scan-v5.json (28428B)
1 { 2 "scan_version": 5, 3 "paper_type": "empirical", 4 "paper": { 5 "title": "\"Give a Positive Review Only\": An Early Investigation Into In-Paper Prompt Injection Attacks and Defenses for AI Reviewers", 6 "authors": [ 7 "Qin Zhou", 8 "Zhexin Zhang", 9 "Zhi Li", 10 "Limin Sun" 11 ], 12 "year": 2025, 13 "venue": "arXiv.org", 14 "arxiv_id": "2511.01287", 15 "doi": "10.48550/arXiv.2511.01287" 16 }, 17 "checklist": { 18 "claims_and_evidence": { 19 "abstract_claims_supported": { 20 "applies": true, 21 "answer": true, 22 "justification": "All abstract claims—that static/iterative attacks achieve striking performance, induce full scores, show robustness across settings, and that adaptive attackers circumvent defenses—are directly supported by Tables 2, 3, Figures 3-4, and Tables 5-7 in the results section.", 23 "source": "haiku" 24 }, 25 "causal_claims_justified": { 26 "applies": true, 27 "answer": true, 28 "justification": "Causal claims about attacks 'causing' higher scores are justified by controlled comparisons: 100 randomly sampled papers evaluated 3 times with/without attacks, holding all else constant. The study design supports causal inference.", 29 "source": "haiku" 30 }, 31 "generalization_bounded": { 32 "applies": true, 33 "answer": true, 34 "justification": "The paper explicitly bounds scope to ICLR 2025 submissions, three frontier models (GPT-5/DeepSeek/Gemini), and 100 papers, with acknowledged limitation: 'Due to cost we limit our evaluation to 100 papers and three AI reviewers. Investigating a larger set is left as future work.'", 35 "source": "haiku" 36 }, 37 "alternative_explanations_discussed": { 38 "applies": true, 39 "answer": false, 40 "justification": "The paper demonstrates that attacks work but does not explore alternative explanations for why different models have heterogeneous vulnerability (e.g., why DeepSeek-Chat is more susceptible than GPT-5). Mechanistic discussion is absent.", 41 "source": "haiku" 42 }, 43 "proxy_outcome_distinction": { 44 "applies": true, 45 "answer": true, 46 "justification": "The paper measures exactly what it claims—'overall rating assigned by the AI reviewer' on a 1-10 scale—with no mismatch between measurement and claim. Scores reported are the target outcome.", 47 "source": "haiku" 48 } 49 }, 50 "limitations_and_scope": { 51 "limitations_section_present": { 52 "applies": true, 53 "answer": true, 54 "justification": "A dedicated 'Limitations' section on page 8 states: 'Due to the substantial cost... we limit our evaluation to 100 papers and three AI reviewers.'", 55 "source": "haiku" 56 }, 57 "threats_to_validity_specific": { 58 "applies": true, 59 "answer": true, 60 "justification": "The limitation cites specific threat (cost of token generation for 100 papers × 3 models × multiple runs) and specific scope constraints (100 papers, 3 reviewers). However, other threats (e.g., model contamination, generalization to other LLMs, out-of-distribution prompts) are unaddressed.", 61 "source": "haiku" 62 }, 63 "scope_boundaries_stated": { 64 "applies": true, 65 "answer": true, 66 "justification": "Clear boundaries: ICLR 2025 submissions only, three named models, 100 paper sample, white-text embedding method, OpenRouter API. What is NOT tested (other models, other attack vectors, non-API systems) is implicit but clear from design.", 67 "source": "haiku" 68 } 69 }, 70 "conflicts_of_interest": { 71 "funding_disclosed": { 72 "applies": true, 73 "answer": false, 74 "justification": "No funding source is mentioned in the paper. Authors are affiliated with CAS institutes and Tsinghua, but no acknowledgments section or funding statement is provided.", 75 "source": "haiku" 76 }, 77 "affiliations_disclosed": { 78 "applies": true, 79 "answer": true, 80 "justification": "All authors' affiliations are explicitly listed: Institute of Information Engineering CAS, School of Cyber Security UCAS, and Tsinghua CoAI group.", 81 "source": "haiku" 82 }, 83 "funder_independent_of_outcome": { 84 "applies": false, 85 "answer": false, 86 "justification": "Not applicable—no funder disclosed.", 87 "source": "haiku" 88 }, 89 "financial_interests_declared": { 90 "applies": true, 91 "answer": false, 92 "justification": "No competing interests statement or declaration of financial interests (e.g., funding by model companies, stake in peer-review platforms, consulting relationships) is provided.", 93 "source": "haiku" 94 } 95 }, 96 "scope_and_framing": { 97 "key_terms_defined": { 98 "applies": true, 99 "answer": true, 100 "justification": "Key terms are defined: 'In-Paper Prompt Injection (IPI)' as hidden instructions in PDF to manipulate AI reviewers, 'static attack' using fixed prompts, 'iterative attack' optimizing prompts through feedback loops.", 101 "source": "haiku" 102 }, 103 "intended_contribution_clear": { 104 "applies": true, 105 "answer": true, 106 "justification": "The contribution is explicit: 'We present an early systematic study on IPI attacks and defenses targeting AI-based reviewing systems.' Four contributions are enumerated (attack paradigms, robustness analysis, defense limitations, vulnerability exposure).", 107 "source": "haiku" 108 }, 109 "engagement_with_prior_work": { 110 "applies": true, 111 "answer": true, 112 "justification": "Section 2 reviews AI-assisted reviewing (Zhu et al. 2025, Jin et al. 2024, etc.) and prior adversarial attacks (Ye et al. 2024, Lin 2025, Collu et al. 2025), positioning this work as the first systematic quantitative study vs. prior manual inspections.", 113 "source": "haiku" 114 } 115 } 116 }, 117 "type_checklist": { 118 "empirical": { 119 "artifacts": { 120 "code_released": { 121 "applies": true, 122 "answer": false, 123 "justification": "Paper mentions 'an automated Python tool' for embedding prompts but states no release. No code repository or supplementary materials provided.", 124 "source": "haiku" 125 }, 126 "data_released": { 127 "applies": true, 128 "answer": false, 129 "justification": "The 100 sampled ICLR 2025 papers are from OpenReview (public), but the specific experimental sample and AI-generated reviews are not released for reproduction.", 130 "source": "haiku" 131 }, 132 "environment_specified": { 133 "applies": true, 134 "answer": false, 135 "justification": "No requirements.txt, Dockerfile, or environment specification provided. Only mentions 'OpenRouter platform' and 'temperature = 0.9' but no Python version, dependencies, or runtime config.", 136 "source": "haiku" 137 }, 138 "reproduction_instructions": { 139 "applies": true, 140 "answer": false, 141 "justification": "Describes the approach (sample from OpenReview, embed white-text prompts, call OpenRouter API) but provides no step-by-step reproduction guide. A reader would need to infer API calls, parameter choices, and aggregation logic.", 142 "source": "haiku" 143 } 144 }, 145 "statistical_methodology": { 146 "confidence_intervals_or_error_bars": { 147 "applies": true, 148 "answer": true, 149 "justification": "Table 2 and all results report mean ± std dev (e.g., '7.03 ± 0.02'). Each paper evaluated 3 independent times; means and standard deviations computed and reported.", 150 "source": "haiku" 151 }, 152 "significance_tests": { 153 "applies": true, 154 "answer": false, 155 "justification": "Main results (Table 2) lack p-values or significance tests comparing attacked vs. non-attacked. Defense evaluation (Table 6) reports p=0.26 (not significant), and human-AI correlation (Figure 5) reports Pearson r and p-values, but primary attack comparisons are not formally tested.", 156 "source": "haiku" 157 }, 158 "effect_sizes_reported": { 159 "applies": true, 160 "answer": true, 161 "justification": "Effect sizes reported as absolute score differences: 'static attack increases the average rating by 1.91 for Gemini, 2.80 for DeepSeek, and 1.24 for GPT-5' on a 1-10 scale.", 162 "source": "haiku" 163 }, 164 "sample_size_justified": { 165 "applies": true, 166 "answer": false, 167 "justification": "Sample size (100 papers, 3 models) is justified by cost ('substantial cost... tens of thousands of tokens per paper') but no power analysis or formal statistical justification for n=100 is provided.", 168 "source": "haiku" 169 }, 170 "variance_reported": { 171 "applies": true, 172 "answer": true, 173 "justification": "Standard deviations reported in Table 2 and error bars shown in Figures 3-4. Variance described as computed 'over three independent trials' for iterative attacks.", 174 "source": "haiku" 175 } 176 }, 177 "evaluation_design": { 178 "baselines_included": { 179 "applies": true, 180 "answer": true, 181 "justification": "Comprehensive baselines: no-attack original scores, four static attack types, iterative attacks (two seed variants), defense applied, and adaptive attacks. Human review scores provided as reference.", 182 "source": "haiku" 183 }, 184 "baselines_contemporary": { 185 "applies": true, 186 "answer": true, 187 "justification": "Baselines are appropriate: original paper (no attack) and frontier models (GPT-5, DeepSeek-Chat, Gemini-2.5-Pro accessed Nov 2025 via OpenRouter) represent current state-of-art.", 188 "source": "haiku" 189 }, 190 "ablation_study": { 191 "applies": true, 192 "answer": true, 193 "justification": "Robustness analysis across multiple dimensions: four attack prompt variants (Table 1), three insertion positions (Table 3), human rating bins (Figure 3), paper length bins (Figure 4), iteration count (Table 4), and cross-model transfer (Table 5).", 194 "source": "haiku" 195 }, 196 "multiple_metrics": { 197 "applies": true, 198 "answer": true, 199 "justification": "Primary metric is overall rating (1-10 scale), but also report three subscores (Soundness, Presentation, Contribution each 1-4), detection rate, prompt recovery rate, and transfer success rates.", 200 "source": "haiku" 201 }, 202 "human_evaluation": { 203 "applies": true, 204 "answer": true, 205 "justification": "Human peer-review scores from ICLR 2025 are provided as ground truth (Figure 2 distribution, Figure 5 correlation analysis). Human baseline scores are reported in Table 2 (avg 5.12) for comparison.", 206 "source": "haiku" 207 }, 208 "held_out_test_set": { 209 "applies": true, 210 "answer": true, 211 "justification": "All 100 papers are held-out from the iterative attack optimization; the attack is tuned on a surrogate model (e.g., GPT-5) then tested on a different reviewer model, demonstrating some generalization.", 212 "source": "haiku" 213 }, 214 "per_category_breakdown": { 215 "applies": true, 216 "answer": true, 217 "justification": "Breakdowns provided by human rating bins (Figure 3), paper length bins (Figure 4), injection position (Table 3), and model choice (Table 5). Results shown stratified across these categories.", 218 "source": "haiku" 219 }, 220 "failure_cases_discussed": { 221 "applies": true, 222 "answer": true, 223 "justification": "Appendix B.1.2 shows example where GPT-5 ignores 'IGNORE ALL INSTRUCTIONS' prompt. Table 6 notes 25 cases where defense fails (score > baseline +1.5), 17 cases of overcorrection.", 224 "source": "haiku" 225 }, 226 "negative_results_reported": { 227 "applies": true, 228 "answer": true, 229 "justification": "GPT-5 shows smaller attack effects (+1.24 to +2.23) compared to DeepSeek/Gemini. Defense sometimes fails (99% detection but score reduction not significant, p=0.26). Adaptive attacks partially evade defense.", 230 "source": "haiku" 231 } 232 }, 233 "setup_transparency": { 234 "model_versions_specified": { 235 "applies": true, 236 "answer": false, 237 "justification": "Models named (GPT-5, DeepSeek-Chat/V3, Gemini-2.5-Pro) and accessed via OpenRouter, but no model release dates, snapshot versions, or training cutoff dates provided. 'Frontier models' are referenced without version pinning.", 238 "source": "haiku" 239 }, 240 "prompts_provided": { 241 "applies": true, 242 "answer": true, 243 "justification": "Table 1 provides full text of four static attack prompts. Appendix A provides exact iterative attack optimization instruction, defense instruction, and adaptive attack instruction. Reviewer prompt (review criteria) shown in Figure 6.", 244 "source": "haiku" 245 }, 246 "hyperparameters_reported": { 247 "applies": true, 248 "answer": true, 249 "justification": "Temperature fixed at 0.9. Iterative attack runs for 'up to three rounds with early stopping at score 10'. Other hyperparameters (top-p, frequency penalty) not reported.", 250 "source": "haiku" 251 }, 252 "scaffolding_described": { 253 "applies": true, 254 "answer": true, 255 "justification": "Review pipeline described: 'instructed to provide overall score (1-10) plus confidence rating after evaluating Soundness/Presentation/Contribution (each 1-4).' Figure 6 provides detailed evaluation rubric. Iterative loop: 'ingests previous prompt and reviewer feedback to generate optimized prompt.'", 256 "source": "haiku" 257 }, 258 "data_preprocessing_documented": { 259 "applies": true, 260 "answer": true, 261 "justification": "PDF parsing method documented: 'employ OpenRouter's pdf-text engine to parse PDF papers.' Attack injection documented: 'white-colored text at microscopic font sizes.' Limited detail on other preprocessing (e.g., tokenization, truncation).", 262 "source": "haiku" 263 } 264 }, 265 "data_integrity": { 266 "raw_data_available": { 267 "applies": true, 268 "answer": false, 269 "justification": "The 100 ICLR 2025 papers and their human reviews are publicly available on OpenReview, but the specific experimental dataset, AI-generated reviews, and attack prompt results are not released.", 270 "source": "haiku" 271 }, 272 "data_collection_described": { 273 "applies": true, 274 "answer": true, 275 "justification": "Clearly described: 'We randomly sampled 100 papers (in PDF format) together with their full peer reviews from the pool of 20,000+ submissions on OpenReview for ICLR 2025.' Random sampling method stated.", 276 "source": "haiku" 277 }, 278 "recruitment_methods_described": { 279 "applies": false, 280 "answer": false, 281 "justification": "Not applicable. No human participants or recruitment; study uses existing conference submissions.", 282 "source": "haiku" 283 }, 284 "data_pipeline_documented": { 285 "applies": true, 286 "answer": true, 287 "justification": "Pipeline described: sample from OpenReview → parse with OpenRouter → embed white-text prompts → evaluate 3 times per paper → aggregate mean/std. Some details missing (e.g., how are multiple runs aggregated for iterative attacks).", 288 "source": "haiku" 289 } 290 }, 291 "contamination": { 292 "training_cutoff_stated": { 293 "applies": true, 294 "answer": false, 295 "justification": "Training cutoff dates for GPT-5, DeepSeek-Chat, or Gemini-2.5-Pro are not stated. ICLR 2025 papers are likely from late 2024/2025, but risk of contamination is not discussed.", 296 "source": "haiku" 297 }, 298 "train_test_overlap_discussed": { 299 "applies": true, 300 "answer": false, 301 "justification": "No discussion of whether ICLR 2025 submissions might appear in training data of frontier models. This risk is not addressed.", 302 "source": "haiku" 303 }, 304 "benchmark_contamination_addressed": { 305 "applies": true, 306 "answer": false, 307 "justification": "ICLR 2025 is not a static benchmark; it is an active competition at submission time. Contamination is less critical for this attack demonstration but still unaddressed.", 308 "source": "haiku" 309 } 310 }, 311 "human_studies": { 312 "pre_registered": { 313 "applies": false, 314 "answer": false, 315 "justification": "Not applicable. No human subjects or interventions.", 316 "source": "haiku" 317 }, 318 "irb_or_ethics_approval": { 319 "applies": false, 320 "answer": false, 321 "justification": "Not applicable. No human participants.", 322 "source": "haiku" 323 }, 324 "demographics_reported": { 325 "applies": false, 326 "answer": false, 327 "justification": "Not applicable. No human participants.", 328 "source": "haiku" 329 }, 330 "inclusion_exclusion_criteria": { 331 "applies": false, 332 "answer": false, 333 "justification": "Not applicable. No human participants.", 334 "source": "haiku" 335 }, 336 "randomization_described": { 337 "applies": false, 338 "answer": false, 339 "justification": "Not applicable. No human participants.", 340 "source": "haiku" 341 }, 342 "blinding_described": { 343 "applies": false, 344 "answer": false, 345 "justification": "Not applicable. No human participants.", 346 "source": "haiku" 347 }, 348 "attrition_reported": { 349 "applies": false, 350 "answer": false, 351 "justification": "Not applicable. No human participants.", 352 "source": "haiku" 353 } 354 }, 355 "cost_and_practicality": { 356 "inference_cost_reported": { 357 "applies": true, 358 "answer": false, 359 "justification": "Paper mentions 'substantial cost... where a single paper can consume tens of thousands of tokens' but provides no quantified costs (USD, total tokens, $/paper). Practical cost remains opaque.", 360 "source": "haiku" 361 }, 362 "compute_budget_stated": { 363 "applies": true, 364 "answer": false, 365 "justification": "No total computational budget, cost estimate, or runtime metrics provided. Only qualitative mention of cost as motivation for n=100 limit.", 366 "source": "haiku" 367 } 368 } 369 } 370 }, 371 "claims": [ 372 { 373 "claim": "Static attacks increase AI review scores by 1.24-2.80 points on a 1-10 scale", 374 "evidence": "Table 2 shows score increases: Gemini +1.91 (Prompt 3), DeepSeek +2.80 (Prompt 3), GPT-5 +1.60 (Prompt 4), averaged across 100 ICLR papers and 3 independent evaluation runs.", 375 "supported": "strong" 376 }, 377 { 378 "claim": "Iterative attacks achieve near-maximum scores (9.75-10.0) for DeepSeek and Gemini", 379 "evidence": "Table 2 reports iterative attack (Prompt 3-based): Gemini 9.84±0.03, DeepSeek 10.00±0.00, both approaching perfect 10.0 after 3 optimization rounds.", 380 "supported": "strong" 381 }, 382 { 383 "claim": "Attacks remain effective across insertion positions, paper lengths, and paper quality", 384 "evidence": "Table 3 shows injection position invariance (8.90-8.97 all similar). Figures 3-4 show robustness across human rating bins and page length bins for all three models.", 385 "supported": "strong" 386 }, 387 { 388 "claim": "Attack prompts transfer across models, especially GPT-5-optimized prompts", 389 "evidence": "Table 5: prompts optimized for GPT-5 transfer with +2.19 gain to Gemini and +2.72 to DeepSeek. DeepSeek-optimized prompts transfer weakly (+0.15 to GPT-5).", 390 "supported": "strong" 391 }, 392 { 393 "claim": "Detection-based defense identifies 99% of naive attacks but fails to significantly reduce scores", 394 "evidence": "Table 6: attack detection rate 99/100 with restored prompts in 91/100 cases. However, defense score (7.27) reduction is not statistically significant vs. no-attack baseline (7.06, p=0.26). 25 cases still exceed baseline by >1.5 points.", 395 "supported": "moderate" 396 }, 397 { 398 "claim": "Adaptive attacks designed to evade detection partially circumvent the defense", 399 "evidence": "Table 7: adaptive attack increases score to 8.11 (vs. baseline 7.06, +1.05 gain), with only 24% detection rate and 25 undetected cases exceeding baseline by >1.5.", 400 "supported": "moderate" 401 } 402 ], 403 "methodology_tags": [ 404 "benchmark-eval", 405 "empirical" 406 ], 407 "key_findings": "This empirical study demonstrates that AI-assisted peer review systems are highly vulnerable to prompt injection attacks embedded as invisible white text in submitted PDFs. Static attacks using predefined malicious prompts increase review scores by 1.24-2.80 points; iterative attacks optimizing prompts against a surrogate model achieve near-maximum scores (9.75-10.0) for DeepSeek-Chat and Gemini-2.5-Pro on 100 ICLR 2025 papers. Attacks remain effective across varying paper lengths, quality levels, and insertion positions, and transfer across models when optimized on more robust targets. A detection-based defense achieves 99% detection rate but fails to significantly reduce attack impact (p=0.26), and adaptive attacks designed to evade detection still increase scores by +1.05 points with only 24% detection rate, exposing fundamental vulnerabilities in AI-based review systems.", 408 "red_flags": [ 409 { 410 "flag": "Small sample size without power analysis", 411 "detail": "100 papers justified by cost but no power analysis or effect size assumptions stated. Generalization to ~1000s of future submissions unclear." 412 }, 413 { 414 "flag": "Main results lack significance tests", 415 "detail": "Table 2 attack/no-attack comparisons report only means and standard deviations; no p-values or confidence intervals provided. Standard errors are small enough to suggest significance but not formally tested." 416 }, 417 { 418 "flag": "Defense evaluation shows non-significant reduction", 419 "detail": "Table 6 defense reduces score from 10.00 to 7.27 but achieves p=0.26 vs. no-attack baseline (not significant). The practical reduction is obscured by variance." 420 }, 421 { 422 "flag": "Limited to three frontier models", 423 "detail": "Generalization to other open-source models, older models, or non-API systems unknown. DeepSeek/Gemini vulnerabilities may not transfer." 424 }, 425 { 426 "flag": "No code or data release", 427 "detail": "Reproducibility hindered. 'Automated Python tool' mentioned but not provided. AI-generated reviews and attack prompts not released." 428 }, 429 { 430 "flag": "Contamination not discussed", 431 "detail": "Training cutoffs for GPT-5, DeepSeek, Gemini not stated. ICLR 2025 papers may overlap with model training data, confounding results." 432 }, 433 { 434 "flag": "Adaptive attack shows modest gains", 435 "detail": "Adaptive attack achieves only +1.05 score improvement with 24% detection rate. Framing as 'circumventing defense' is somewhat overstated relative to measured effect." 436 } 437 ], 438 "cited_papers": [ 439 { 440 "title": "Are we there yet? Revealing the risks of utilizing large language models in scholarly peer review", 441 "relevance": "Directly related—Ye et al. (2024) first revealed hidden prompt injection risk in peer review; this work builds on that finding with systematic evaluation." 442 }, 443 { 444 "title": "Hidden prompts in manuscripts exploit AI-assisted peer review", 445 "relevance": "Lin (2025) manually identified hidden prompts in 18 arXiv papers; this work systematizes the attack and defense evaluation." 446 }, 447 { 448 "title": "Publish to perish: Prompt injection attacks on LLM-assisted peer review", 449 "relevance": "Collu et al. (2025) investigated hidden adversarial injections in 26 rejected ICLR papers; provides qualitative case study context." 450 }, 451 { 452 "title": "Can large language models provide useful feedback on research papers? A large-scale empirical analysis", 453 "relevance": "Liang et al. (2024) evaluate AI capability for paper review at scale; establishes baseline for AI reviewer quality before attacks." 454 }, 455 { 456 "title": "Prompt injection attack against LLM-integrated applications", 457 "relevance": "Liu et al. (2023) provide foundational taxonomy of prompt injection attacks; supplies attack methodology generalized here to peer review." 458 }, 459 { 460 "title": "Jailbreaking black box large language models in twenty queries", 461 "relevance": "Chao et al. (2025) demonstrate query-efficient jailbreaking; relates to iterative attack optimization strategy." 462 }, 463 { 464 "title": "Can LLM feedback enhance review quality? A randomized study of 20k reviews at ICLR 2025", 465 "relevance": "Thakkar et al. (2025) evaluate LLM review quality at scale; empirical baseline for assessing IPI attack impact on real peer review." 466 } 467 ], 468 "engagement_factors": { 469 "practical_relevance": { 470 "score": 3, 471 "justification": "Directly applicable to AAAI and other conferences deploying AI-assisted peer review; exposes critical vulnerability before widespread adoption." 472 }, 473 "surprise_contrarian": { 474 "score": 2, 475 "justification": "Prompt injection attacks on LLMs are well-known; vulnerability of review systems is unsurprising given prior work (Ye et al., Lin 2025) but systematic evidence is novel." 476 }, 477 "fear_safety": { 478 "score": 2, 479 "justification": "Raises legitimate concerns about integrity of AI-assisted peer review and potential gaming of publication systems; not a direct AI safety concern but institutional risk." 480 }, 481 "drama_conflict": { 482 "score": 3, 483 "justification": "High-conflict angle: adversarial manipulation of scientific evaluation; echoes concerns about academic integrity and fairness in publishing." 484 }, 485 "demo_ability": { 486 "score": 2, 487 "justification": "Demonstrations require ICLR papers, API access, and knowledge of embedding techniques; not accessible to general audience but technically reproducible." 488 }, 489 "brand_recognition": { 490 "score": 2, 491 "justification": "Authors from CAS and Tsinghua (reputable) but not household names in AI safety/security; arXiv venue only (no published conference)." 492 } 493 }, 494 "hn_data": { 495 "threads": [ 496 { 497 "hn_id": "45643976", 498 "title": "Modeling Others' Minds as Code", 499 "points": 66, 500 "comments": 42, 501 "url": "https://news.ycombinator.com/item?id=45643976", 502 "created_at": "2025-10-20T13:54:38Z" 503 }, 504 { 505 "hn_id": "46730926", 506 "title": "RT Superconductivity at 298K in Ternary LaScH System at High-Pressure Conditions", 507 "points": 14, 508 "comments": 4, 509 "url": "https://news.ycombinator.com/item?id=46730926", 510 "created_at": "2026-01-23T10:45:37Z" 511 }, 512 { 513 "hn_id": "33603266", 514 "title": "Quantum time superposition of photons moving forwards and backwards in time", 515 "points": 4, 516 "comments": 3, 517 "url": "https://news.ycombinator.com/item?id=33603266", 518 "created_at": "2022-11-15T00:02:40Z" 519 }, 520 { 521 "hn_id": "45464721", 522 "title": "Room-Temperature Superconductivity at High-Pressure Conditions", 523 "points": 3, 524 "comments": 1, 525 "url": "https://news.ycombinator.com/item?id=45464721", 526 "created_at": "2025-10-03T16:25:45Z" 527 }, 528 { 529 "hn_id": "37111986", 530 "title": "Experimental Superposition of Time Directions (2022)", 531 "points": 1, 532 "comments": 0, 533 "url": "https://news.ycombinator.com/item?id=37111986", 534 "created_at": "2023-08-13T17:23:17Z" 535 } 536 ], 537 "top_points": 66, 538 "total_points": 88, 539 "total_comments": 50 540 } 541 }