac22"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Cu34SeRCSSWcgYdyBVGRMxVn84vLv+n9X3X36U/9myBzu6kKpJKRvFIcbrwyUepCYJxessbRi8k/dJRt33gNCg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-02T06:06:15.056058Z","bundle_sha256":"350cac14bec09cac30c7bf2f192a1ca9ab16cea0339860691b360a7fb2d34ef3"}}