{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2026:YQIMLLUK4WT3BRXRNEAARKOXXD","short_pith_number":"pith:YQIMLLUK","canonical_record":{"source":{"id":"2606.26933","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-25T12:08:07Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"a6aafb78372f0eef5b69c558c68a6da2c19d48a2a929419d6f36abe65f7d3597","abstract_canon_sha256":"cd25427ad4fb18e415f3d53152d19184d63d09715025ee6f0a0715c7c687460c"},"schema_version":"1.0"},"canonical_sha256":"c410c5ae8ae5a7b0c6f1690008a9d7b8f369e603df00912314a064354615c333","source":{"kind":"arxiv","id":"2606.26933","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.26933","created_at":"2026-06-26T01:16:04Z"},{"alias_kind":"arxiv_version","alias_value":"2606.26933v1","created_at":"2026-06-26T01:16:04Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.26933","created_at":"2026-06-26T01:16:04Z"},{"alias_kind":"pith_short_12","alias_value":"YQIMLLUK4WT3","created_at":"2026-06-26T01:16:04Z"},{"alias_kind":"pith_short_16","alias_value":"YQIMLLUK4WT3BRXR","created_at":"2026-06-26T01:16:04Z"},{"alias_kind":"pith_short_8","alias_value":"YQIMLLUK","created_at":"2026-06-26T01:16:04Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2026:YQIMLLUK4WT3BRXRNEAARKOXXD","target":"record","payload":{"canonical_record":{"source":{"id":"2606.26933","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-25T12:08:07Z","cross_cats_sorted":["cs.AI"],"title_canon_sha256":"a6aafb78372f0eef5b69c558c68a6da2c19d48a2a929419d6f36abe65f7d3597","abstract_canon_sha256":"cd25427ad4fb18e415f3d53152d19184d63d09715025ee6f0a0715c7c687460c"},"schema_version":"1.0"},"canonical_sha256":"c410c5ae8ae5a7b0c6f1690008a9d7b8f369e603df00912314a064354615c333","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-26T01:16:04.468481Z","signature_b64":"Ej3/Y2V9RFgi65081Y6mDZLJRvPppTLX+E5TmgtoZxN4g6bALWwPhPz9O868IPhv+hZlNHMjXKTdeH4gCxH2Bw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"c410c5ae8ae5a7b0c6f1690008a9d7b8f369e603df00912314a064354615c333","last_reissued_at":"2026-06-26T01:16:04.468056Z","signature_status":"signed_v1","first_computed_at":"2026-06-26T01:16:04.468056Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2606.26933","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-26T01:16:04Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"yv3RuiLrz8fyfpOCakqhdExiHu0+RzO0WwTKC21Wfp7dTE0793szCdc3tmgp8A9DZyR7/Op7ssJTcyPmGiEnBw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-27T15:16:58.745964Z"},"content_sha256":"f07420e2e77181084838d0b21dffc19fea81f88e54a1cd86d889a20ad058b462","schema_version":"1.0","event_id":"sha256:f07420e2e77181084838d0b21dffc19fea81f88e54a1cd86d889a20ad058b462"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2026:YQIMLLUK4WT3BRXRNEAARKOXXD","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Chai: Agentic Discovery of Cryptographic Misuse Vulnerabilities","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI"],"primary_cat":"cs.CR","authors_text":"Alon Shakevsky, Austin Chu, Corban Villa, Raluca Ada Popa, Sohee Kim","submitted_at":"2026-06-25T12:08:07Z","abstract_excerpt":"AI-assisted vulnerability discovery has proven effective for bug classes like memory safety, where instrumentation confirms memory violations and efficiently filters false positives. Many dangerous vulnerability classes, such as cryptographic misuse, however, lack any comparable instrumentation. In this work, we present Chai, an AI-based system that discovers and validates cryptographic misuse vulnerabilities through naturally occurring signals. To achieve this, Chai rethinks the classical technique of differential testing by leveraging AI to 1) improve precision for detecting real security is"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.26933","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2606.26933/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-26T01:16:04Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"UGpxJVFcWugkmuvuglcGnFjwr7Da3McXXQW/+e/YU+xsimyK4LvOJQ/VsRUI2mSpCzNqJjWBrpgE/Cv6jiOOCg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-27T15:16:58.746499Z"},"content_sha256":"2731f9b70ee30d800ad6f3e8d7844a7ca7561ffa92ca3d25f3fcda0097731e2f","schema_version":"1.0","event_id":"sha256:2731f9b70ee30d800ad6f3e8d7844a7ca7561ffa92ca3d25f3fcda0097731e2f"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/YQIMLLUK4WT3BRXRNEAARKOXXD/bundle.json","state_url":"https://pith.science/pith/YQIMLLUK4WT3BRXRNEAARKOXXD/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/YQIMLLUK4WT3BRXRNEAARKOXXD/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-27T15:16:58Z","links":{"resolver":"https://pith.science/pith/YQIMLLUK4WT3BRXRNEAARKOXXD","bundle":"https://pith.science/pith/YQIMLLUK4WT3BRXRNEAARKOXXD/bundle.json","state":"https://pith.science/pith/YQIMLLUK4WT3BRXRNEAARKOXXD/state.json","well_known_bundle":"https://pith.science/.well-known/pith/YQIMLLUK4WT3BRXRNEAARKOXXD/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2026:YQIMLLUK4WT3BRXRNEAARKOXXD","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"cd25427ad4fb18e415f3d53152d19184d63d09715025ee6f0a0715c7c687460c","cross_cats_sorted":["cs.AI"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-25T12:08:07Z","title_canon_sha256":"a6aafb78372f0eef5b69c558c68a6da2c19d48a2a929419d6f36abe65f7d3597"},"schema_version":"1.0","source":{"id":"2606.26933","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2606.26933","created_at":"2026-06-26T01:16:04Z"},{"alias_kind":"arxiv_version","alias_value":"2606.26933v1","created_at":"2026-06-26T01:16:04Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2606.26933","created_at":"2026-06-26T01:16:04Z"},{"alias_kind":"pith_short_12","alias_value":"YQIMLLUK4WT3","created_at":"2026-06-26T01:16:04Z"},{"alias_kind":"pith_short_16","alias_value":"YQIMLLUK4WT3BRXR","created_at":"2026-06-26T01:16:04Z"},{"alias_kind":"pith_short_8","alias_value":"YQIMLLUK","created_at":"2026-06-26T01:16:04Z"}],"graph_snapshots":[{"event_id":"sha256:2731f9b70ee30d800ad6f3e8d7844a7ca7561ffa92ca3d25f3fcda0097731e2f","target":"graph","created_at":"2026-06-26T01:16:04Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2606.26933/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"AI-assisted vulnerability discovery has proven effective for bug classes like memory safety, where instrumentation confirms memory violations and efficiently filters false positives. Many dangerous vulnerability classes, such as cryptographic misuse, however, lack any comparable instrumentation. In this work, we present Chai, an AI-based system that discovers and validates cryptographic misuse vulnerabilities through naturally occurring signals. To achieve this, Chai rethinks the classical technique of differential testing by leveraging AI to 1) improve precision for detecting real security is","authors_text":"Alon Shakevsky, Austin Chu, Corban Villa, Raluca Ada Popa, Sohee Kim","cross_cats":["cs.AI"],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-25T12:08:07Z","title":"Chai: Agentic Discovery of Cryptographic Misuse Vulnerabilities"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2606.26933","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:f07420e2e77181084838d0b21dffc19fea81f88e54a1cd86d889a20ad058b462","target":"record","created_at":"2026-06-26T01:16:04Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"cd25427ad4fb18e415f3d53152d19184d63d09715025ee6f0a0715c7c687460c","cross_cats_sorted":["cs.AI"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2026-06-25T12:08:07Z","title_canon_sha256":"a6aafb78372f0eef5b69c558c68a6da2c19d48a2a929419d6f36abe65f7d3597"},"schema_version":"1.0","source":{"id":"2606.26933","kind":"arxiv","version":1}},"canonical_sha256":"c410c5ae8ae5a7b0c6f1690008a9d7b8f369e603df00912314a064354615c333","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"c410c5ae8ae5a7b0c6f1690008a9d7b8f369e603df00912314a064354615c333","first_computed_at":"2026-06-26T01:16:04.468056Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-26T01:16:04.468056Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"Ej3/Y2V9RFgi65081Y6mDZLJRvPppTLX+E5TmgtoZxN4g6bALWwPhPz9O868IPhv+hZlNHMjXKTdeH4gCxH2Bw==","signature_status":"signed_v1","signed_at":"2026-06-26T01:16:04.468481Z","signed_message":"canonical_sha256_bytes"},"source_id":"2606.26933","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:f07420e2e77181084838d0b21dffc19fea81f88e54a1cd86d889a20ad058b462","sha256:2731f9b70ee30d800ad6f3e8d7844a7ca7561ffa92ca3d25f3fcda0097731e2f"],"state_sha256":"d8dd76176a62f250855a4ade7b7d1adaef0f283514bb496533e98ed8cec80ac8"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"SBOPH6U4BxX/3LRTR57nOXBGkVElYUnDhZx1WaQTtF038AjcyIpEyVqA61VfrubJisvPDS1QNRd6RwD/hTCPDg==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-27T15:16:58.748482Z","bundle_sha256":"3561d1edfd990f5b0c5db0c53ae3fde77863fb8c46a99be20baf51f0fcbf8179"}}