scan-v4.json (29470B)
1 { 2 "scan_version": 4, 3 "paper_type": "empirical", 4 "paper": { 5 "title": "F2A: An Innovative Approach for Prompt Injection by Utilizing Feign Security Detection Agents", 6 "authors": [ 7 "Yupeng Ren" 8 ], 9 "year": 2024, 10 "venue": "arXiv.org", 11 "arxiv_id": "2410.08776", 12 "doi": "10.48550/arXiv.2410.08776" 13 }, 14 "checklist": { 15 "claims_and_evidence": { 16 "abstract_claims_supported": { 17 "applies": true, 18 "answer": true, 19 "justification": "The abstract claims most LLMs can be compromised by F2A, only a minority resist, and a defense is proposed. Table 1 shows most models have 2+ hits, Table 2 shows the defense reduces success. Claims are roughly supported.", 20 "source": "opus" 21 }, 22 "causal_claims_justified": { 23 "applies": true, 24 "answer": false, 25 "justification": "The paper claims 'blind trust in safety detection agents' causes vulnerability, but there is no controlled experiment comparing F2A prompts with vs. without the fake detector results. Without this control, the causal mechanism (is it the fake detector or the obfuscation?) is not isolated.", 26 "source": "opus" 27 }, 28 "generalization_bounded": { 29 "applies": true, 30 "answer": false, 31 "justification": "The title claims this is an approach 'for Prompt Injection' generally, but only 9 models are tested with 10 hand-crafted prompts. No scope boundaries are stated about which models, versions, or deployment contexts these results apply to.", 32 "source": "opus" 33 }, 34 "alternative_explanations_discussed": { 35 "applies": true, 36 "answer": false, 37 "justification": "No alternative explanations are discussed. For instance, the paper does not consider whether the Python code obfuscation alone (Step 1) is sufficient to bypass defenses, or whether the sequential instruction format (Step 3) contributes independently of the fake detector.", 38 "source": "opus" 39 }, 40 "proxy_outcome_distinction": { 41 "applies": true, 42 "answer": false, 43 "justification": "GPT-4o judges whether model output contains 'dangerous components,' but the paper does not discuss whether GPT-4o's judgment is a valid proxy for actual harmfulness, or the false positive/negative rates of this judge.", 44 "source": "opus" 45 } 46 }, 47 "limitations_and_scope": { 48 "limitations_section_present": { 49 "applies": true, 50 "answer": false, 51 "justification": "No dedicated limitations or threats-to-validity section exists in the paper. The conclusion briefly mentions that 'a minority of LLMs with critical thinking capabilities resisted' but does not discuss study limitations.", 52 "source": "opus" 53 }, 54 "threats_to_validity_specific": { 55 "applies": true, 56 "answer": false, 57 "justification": "No threats to validity are discussed. Issues such as the small prompt set, single-run testing, reliance on GPT-4o as sole judge, and potential prompt overfitting are not addressed.", 58 "source": "opus" 59 }, 60 "scope_boundaries_stated": { 61 "applies": true, 62 "answer": false, 63 "justification": "No explicit scope boundaries are stated. The paper does not discuss what models, versions, or deployment configurations the results do or do not apply to.", 64 "source": "opus" 65 } 66 }, 67 "conflicts_of_interest": { 68 "funding_disclosed": { 69 "applies": true, 70 "answer": false, 71 "justification": "No funding source is disclosed. There is no acknowledgments section mentioning grants or sponsors.", 72 "source": "opus" 73 }, 74 "affiliations_disclosed": { 75 "applies": true, 76 "answer": true, 77 "justification": "Author affiliation is clearly stated: Institute of Information Engineering, Chinese Academy of Sciences. The author is not affiliated with any of the evaluated model providers.", 78 "source": "opus" 79 }, 80 "funder_independent_of_outcome": { 81 "applies": true, 82 "answer": false, 83 "justification": "No funding is disclosed, so independence of the funder cannot be assessed.", 84 "source": "opus" 85 }, 86 "financial_interests_declared": { 87 "applies": true, 88 "answer": false, 89 "justification": "No competing interests or financial interests statement is provided.", 90 "source": "opus" 91 } 92 }, 93 "scope_and_framing": { 94 "key_terms_defined": { 95 "applies": true, 96 "answer": false, 97 "justification": "Core terms undefined: 'blind trust' (core claim but never formally defined), 'safety detection agent' (used throughout but not defined), 'prompt injection' (used but not defined in paper context).", 98 "source": "haiku" 99 }, 100 "intended_contribution_clear": { 101 "applies": true, 102 "answer": true, 103 "justification": "Three contributions explicitly listed: (1) formalize F2A attack, (2) demonstrate vulnerabilities, (3) propose defense. These are clear.", 104 "source": "haiku" 105 }, 106 "engagement_with_prior_work": { 107 "applies": true, 108 "answer": false, 109 "justification": "Section 1 lists prior work (injection attacks, jailbreaks, watermarks, RLHF) but doesn't clearly explain how F2A relates to or differs from existing attack vectors already in the literature.", 110 "source": "haiku" 111 } 112 } 113 }, 114 "type_checklist": { 115 "empirical": { 116 "artifacts": { 117 "code_released": { 118 "applies": true, 119 "answer": false, 120 "justification": "No code repository or download link is provided anywhere in the paper.", 121 "source": "opus" 122 }, 123 "data_released": { 124 "applies": true, 125 "answer": false, 126 "justification": "While one full F2A prompt is shown in the appendix (Prompt A), the remaining 9 attack prompts and model outputs are not released as a dataset.", 127 "source": "opus" 128 }, 129 "environment_specified": { 130 "applies": true, 131 "answer": false, 132 "justification": "No environment specifications, library versions, or API configurations are provided.", 133 "source": "opus" 134 }, 135 "reproduction_instructions": { 136 "applies": true, 137 "answer": false, 138 "justification": "No reproduction instructions are provided. The methodology section describes the 3-step process conceptually but does not give step-by-step instructions to reproduce the experiments.", 139 "source": "opus" 140 } 141 }, 142 "statistical_methodology": { 143 "confidence_intervals_or_error_bars": { 144 "applies": true, 145 "answer": false, 146 "justification": "Results are reported as binary hit/miss per model-prompt combination (Table 1) and hit scores out of 10 (Table 2) with no confidence intervals or error bars.", 147 "source": "opus" 148 }, 149 "significance_tests": { 150 "applies": true, 151 "answer": false, 152 "justification": "The paper claims certain models are more/less vulnerable and that the defense reduces attack success, but no statistical significance tests are used. Comparisons are made by eyeballing raw counts.", 153 "source": "opus" 154 }, 155 "effect_sizes_reported": { 156 "applies": true, 157 "answer": false, 158 "justification": "Hit counts are reported (e.g., 2/10, 6/10) but no formal effect sizes (Cohen's d, odds ratios) are provided. The defense experiment (Table 2) shows raw score changes but no standardized effect measures.", 159 "source": "opus" 160 }, 161 "sample_size_justified": { 162 "applies": true, 163 "answer": false, 164 "justification": "The choice of 10 attack prompts and 9 models is not justified. No power analysis or rationale for sample size is provided.", 165 "source": "opus" 166 }, 167 "variance_reported": { 168 "applies": true, 169 "answer": false, 170 "justification": "Each attack appears to be tested once per model. No multiple runs, no variance or standard deviation reported.", 171 "source": "opus" 172 } 173 }, 174 "evaluation_design": { 175 "baselines_included": { 176 "applies": true, 177 "answer": false, 178 "justification": "No comparison against other jailbreak or prompt injection methods (e.g., GCG, PAIR, DAN). F2A is tested in isolation with no baselines.", 179 "source": "opus" 180 }, 181 "baselines_contemporary": { 182 "applies": true, 183 "answer": false, 184 "justification": "No baselines are included at all, so contemporaneity cannot be assessed.", 185 "source": "opus" 186 }, 187 "ablation_study": { 188 "applies": true, 189 "answer": false, 190 "justification": "F2A has three components (Convert Malicious Content, Feign Security Detection Results, Construct Task Instructions) but no ablation removing individual components to measure their contribution.", 191 "source": "opus" 192 }, 193 "multiple_metrics": { 194 "applies": true, 195 "answer": false, 196 "justification": "Only one metric is used: binary hit/miss as judged by GPT-4o. No other metrics (e.g., harmfulness severity, response quality, attack stealth) are reported.", 197 "source": "opus" 198 }, 199 "human_evaluation": { 200 "applies": true, 201 "answer": false, 202 "justification": "Attack success is judged solely by GPT-4o. No human evaluation of whether generated content is actually harmful. Some screenshots are shown in the appendix but no systematic human assessment.", 203 "source": "opus" 204 }, 205 "held_out_test_set": { 206 "applies": true, 207 "answer": false, 208 "justification": "No separation of development and test prompts. The 10 prompts appear to have been used directly for evaluation without any dev/test split.", 209 "source": "opus" 210 }, 211 "per_category_breakdown": { 212 "applies": true, 213 "answer": true, 214 "justification": "Table 1 provides a per-category breakdown across 10 attack types (death, weapon, racial discrimination, poison, fraud, etc.) for each model.", 215 "source": "opus" 216 }, 217 "failure_cases_discussed": { 218 "applies": true, 219 "answer": true, 220 "justification": "Section 4.1 discusses failure cases, e.g., 'While Llama3.1-8B-Instruct was attacked by Fraud, the injection prompt was regarded by the model as other ordinary content,' noting that weak semantic understanding can cause F2A to fail.", 221 "source": "opus" 222 }, 223 "negative_results_reported": { 224 "applies": true, 225 "answer": true, 226 "justification": "The paper reports that GPT-4o and Qwen models resisted most attacks (only 2/10 hits), and that some attacks failed because models misunderstood the instructions rather than refusing.", 227 "source": "opus" 228 } 229 }, 230 "setup_transparency": { 231 "model_versions_specified": { 232 "applies": true, 233 "answer": false, 234 "justification": "Models are listed by marketing names (GPT-4o, GLM-4-Plus, Mistral-Large-2, DeepSeek-V2.5, etc.) without API versions, snapshot dates, or access dates. GPT-4o has no snapshot identifier.", 235 "source": "opus" 236 }, 237 "prompts_provided": { 238 "applies": true, 239 "answer": true, 240 "justification": "The full F2A prompt construction is shown in Instances A, B, C (Section 3) and a complete example prompt is provided in the Prompts Appendix (F2A Prompt A). The Defe-Prompt defense prompt is also provided in Section 4.2.", 241 "source": "opus" 242 }, 243 "hyperparameters_reported": { 244 "applies": true, 245 "answer": false, 246 "justification": "No generation hyperparameters (temperature, top-p, max tokens) are reported for any of the tested models or for GPT-4o as judge.", 247 "source": "opus" 248 }, 249 "scaffolding_described": { 250 "applies": false, 251 "answer": false, 252 "justification": "No agentic scaffolding is used. The attack is a single-turn prompt injection.", 253 "source": "opus" 254 }, 255 "data_preprocessing_documented": { 256 "applies": true, 257 "answer": true, 258 "justification": "The 3-step prompt construction methodology (Convert Malicious Content → Feign Security Detection Results → Construct Task Instructions) is documented in detail in Section 3 with worked examples.", 259 "source": "opus" 260 } 261 }, 262 "data_integrity": { 263 "raw_data_available": { 264 "applies": true, 265 "answer": false, 266 "justification": "Model outputs are not available. Only a few screenshots are shown in the appendix. The full set of model responses and GPT-4o judgments are not provided.", 267 "source": "opus" 268 }, 269 "data_collection_described": { 270 "applies": true, 271 "answer": false, 272 "justification": "The paper describes the attack prompts and notes GPT-4o was used as judge, but does not detail how model outputs were collected (API vs. web interface), how GPT-4o judging was conducted (what prompt, what criteria), or how results were recorded.", 273 "source": "opus" 274 }, 275 "recruitment_methods_described": { 276 "applies": true, 277 "answer": false, 278 "justification": "No justification for why these 9 specific models were selected. The selection appears ad hoc with no stated criteria for model inclusion.", 279 "source": "opus" 280 }, 281 "data_pipeline_documented": { 282 "applies": true, 283 "answer": false, 284 "justification": "The pipeline from prompt construction to GPT-4o judgment has gaps. How were model outputs fed to GPT-4o? What prompt did GPT-4o use for judging? How were binary hit/miss decisions recorded? None of these are documented.", 285 "source": "opus" 286 } 287 }, 288 "contamination": { 289 "training_cutoff_stated": { 290 "applies": false, 291 "answer": false, 292 "justification": "This paper tests an attack method against LLM safety mechanisms, not model knowledge on a benchmark. Contamination in the traditional sense (model has seen test answers) does not apply.", 293 "source": "opus" 294 }, 295 "train_test_overlap_discussed": { 296 "applies": false, 297 "answer": false, 298 "justification": "The paper tests defenses/safety mechanisms rather than model knowledge, so train/test overlap is not applicable.", 299 "source": "opus" 300 }, 301 "benchmark_contamination_addressed": { 302 "applies": false, 303 "answer": false, 304 "justification": "This is a red-teaming/attack study, not a benchmark evaluation of model knowledge. Benchmark contamination is not applicable.", 305 "source": "opus" 306 } 307 }, 308 "human_studies": { 309 "pre_registered": { 310 "applies": false, 311 "answer": false, 312 "justification": "No human participants in this study.", 313 "source": "opus" 314 }, 315 "irb_or_ethics_approval": { 316 "applies": false, 317 "answer": false, 318 "justification": "No human participants. However, the paper deals with generating harmful content and does not mention ethics review for the red-teaming work.", 319 "source": "opus" 320 }, 321 "demographics_reported": { 322 "applies": false, 323 "answer": false, 324 "justification": "No human participants.", 325 "source": "opus" 326 }, 327 "inclusion_exclusion_criteria": { 328 "applies": false, 329 "answer": false, 330 "justification": "No human participants.", 331 "source": "opus" 332 }, 333 "randomization_described": { 334 "applies": false, 335 "answer": false, 336 "justification": "No human participants.", 337 "source": "opus" 338 }, 339 "blinding_described": { 340 "applies": false, 341 "answer": false, 342 "justification": "No human participants.", 343 "source": "opus" 344 }, 345 "attrition_reported": { 346 "applies": false, 347 "answer": false, 348 "justification": "No human participants.", 349 "source": "opus" 350 } 351 }, 352 "cost_and_practicality": { 353 "inference_cost_reported": { 354 "applies": true, 355 "answer": false, 356 "justification": "No inference costs are reported despite making API calls to multiple commercial LLMs (GPT-4o, GLM-4-Plus, Mistral, DeepSeek, etc.).", 357 "source": "opus" 358 }, 359 "compute_budget_stated": { 360 "applies": true, 361 "answer": false, 362 "justification": "No computational budget is stated.", 363 "source": "opus" 364 } 365 }, 366 "experimental_rigor": { 367 "seed_sensitivity_reported": { 368 "applies": true, 369 "answer": false, 370 "justification": "No mention of multiple runs or seed sensitivity. Each attack appears to be tested once per model.", 371 "source": "opus" 372 }, 373 "number_of_runs_stated": { 374 "applies": true, 375 "answer": false, 376 "justification": "The number of experimental runs per model-prompt combination is not stated. It appears to be a single run each.", 377 "source": "opus" 378 }, 379 "hyperparameter_search_budget": { 380 "applies": true, 381 "answer": false, 382 "justification": "No discussion of how the attack prompts were iteratively refined or how many prompt variations were tried before arriving at the final 10.", 383 "source": "opus" 384 }, 385 "best_config_selection_justified": { 386 "applies": true, 387 "answer": false, 388 "justification": "The final prompt format is presented without explaining how it was selected or whether alternatives were tried.", 389 "source": "opus" 390 }, 391 "multiple_comparison_correction": { 392 "applies": false, 393 "answer": false, 394 "justification": "No statistical tests are performed at all, so multiple comparison correction is moot.", 395 "source": "opus" 396 }, 397 "self_comparison_bias_addressed": { 398 "applies": true, 399 "answer": false, 400 "justification": "The authors propose F2A and evaluate it themselves. No discussion of self-evaluation bias or independent evaluation.", 401 "source": "opus" 402 }, 403 "compute_budget_vs_performance": { 404 "applies": false, 405 "answer": false, 406 "justification": "Compute differences between conditions are negligible (single prompt-response exchanges).", 407 "source": "opus" 408 }, 409 "benchmark_construct_validity": { 410 "applies": true, 411 "answer": false, 412 "justification": "GPT-4o is used as the sole judge of attack success but the paper does not discuss whether GPT-4o's judgment accurately measures real-world harm, nor validate it against human judgment.", 413 "source": "opus" 414 }, 415 "scaffold_confound_addressed": { 416 "applies": false, 417 "answer": false, 418 "justification": "No scaffolding is involved. The attack is a single-turn prompt injection.", 419 "source": "opus" 420 } 421 }, 422 "data_leakage": { 423 "temporal_leakage_addressed": { 424 "applies": true, 425 "answer": false, 426 "justification": "The paper does not discuss whether tested models may have been trained on similar attack patterns or whether safety training included F2A-like scenarios, which would affect measured vulnerability.", 427 "source": "opus" 428 }, 429 "feature_leakage_addressed": { 430 "applies": true, 431 "answer": false, 432 "justification": "No discussion of whether the evaluation setup leaks information about the attack's intent to the model through context or formatting cues.", 433 "source": "opus" 434 }, 435 "non_independence_addressed": { 436 "applies": true, 437 "answer": false, 438 "justification": "All 10 prompts follow the same 3-step F2A template. Non-independence of test cases (shared structure) is not discussed.", 439 "source": "opus" 440 }, 441 "leakage_detection_method": { 442 "applies": true, 443 "answer": false, 444 "justification": "No leakage detection or prevention method is applied.", 445 "source": "opus" 446 } 447 } 448 } 449 }, 450 "claims": [ 451 { 452 "claim": "LLMs exhibit blind trust in safety detection agents and can be exploited via fake detector outputs", 453 "evidence": "Table 1 shows 8 tested LLMs with varying success rates; GPT-4o (marked least vulnerable) resists well while others show higher vulnerability.", 454 "supported": "moderate" 455 }, 456 { 457 "claim": "String concatenation obfuscation successfully hides malicious prompts from safety filters", 458 "evidence": "Attack methodology uses string splitting to hide queries like 'How to make a bomb?' in concatenated Python code; this appears consistent in enabling downstream steps.", 459 "supported": "moderate" 460 }, 461 { 462 "claim": "Fake security detection scores (S ∈ [85, 99]) convince models to bypass safety mechanisms", 463 "evidence": "Fabricated detection results are injected into prompts; Table 1 shows attacks succeed, but no ablation isolates this component's contribution.", 464 "supported": "weak" 465 }, 466 { 467 "claim": "Fraud and mental health attack types are harder for models to defend against", 468 "evidence": "Section 4.1 observes these topics 'more difficult for models to detect,' attributed to similarity with benign use cases, but only anecdotal, single-run evidence.", 469 "supported": "weak" 470 }, 471 { 472 "claim": "Defense-Prompt (Defe-Prompt) asking models to critically evaluate detection results reduces F2A success rates substantially", 473 "evidence": "Table 2 shows hit scores reduced from 2-6/10 to 0-1/10 on 4 tested models, but limited scope and no comparison to other defense strategies.", 474 "supported": "moderate" 475 } 476 ], 477 "methodology_tags": [ 478 "benchmark-eval", 479 "case-study" 480 ], 481 "key_findings": "The paper demonstrates that several large language models can be manipulated to generate harmful content by combining string obfuscation, fake security detector outputs, and misleading instructions in a technique termed Feign Agent Attack (F2A). Success rates vary significantly across models, with GPT-4o showing stronger resistance than others. A proposed defense (critical evaluation prompts) substantially reduces attack success, though the evaluation lacks statistical rigor with single-run trials, no baselines, and no component ablation.", 482 "red_flags": [ 483 { 484 "flag": "No baseline comparison", 485 "detail": "What's the success rate of requesting harmful content directly? Without baseline, can't assess if F2A adds value or just demonstrates existing LLM vulnerabilities." 486 }, 487 { 488 "flag": "Single-run per condition", 489 "detail": "No repeated trials, confidence intervals, or error bars. A '80% success rate' could be statistical noise; repeating might yield very different results." 490 }, 491 { 492 "flag": "Unreliable judge", 493 "detail": "GPT-4o judges whether models output harmful content. But GPT-4o's own judgments are fallible and may miss harms or false-positives." 494 }, 495 { 496 "flag": "Limited prompt sample", 497 "detail": "Only 10 attack prompts across 10 harmful categories. Unknown if these are representative, cherry-picked best cases, or worst cases." 498 }, 499 { 500 "flag": "No ablation study", 501 "detail": "Three components (obfuscation, fake detector, instruction framing) tested together only. Which part matters? Unknown." 502 }, 503 { 504 "flag": "No temporal stability", 505 "detail": "Results snapshot-in-time. Are these findings stable a week later? Models update frequently; generalization unknown." 506 }, 507 { 508 "flag": "Defense overfitting risk", 509 "detail": "Defe-Prompt hand-crafted for F2A. May fail on other jailbreaks or inadvertently break legitimate use cases; no robustness testing." 510 }, 511 { 512 "flag": "Threat model constraints not justified", 513 "detail": "Assumes attackers can't modify system prompts. Many real attacks do; rationale for this artificial boundary not discussed." 514 } 515 ], 516 "cited_papers": [ 517 { 518 "title": "LLM-Based Edge Intelligence: A Comprehensive Survey on Architectures, Applications, Security and Trustworthiness", 519 "relevance": "Surveys LLM security and trustworthiness; contextualizes safety detection agents as core infrastructure." 520 }, 521 { 522 "title": "Breaking Down the Defenses: A Comparative Survey of Attacks on Large Language Models", 523 "relevance": "Prior work on diverse LLM attack vectors; F2A positioned as novel indirect injection variant." 524 }, 525 { 526 "title": "Not What You've Signed Up For: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection", 527 "relevance": "Foundational work on indirect prompt injection; F2A extends this to exploit trust in safety detectors specifically." 528 }, 529 { 530 "title": "Defending Against Indirect Prompt Injection Attacks With Spotlighting", 531 "relevance": "Defense mechanism against indirect injection; relevant to mitigation discussion." 532 }, 533 { 534 "title": "SafetyBench: Evaluating the Safety of Large Language Models", 535 "relevance": "Benchmark for evaluating LLM safety mechanisms; contextualizes evaluation of F2A success rates." 536 }, 537 { 538 "title": "ShieldLM: Empowering LLMs as Aligned, Customizable and Explainable Safety Detectors", 539 "relevance": "Safety detection as LLM capability; directly relevant to understanding what F2A attacks." 540 } 541 ], 542 "engagement_factors": { 543 "practical_relevance": { 544 "score": 2, 545 "justification": "Security researchers can use prompts to test LLM safety, but real attacks would likely be more sophisticated; limited direct practitioner applicability." 546 }, 547 "surprise_contrarian": { 548 "score": 2, 549 "justification": "Demonstrates suspected vulnerability (models overtrust safety agents) systematically, but concept is not entirely novel given prior indirect injection work." 550 }, 551 "fear_safety": { 552 "score": 3, 553 "justification": "Demonstrates successful jailbreak of LLM safety mechanisms via trust exploitation; raises alarm about robustness of deployed safety layers." 554 }, 555 "drama_conflict": { 556 "score": 1, 557 "justification": "Technical vulnerability disclosure; no controversy, drama, or conflict angle—straightforward security research." 558 }, 559 "demo_ability": { 560 "score": 2, 561 "justification": "Prompts provided and can be manually tested, but requires API access to proprietary LLMs; not freely reproducible offline." 562 }, 563 "brand_recognition": { 564 "score": 1, 565 "justification": "Single-author paper from Chinese Academy of Sciences, posted to arXiv; no prominent lab affiliation or venue recognition." 566 } 567 }, 568 "hn_data": { 569 "threads": [ 570 { 571 "hn_id": "24805792", 572 "title": "Refinement Types: A Tutorial", 573 "points": 3, 574 "comments": 0, 575 "url": "https://news.ycombinator.com/item?id=24805792", 576 "created_at": "2020-10-16T22:55:03Z" 577 }, 578 { 579 "hn_id": "41913877", 580 "title": "Bypassing the Popularity Bias: Repurposing Models for Long-Tail Recommendation", 581 "points": 2, 582 "comments": 0, 583 "url": "https://news.ycombinator.com/item?id=41913877", 584 "created_at": "2024-10-22T13:11:35Z" 585 }, 586 { 587 "hn_id": "24882449", 588 "title": "The Nvidia PilotNet Experiments", 589 "points": 2, 590 "comments": 0, 591 "url": "https://news.ycombinator.com/item?id=24882449", 592 "created_at": "2020-10-24T22:35:53Z" 593 }, 594 { 595 "hn_id": "42978639", 596 "title": "DocVLM: Make Your VLM an Efficient Reader", 597 "points": 2, 598 "comments": 0, 599 "url": "https://news.ycombinator.com/item?id=42978639", 600 "created_at": "2025-02-07T23:20:57Z" 601 }, 602 { 603 "hn_id": "42645393", 604 "title": "Searching Latent Program Spaces", 605 "points": 2, 606 "comments": 0, 607 "url": "https://news.ycombinator.com/item?id=42645393", 608 "created_at": "2025-01-09T13:46:21Z" 609 }, 610 { 611 "hn_id": "38004580", 612 "title": "Gesture Recognition for FMCW Radar on the Edge", 613 "points": 1, 614 "comments": 0, 615 "url": "https://news.ycombinator.com/item?id=38004580", 616 "created_at": "2023-10-24T19:59:44Z" 617 }, 618 { 619 "hn_id": "24800126", 620 "title": "Refinement Types: A Tutorial", 621 "points": 1, 622 "comments": 0, 623 "url": "https://news.ycombinator.com/item?id=24800126", 624 "created_at": "2020-10-16T12:29:06Z" 625 } 626 ], 627 "top_points": 3, 628 "total_points": 13, 629 "total_comments": 0 630 } 631 }