pith. sign in
Pith Number

pith:XCIRARNG

pith:2026:XCIRARNGLVLGHCEQ737YKJIXYP
not attested not anchored not stored refs resolved

Ghost in the Context: Measuring Policy-Carriage Failures in Decision-Time Assembly

Igor Santos-Grueiro

Decision-time context assembly in LM agents is a measurable control-path element that can be partially hardened.

arxiv:2605.12535 v1 · 2026-05-02 · cs.CR

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{XCIRARNGLVLGHCEQ737YKJIXYP}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

Decision-time context assembly is therefore a measurable part of the control path that can be partially hardened.

C2weakest assumption

That the specific context assembly policies tested (truncation, structured-compaction) are representative of those used in practical LM agent deployments, and that the constraint respect judgments accurately reflect policy carriage without evaluator bias.

C3one line summary

Policy directives can be lost during context assembly in language model agents, leading to unprompted policy violations that SafeContext can partially prevent.

References

44 extracted · 44 resolved · 5 Pith anchors

[1] Chen Qian, Wei Liu, Hongzhang Liu, Nuo Chen, Yufan Dang, Jiahao Li, Cheng Yang, Weize Chen, Yusheng Su, Xin Cong, Juyuan Xu, Dahai Li, Zhiyuan Liu, and Maosong Sun 2024 · doi:10.18653/v1/2024.acl-
[2] Gormley, and Graham Neubig 2025 · doi:10.18653/v1/2025.naacl-long.605
[3] Agentdojo: A dynamic environment to evaluate prompt injection attacks and defenses for llm agents 2024 · doi:10.52202/079017-2636
[4] Shen Dong, Shaochen Xu, Pengfei He, Yige Li, Jiliang Tang, Tianming Liu, Hui Liu, and Zhen Xiang. 2025. Memory Injection Attacks on LLM Agents via Query- Only Interaction. InAdvances in Neural Informa 2025
[5] Cheng-Ping Hsieh, Simeng Sun, Samuel Kriman, Shantanu Acharya, Dima Rekesh, Fei Jia, Yang Zhang, and Boris Ginsburg. 2024. RULER: What’s the Real Context Size of Your Long-Context Language Models?. In 2024
Receipt and verification
First computed 2026-05-18T03:10:02.475963Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

b8911045a65d56638890feff852517c3e6bbbc962bb88f0ebe235a99ae1af8b7

Aliases

arxiv: 2605.12535 · arxiv_version: 2605.12535v1 · doi: 10.48550/arxiv.2605.12535 · pith_short_12: XCIRARNGLVLG · pith_short_16: XCIRARNGLVLGHCEQ · pith_short_8: XCIRARNG
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/XCIRARNGLVLGHCEQ737YKJIXYP \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: b8911045a65d56638890feff852517c3e6bbbc962bb88f0ebe235a99ae1af8b7
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "60014390f85173abf027e87ce69a8af7829fc4a0e228ed7a1dd4530aa18038ae",
    "cross_cats_sorted": [],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-05-02T18:07:42Z",
    "title_canon_sha256": "5ceb2e447b7179cb2f0ef9a2c61f6cd806c168464e605daf45811d3ee1734db7"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.12535",
    "kind": "arxiv",
    "version": 1
  }
}