Tootfinder

NDC Oslo 2025 Workshop: Designing APIs
https://improveandrepeat.com/2025/05/ndc-oslo-2025-workshop-designing-apis/

NDC Oslo 2025 Workshop: Designing APIs - Improve & Repeat
None

Some modernization planning for Duende IdentityServer. If you are in the #dotnet space, please leave your thoughts. https://github.com/orgs/DuendeSoftware/discussions/285

RFC: Modernizing CancellationToken Usage in Async APIs · DuendeSoftware · Discussion #285
Hey everyone, We're considering a significant change to how IdentityServer handles asynchronous operations, and we need your feedback before moving forward. TL;DR: We want to add CancellationToken ...

Fluent APIs Are More Than Just Chaining
https://poutsma-principles.com/blog/2025/05/20/method-chaining/

Doc2Agent: Scalable Generation of Tool-Using Agents from API Documentation
Xinyi Ni, Haonan Jian, Qiuyang Wang, Vedanshi Chetan Shah, Pengyu Hong
https://arxiv.org/abs/2506.19998 …

Doc2Agent: Scalable Generation of Tool-Using Agents from API Documentation
REST APIs play important roles in enriching the action space of web agents, yet most API-based agents rely on curated and uniform toolsets that do not reflect the complexity of real-world APIs. Building tool-using agents for arbitrary domains remains a major challenge, as it requires reading unstructured API documentation, testing APIs and inferring correct parameters. We propose Doc2Agent, a scalable pipeline to build agents that can call Python-based tools generated from API documentation. Do…

Has anybody here ever successfully used the #cerl apis to download larger datasets? In theory, the service looks great (https://data.cerl.org/all ); they even offer sparql endpoints. However, I can't use t…

i've modified wasi-libc and wasi-sdk (PRs pending) so that you always have the concurrency APIs (pthread_*, thrd_*, <thread>, <mutex>, <atomic>) available to you, even in single-threaded targets. this makes porting applications (especially C ones) much, _much_ easier!
https://github.com/WebAssemb…

Refactor stub pthread library and enable unconditionally by whitequark · Pull Request #602 · WebAssembly/wasi-libc
This PR changes the layout of the stub pthread library to match that of libc-top-half: splits it into (mostly) one file per function, and ensures the same API is exposed from both libraries, adding...

Hands-on with Apple's new Speech framework components in the macOS Tahoe beta: the APIs deliver transcription speeds significantly faster than OpenAI's Whisper (John Voorhees/MacStories)
https://www.macstories.net/stories/hands-o…

Hands-On: How Apple’s New Speech APIs Outpace Whisper for Lightning-Fast Transcription
Late last Tuesday night, after watching F1: The Movie at the Steve Jobs Theater, I was driving back from dropping Federico off at his hotel when I got a text: Can you pick me up? It was from my son Finn, who had spent the evening nearby and was stalking me in Find My. Of

Building a robust OAuth token based API Security: A High level Overview
Senthilkumar Gopal
https://arxiv.org/abs/2507.16870 https://arxiv.org/pdf/2507.1687…

Building a robust OAuth token based API Security: A High level Overview
APIs (Application Programming Interfaces) or Web Services are the foundational building blocks that enable interconnected systems. However this proliferation of APIs has also introduced security challenges that require systematic and scalable solutions for secure authentication and authorization. This paper presents the fundamentals necessary for building a such a token-based API security system. It discusses the components necessary, the integration of OAuth 2.0, extensibility of the token arc…

Speech-to-Text: Apples neue APIs übertreffen Whisper bei der Geschwindigkeit
Apple verbessert mit iOS 26 und macOS Tahoe seine Speech-to-Text-APIs erheblich. Tests zeigen: Die höhere Geschwindigkeit geht auf Kosten der Genauigkeit.

Making REST APIs Agent-Ready: From OpenAPI to Model Context Protocol Servers for Tool-Augmented LLMs
Meriem Mastouri, Emna Ksontini, Wael Kessentini
https://arxiv.org/abs/2507.16044

Making REST APIs Agent-Ready: From OpenAPI to Model Context Protocol Servers for Tool-Augmented LLMs
Large Language Models (LLMs) are evolving from passive text generators into active agents that invoke external tools. To support this shift, scalable protocols for tool integration are essential. The Model Context Protocol (MCP), introduced by Anthropic in 2024, offers a schema-driven standard for dynamic tool discovery and invocation. Yet, building MCP servers remains manual and repetitive, requiring developers to write glue code, handle authentication, and configure schemas by hand-replicatin…

from my link log —
Designing APIs for humans: Stripe object IDs.
https://dev.to/stripe/designing-apis-for-humans-object-ids-3o5a
saved 2025-05-22

Designing APIs for humans: Object IDs
Choosing your ID type Regardless of what type of business you run, you very likely require...

Beyond Code: #APIs as the Next #OSS Battleground
https://redmonk.com/sogrady/2025/06/09/o…

One more entry in my epic date parsing adventure. I’ve shipped a breaking change to this library to ensure that all valid date strings supported in Eleventy v4 will be RFC 9557-compatible, ensuring friendliness with the standardized Temporal APIs coming to a JavaScript runtime near you. Our full test suite runs against both!
Read (a little) more:

@… @… I am so glad I’ve never had to deal with this.
I have written a Jira plugin, though, and just going near their Java APIs was enough.
(I eventually threw it away and wrote a JavaScript bookmarklet that just reformatted the …

Beyond Syntax: Action Semantics Learning for App Agents
Bohan Tang, Dezhao Luo, Jingxuan Chen, Shaogang Gong, Jianye Hao, Jun Wang, Kun Shao
https://arxiv.org/abs/2506.17697

Beyond Syntax: Action Semantics Learning for App Agents
The advent of Large Language Models (LLMs) enables the rise of App agents that interpret user intent and operate smartphone Apps through actions such as clicking and scrolling. While prompt-based solutions with closed LLM APIs show promising ability, they incur heavy compute costs and external API dependency. Fine-tuning smaller open-source LLMs solves these limitations. However, current fine-tuning methods use a syntax learning paradigm that forces agents to reproduce exactly the ground truth …

ReCode: Updating Code API Knowledge with Reinforcement Learning
Haoze Wu, Yunzhi Yao, Wenhao Yu, Huajun Chen, Ningyu Zhang
https://arxiv.org/abs/2506.20495

ReCode: Updating Code API Knowledge with Reinforcement Learning
Large Language Models (LLMs) exhibit remarkable code generation capabilities but falter when adapting to frequent updates in external library APIs. This critical limitation, stemming from reliance on outdated API knowledge from their training data, even with access to current documentation, impedes reliable code generation in dynamic environments. To tackle this issue, we propose ReCode (rule-based Reinforcement learning for Code Update), a novel framework that mimics human programmer adaptatio…

Developers Insight On Manifest v3 Privacy and Security Webextensions
Libor Pol\v{c}\'ak, Giorgio Maone, Michael McMahon, Martin Bedn\'a\v{r}
https://arxiv.org/abs/2507.13926

Developers Insight On Manifest v3 Privacy and Security Webextensions
Webextensions can improve web browser privacy, security, and user experience. The APIs offered by the browser to webextensions affect possible functionality. Currently, Chrome transitions to a modified set of APIs called Manifest v3. This paper studies the challenges and opportunities of Manifest v3 with an in-depth structured qualitative research. Even though some projects observed positive effects, a majority expresses concerns over limited benefits to users, removal of crucial APIs, or the n…

Fast Capture of Cell-Level Provenance in Numpy
Jinjin Zhao, Sanjay Krishnan
https://arxiv.org/abs/2506.18255 https://arxiv.org/pdf/25…

Fast Capture of Cell-Level Provenance in Numpy
Effective provenance tracking enhances reproducibility, governance, and data quality in array workflows. However, significant challenges arise in capturing this provenance, including: (1) rapidly evolving APIs, (2) diverse operation types, and (3) large-scale datasets. To address these challenges, this paper presents a prototype annotation system designed for arrays, which captures cell-level provenance specifically within the numpy library. With this prototype, we explore straightforward memor…

This feels like it supports my “government should mandate open and standardised APIs, not develop mono-apps” instinct, especially considering “agentic” AI use.
https://www.theguardian.com/money/2025/may/21/uk-wide-parki…

Most #RESTful #APIs aren't really RESTful
https://florian-krae…

is it too much to ask that a software dependency be:
1. fast
2. permissive open-source licensed
3. lightweight in bundle cost
4. lightweight in installation size
5. well-maintained
6. accurate
7. able to run in all of the marginally different JavaScript runtimes
8. human sourced to avoid ethical and future copyright issues with AI
9. use modern APIs and without vestigial polyfill bloat
10. use best progressive enhancement and accessibility p…

To add a single example here (feel free to chime in with your own):
Problem: editing code is sometimes tedious because external APIs require boilerplate.
Solutions:
- Use LLM-generated code. Downsides: energy use, code theft, potential for legal liability, makes mistakes, etc. Upsides: popular among some peers, seems easy to use.
- Pick a better library (not always possible).
- Build internal functions to centralize boilerplate code, then use those (benefits: you get a better understanding of the external API, and a more-unit-testable internal code surface; probably less amortized effort).
- Develop a non-LLM system that actually reasons about code at something like the formal semantics level and suggests boilerplate fill-ins based on rules, while foregrounding which rules it's applying so you can see the logic behind the suggestions (needs research).
Obviously LLM use in coding goes beyond this single issue, but there are similar analyses for each potential use of LLMs in coding. I'm all cases there are:
1. Existing practical solutions that require more effort (or in many cases just seem to but are less-effort when amortized).
2. Near-term researchable solutions that directly address the problem and which would be much more desirable in the long term.
Thus in addition to disastrous LLM effects on the climate, on data laborers, and on the digital commons, they tend to suck us into cheap-seeming but ultimately costly design practices while also crowding out better long-term solutions. Next time someone suggests how useful LLMs are for some task, try asking yourself (or them) what an ideal solution for that task would look like, and whether LLM use moves us closer to or father from a world in which that solution exists.

Aptamer-protein interaction prediction model based on transformer
Zhichao Yan, Yue Kang, Buyong Ma
https://arxiv.org/abs/2506.16084 https://

Aptamer-protein interaction prediction model based on transformer
Aptamers are single-stranded DNA/RNAs or short peptides with unique tertiary structures that selectively bind to specific targets. They have great potential in the detection and medical fields. Here, we present SelfTrans-Ensemble, a deep learning model that integrates sequence information models and structural information models to extract multi-scale features for predicting aptamer-protein interactions (APIs). The model employs two pre-trained models, ProtBert and RNA-FM, to encode protein and…

Agentic AI as the enemy's agent.
It is a bad idea to allow an LLM access to internal data and external communication (web pages, APIs, email, …) at the same time.
#AgenticAI #DataLeak #LLM

NetIntent: Leveraging Large Language Models for End-to-End Intent-Based SDN Automation
Md. Kamrul Hossain, Walid Aljoby
https://arxiv.org/abs/2507.14398 ht…

NetIntent: Leveraging Large Language Models for End-to-End Intent-Based SDN Automation
Intent-Based Networking (IBN) often leverages the programmability of Software-Defined Networking (SDN) to simplify network management. However, significant challenges remain in automating the entire pipeline, from user-specified high-level intents to device-specific low-level configurations. Existing solutions often rely on rigid, rule-based translators and fixed APIs, limiting extensibility and adaptability. By contrast, recent advances in large language models (LLMs) offer a promising pathway…

ChatGPT Agent uses a virtual browser to do tasks such as filling online forms and calling public APIs, and generates downloadable PowerPoint and Excel files (Reece Rogers/Wired)
https://www.wired.com/story/openai-chatgpt-agent-launch/

OpenAI’s New ChatGPT Agent Tries to Do It All
It’s a PowerPoint generator! It’s a date-night planner! It’s … another agent from OpenAI.

Invocable APIs derived from NL2SQL datasets for LLM Tool-Calling Evaluation
Benjamin Elder, Anupama Murthi, Jungkoo Kang, Ankita Rajaram Naik, Kiran Kate, Kinjal Basu, Danish Contractor
https://arxiv.org/abs/2506.11266

Invocable APIs derived from NL2SQL datasets for LLM Tool-Calling Evaluation
Large language models (LLMs) are routinely deployed as agentic systems, with access to tools that interact with live environments to accomplish tasks. In enterprise deployments these systems need to interact with API collections that can be extremely large and complex, often backed by databases. In order to create datasets with such characteristics, we explore how existing NL2SQL (Natural Language to SQL query) datasets can be used to automatically create NL2API datasets. Specifically, this wor…

Initially published in April 2010, Steve Jobs' "Thoughts on Flash" is a good reminder that when an ecosystem claims to be "open", you have to be cautious.
Apple's ecosystem is mostly closed, but they are honest about that fact.
While many systems fighting to gain market share claim to be "open", while being little more than APIs subject to use restrictions, which can be closed further at any time.

RAG has revolutionised AI by merging search and generation. Agentic behaviour takes this search to the next level by enabling LLMs to make decisions and call tools. At this year's Berlin Buzzwords, Bilge Yücel will discuss how agentic behaviour enhances pipelines, what it means for a system to act as an 'agent', and core concepts such as routing, tool calling and reasoning, along with a live demo.
Learn more:

Angular Blog editor Minko Gechev shares what's new on Angular 20. Highlights include newly stabilized APIs, improved debugging tools, polishing the developer experience, and features to enhance generative AI development.
Also, the Angular team has launched an RFC to pick an official mascot for Angular. Isn't that great?
"Announcing Angular v20"

Mac OS Tahoe trying to catch up to @… with Spotlight, I see. Hope they expose the APIs so Raycast can do it better, as usual. #WWDC25

@… I did look through those APIs and it looks like they parse RFC 9557 which is less forgiving https://developer.mozilla.org/en-US/…

🎯 Why Developers Are Going Crazy For It
1. True Agentic Intelligence 🤝
Unlike traditional chatbots, Kimi K2 can: • Plan and execute multi-step tasks autonomously • Use tools and APIs intelligently • Handle complex workflows without human intervention • Adapt strategies based on real-time feedback

MobileGUI-RL: Advancing Mobile GUI Agent through Reinforcement Learning in Online Environment
Yucheng Shi, Wenhao Yu, Zaitang Li, Yonglin Wang, Hongming Zhang, Ninghao Liu, Haitao Mi, Dong Yu
https://arxiv.org/abs/2507.05720

MobileGUI-RL: Advancing Mobile GUI Agent through Reinforcement Learning in Online Environment
Recently, there has been a surge of vision-based GUI agents designed to automate everyday mobile and web tasks. These agents interpret raw GUI screenshots and autonomously decide where to click, scroll, or type, which bypasses handcrafted rules and app-specific APIs. However, most existing methods trained GUI agent in the offline environment using pre-collected trajectories. This approach limits scalability, causes overfitting to specific UI templates, and leads to brittle policies when faced w…

Very, very useful:
https://abyssdomain.expert/@filippo/114496179105976467

Understanding API Usage and Testing: An Empirical Study of C Libraries
Ahmed Zaki, Cristian Cadar
https://arxiv.org/abs/2506.11598 https://

Understanding API Usage and Testing: An Empirical Study of C Libraries
For library developers, understanding how their Application Programming Interfaces (APIs) are used in the field can be invaluable. Knowing how clients are using their APIs allows for data-driven decisions on prioritising bug reports, feature requests, and testing activities. For example, the priority of a bug report concerning an API can be partly determined by how widely that API is used. In this paper, we present an empirical study in which we analyse API usage across 21 popular open-source…

React-tRace: A Semantics for Understanding React Hooks
Jay Lee, Joongwon Ahn, Kwangkeun Yi
https://arxiv.org/abs/2507.05234 https://a…

React-tRace: A Semantics for Understanding React Hooks
React has become the most widely used web front-end framework, enabling the creation of user interfaces in a declarative and compositional manner. Hooks are a set of APIs that manage side effects in functional components in React. However, their semantics are often seen as opaque to developers, leading to UI bugs. In this paper, we formalize the semantics of the essence of React Hooks we name React-tRace, providing a framework that clarifies their behavior. We demonstrate that our model capture…

A simple GUI-based screencast demo of the @… AI Layer (OPAL), showing what’s now possible via MCP A2A—namely, composing and orchestrating agentic workflows through loosely coupled software.
How?
An Agent Host routes tasks to Agents via A2A. Agents then invoke MCP-accessible tools (functions, procedures, APIs) described using JSON/YAML and exposed …

In the span of 5 minutes I went from, “I’ll write a #dotnet source generator” to “oh right, noooooooo thanks”.
I really hope there's a much simpler system in the future that's closer to the reflection APIs or something less AST and less string-focused.

OatFi, whose APIs handle underwriting, origination, and capital deployment for B2B payment providers, raised a $24M Series A led by White Star Capital (Ryan Lawler/Axios)
https://www.axios.com/pro/fintech-deals/2025/06/03/oatfi-24-milliom-b2b-credit

Exclusive: OatFi nabs $24M for embedded B2B credit
Slow payment terms choke company cash flows across the $35 trillion B2B economy.

This https://arxiv.org/abs/2505.19253 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csIR_…

DeepResearchGym: A Free, Transparent, and Reproducible Evaluation Sandbox for Deep Research
Deep research systems represent an emerging class of agentic information retrieval methods that generate comprehensive and well-supported reports to complex queries. However, most existing frameworks rely on dynamic commercial search APIs, which pose reproducibility and transparency challenges in addition to their cost. To address these limitations, we introduce DeepResearchGym, an open-source sandbox that combines a reproducible search API with a rigorous evaluation protocol for benchmarking d…

Jailbreak-Tuning: Models Efficiently Learn Jailbreak Susceptibility
Brendan Murphy, Dillon Bowen, Shahrad Mohammadzadeh, Julius Broomfield, Adam Gleave, Kellin Pelrine
https://arxiv.org/abs/2507.11630

Jailbreak-Tuning: Models Efficiently Learn Jailbreak Susceptibility
AI systems are rapidly advancing in capability, and frontier model developers broadly acknowledge the need for safeguards against serious misuse. However, this paper demonstrates that fine-tuning, whether via open weights or closed fine-tuning APIs, can produce helpful-only models. In contrast to prior work which is blocked by modern moderation systems or achieved only partial removal of safeguards or degraded output quality, our jailbreak-tuning method teaches models to generate detailed, high…

There is now a first RC for the #Espressif #Embedded #Rust #HAL:

Release v1.0.0-rc.0 · esp-rs/esp-hal
To view all the documentation for all crates, along with their chip specific APIs, visit https://docs.espressif.com/projects/rust/. Please note that only changes to the esp-hal package are tracked ...

from my link log —
Sneak peek: A new ASN.1 API for Python.
https://blog.trailofbits.com/2025/04/18/sneak-peek-a-new-asn.1-api-for-python/
saved 2025-04-18

Sneak peek: A new ASN.1 API for Python
We’re working on integrating an ASN.1 API into PyCA Cryptography, built on top of the same Rust ASN.1 implementation already used by Cryptography’s X.509 APIs.

Uncovering Intention through LLM-Driven Code Snippet Description Generation
Yusuf Sulistyo Nugroho, Farah Danisha Salam, Brittany Reid, Raula Gaikovina Kula, Kazumasa Shimari, Kenichi Matsumoto
https://arxiv.org/abs/2506.15453

Uncovering Intention through LLM-Driven Code Snippet Description Generation
Documenting code snippets is essential to pinpoint key areas where both developers and users should pay attention. Examples include usage examples and other Application Programming Interfaces (APIs), which are especially important for third-party libraries. With the rise of Large Language Models (LLMs), the key goal is to investigate the kinds of description developers commonly use and evaluate how well an LLM, in this case Llama, can support description generation. We use NPM Code Snippets, co…

Great article. And has this gem as a closing statement: „Somewhere, a protocol is being used exactly as intended. This is deeply suspicious.“
https://darmstadt.social/@claudius/114766051184046904

OASBuilder: Generating OpenAPI Specifications from Online API Documentation with Large Language Models
Koren Lazar, Matan Vetzler, Kiran Kate, Jason Tsay, David Boaz Himanshu Gupta, Avraham Shinnar, Rohith D Vallam, David Amid Esther Goldbraich, Guy Uziel, Jim Laredo, Ateret Anaby Tavor
https://arxiv.org/abs/2507.05316

OASBuilder: Generating OpenAPI Specifications from Online API Documentation with Large Language Models
AI agents and business automation tools interacting with external web services require standardized, machine-readable information about their APIs in the form of API specifications. However, the information about APIs available online is often presented as unstructured, free-form HTML documentation, requiring external users to spend significant time manually converting it into a structured format. To address this, we introduce OASBuilder, a novel framework that transforms long and diverse API d…

What is #OpenTelemetry?
https://signoz.io/blog/what-is-opentelemetry/

Automatic Qiskit Code Refactoring Using Large Language Models
Jos\'e Manuel Su\'arez, Luis Mariano Bibb\'o, Joaquin Bogado, Alejandro Fernandez
https://arxiv.org/abs/2506.14535

Automatic Qiskit Code Refactoring Using Large Language Models
As quantum software frameworks evolve, developers face increasing challenges in maintaining compatibility with rapidly changing APIs. In this work, we present a novel methodology for refactoring Qiskit code using large language models (LLMs). We begin by extracting a taxonomy of migration scenarios from the different sources of official Qiskit documentation (such as release notes), capturing common patterns such as migration of functionality to different modules and deprecated usage. This taxon…

This https://arxiv.org/abs/2501.04901 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csDB_…

ThriftLLM: On Cost-Effective Selection of Large Language Models for Classification Queries
In recent years, large language models (LLMs) have demonstrated remarkable capabilities in comprehending and generating natural language content, attracting widespread attention in both industry and academia. An increasing number of services offer LLMs for various tasks via APIs. Different LLMs demonstrate expertise in different domains of queries (e.g., text classification queries). Meanwhile, LLMs of different scales, complexities, and performance are priced diversely. Driven by this, several…

CONFETTI: Conversational Function-Calling Evaluation Through Turn-Level Interactions
Tamer Alkhouli, Katerina Margatina, James Gung, Raphael Shu, Claudia Zaghi, Monica Sunkara, Yi Zhang
https://arxiv.org/abs/2506.01859

CONFETTI: Conversational Function-Calling Evaluation Through Turn-Level Interactions
We introduce Conversational Function-Calling Evaluation Through Turn-Level Interactions (CONFETTI), a conversational benchmark1 designed to evaluate the function-calling capabilities and response quality of large language models (LLMs). Current benchmarks lack comprehensive assessment of LLMs in complex conversational scenarios. CONFETTI addresses this gap through 109 human-simulated conversations, comprising 313 user turns and covering 86 APIs. These conversations explicitly target various con…

I Replaced #SpringBoot with #Quarkus — Here’s What Happened (And Why I’m Never Going Back)

Big Bird: Privacy Budget Management for W3C's Privacy-Preserving Attribution API
Pierre Tholoniat, Alison Caulfield, Giorgio Cavicchioli, Mark Chen, Nikos Goutzoulias, Benjamin Case, Asaf Cidon, Roxana Geambasu, Mathias L\'ecuyer, Martin Thomson
https://arxiv.org/abs/2506.05290

Big Bird: Privacy Budget Management for W3C's Privacy-Preserving Attribution API
Privacy-preserving advertising APIs like Privacy-Preserving Attribution (PPA) are designed to enhance web privacy while enabling effective ad measurement. PPA offers an alternative to cross-site tracking with encrypted reports governed by differential privacy (DP), but current designs lack a principled approach to privacy budget management, creating uncertainty around critical design decisions. We present Big Bird, a privacy budget manager for PPA that clarifies per-site budget semantics and in…

Research and Analysis of Employers' Opinion on the Necessary Skills that Students in the Field of Web Programming Should Possess
Yordan Kalmukov
https://arxiv.org/abs/2506.11084

Research and Analysis of Employers' Opinion on the Necessary Skills that Students in the Field of Web Programming Should Possess
In the era of artificial intelligence (AI) and chatbots, based on large language models that can generate programming code in any language, write texts and summarize information, it is obvious that the requirements of employers for graduating students have already changed. The modern IT world offers significant automation of programming through software frameworks and a huge set of third-party libraries and application programming interfaces (APIs). All these tools provide most of the necessary…

Rethinking Broken Object Level Authorization Attacks Under Zero Trust Principle
Anbin Wu (The College of Intelligence and Computing, Tianjin University), Zhiyong Feng (The College of Intelligence and Computing, Tianjin University), Ruitao Feng (The Southern Cross University)
https://arxiv.org/abs/2507.02309

Rethinking Broken Object Level Authorization Attacks Under Zero Trust Principle
RESTful APIs facilitate data exchange between applications, but they also expose sensitive resources to potential exploitation. Broken Object Level Authorization (BOLA) is the top vulnerability in the OWASP API Security Top 10, exemplifies a critical access control flaw where attackers manipulate API parameters to gain unauthorized access. To address this, we propose BOLAZ, a defense framework grounded in zero trust principles. BOLAZ analyzes the data flow of resource IDs, pinpointing BOLA atta…

IntenTest: Stress Testing for Intent Integrity in API-Calling LLM Agents
Shiwei Feng, Xiangzhe Xu, Xuan Chen, Kaiyuan Zhang, Syed Yusuf Ahmed, Zian Su, Mingwei Zheng, Xiangyu Zhang
https://arxiv.org/abs/2506.07524

IntenTest: Stress Testing for Intent Integrity in API-Calling LLM Agents
LLM agents are increasingly deployed to automate real-world tasks by invoking APIs through natural language instructions. While powerful, they often suffer from misinterpretation of user intent, leading to the agent's actions that diverge from the user's intended goal, especially as external toolkits evolve. Traditional software testing assumes structured inputs and thus falls short in handling the ambiguity of natural language. We introduce IntenTest, an API-centric stress testing framework th…

Differentially Private Synthetic Data Release for Topics API Outputs
Travis Dick, Alessandro Epasto, Adel Javanmard, Josh Karlin, Andres Munoz Medina, Vahab Mirrokni, Sergei Vassilvitskii, Peilin Zhong
https://arxiv.org/abs/2506.23855

Differentially Private Synthetic Data Release for Topics API Outputs
The analysis of the privacy properties of Privacy-Preserving Ads APIs is an area of research that has received strong interest from academics, industry, and regulators. Despite this interest, the empirical study of these methods is hindered by the lack of publicly available data. Reliable empirical analysis of the privacy properties of an API, in fact, requires access to a dataset consisting of realistic API outputs; however, privacy concerns prevent the general release of such data to the publ…

Control at Stake: Evaluating the Security Landscape of LLM-Driven Email Agents
Jiangrong Wu, Yuhong Nan, Jianliang Wu, Zitong Yao, Zibin Zheng
https://arxiv.org/abs/2507.02699

Control at Stake: Evaluating the Security Landscape of LLM-Driven Email Agents
The increasing capabilities of LLMs have led to the rapid proliferation of LLM agent apps, where developers enhance LLMs with access to external resources to support complex task execution. Among these, LLM email agent apps represent one of the widely used categories, as email remains a critical communication medium for users. LLM email agents are capable of managing and responding to email using LLM-driven reasoning and autonomously executing user instructions via external email APIs (e.g., se…

Structural Code Search using Natural Language Queries
Ben Limpanukorn, Yanjun Wang, Zach Patterson, Pranav Garg, Murali Krishna Ramanathan, Xiaofei Ma, Anoop Deoras, Miryung Kim
https://arxiv.org/abs/2507.02107

Structural Code Search using Natural Language Queries
Searching code is a common task that developers perform to understand APIs, learn common code patterns, and navigate code. Currently, developers most commonly search using keywords and regular expressions that are easy to use and widely available. Beyond keywords and regular expressions, structural code search tools allow developers to search for code based on its syntactic structure. This has numerous applications ranging from bug finding to systematically refactoring code. However, these stru…

Evaluating Query Efficiency and Accuracy of Transfer Learning-based Model Extraction Attack in Federated Learning
Sayyed Farid Ahamed, Sandip Roy, Soumya Banerjee, Marc Vucovich, Kevin Choi, Abdul Rahman, Alison Hu, Edward Bowen, Sachin Shetty
https://arxiv.org/abs/2505.23791

Evaluating Query Efficiency and Accuracy of Transfer Learning-based Model Extraction Attack in Federated Learning
Federated Learning (FL) is a collaborative learning framework designed to protect client data, yet it remains highly vulnerable to Intellectual Property (IP) threats. Model extraction (ME) attacks pose a significant risk to Machine Learning as a Service (MLaaS) platforms, enabling attackers to replicate confidential models by querying black-box (without internal insight) APIs. Despite FL's privacy-preserving goals, its distributed nature makes it particularly susceptible to such attacks. This p…