ctipilot.ch

2026-05-21-77cdc4cd

One pipeline fire, in full · intel run of 2026-05-21 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-21/2026-05-21-77cdc4cd.md.

Run telemetry

2026-05-21-77cdc4cd intel prompt v2.59
24m 14s duration 10 published 2 updates
Claude Opus 4.7 (claude-opus-4-7) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
6
Duration
8m 26s
Tool calls
14 WebFetch10 WebSearch12 bridge
Cited sources
11 of 26 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
6
Duration
8m 37s
Tool calls
10 WebFetch12 WebSearch8 bridge
Cited sources
13 of 21 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
7
Duration
6m 40s
Tool calls
3 WebFetch3 WebSearch18 bridge
Cited sources
10 of 18 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
9m 09s
Tool calls
18 WebFetch6 WebSearch7 bridge
Cited sources
7 of 17 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.7 (1M context) · t=4 e=2 a=1 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=1 e=0 a=1 #3 NEEDS_FIXES · Claude Opus 4.7 (1M context) · t=8 e=1 a=1 #4 NEEDS_FIXES · Claude Sonnet 4.6 · t=1 e=0 a=0 #5 NEEDS_FIXES · Claude Opus 4.7 · t=1 e=0 a=1

1 entry dropped by verification this run (recorded in the verification & coverage notes).

Deep dive

2026-05-21/verizon-2026-dbir-vulnerability-exploitation-overtakes-crede

Entries published (this run)

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
databreaches-nethttps://www.databreaches.net/webfetchbridge:urlwebsearch403 transport-403
Cloudflare 403 persists across direct WebFetch + bridge:url; Wayback returned only 24-byte placeholder; now 5 consecutive run failures
none — WebSearch pivots returned only aggregator restatements; gap persists
inside-it-chhttps://www.inside-it.ch/webfetchbridge:url403 transport-403
Cloudflare Managed Challenge blocks both WebFetch and bridge:url; no S2 in-window pivot attempted in this run; 4 consecutive run failures
Bridge:url also returned 403 (Cloudflare Managed Challenge); no in-window CH-only content distinct from NCSC-CH / BSI captures
sophos-xopshttps://www.sophos.com/en-us/blog/feed?id=blt6f15f4f7deaf4242bridge:url503 transport-5xx
Sophos blog feed returned HTTP 503 across direct + bridge; alternate news.sophos.com/feed/ not yet attempted; 4 consecutive run failures
none — no in-window Sophos content recovered
trendmicro-researchhttps://www.trendmicro.com/en_us/research.htmlbridge:url500 transport-5xx
Trend Micro research portal returned HTTP 500; Wayback had only 24-byte availability response; 2 consecutive run failures
none — no Trend Micro content in this run
cyberscoop
covered via alternate · should NOT be in this list
https://cyberscoop.com/webfetch0 transport-tls
TLS certificate not-yet-valid error; fetch failed entirely
none — covered via The Record / Infosecurity Magazine corroboration on same stories
darkreading
covered via alternate · should NOT be in this list
https://www.darkreading.com/webfetch403 transport-403
Direct URL fetch returned HTTP 403; Wayback Machine had no usable snapshot
none — covered via The Record / Infosecurity Magazine / Help Net Security on same stories
us-treasury-ofac
covered via alternate · should NOT be in this list
https://ofac.treasury.gov/sanctions-programs-and-country-information/sanctions-rwebfetchwebsearch503 transport-5xx
OFAC recent-actions page returned HTTP 503; WebSearch confirmed no in-window cyber sanctions actions
WebSearch confirmed no in-window OFAC cyber sanctions to miss
cert-eu
covered via alternate · should NOT be in this list
https://cert.europa.eu/publications/security-advisorieswebfetchbridge:url200 spa-empty-body
CERT-EU advisories page returned 200 but body empty (SPA renders client-side); 2 consecutive run failures
Bridge:url returned the same SPA-empty body; agency advisory landscape covered via NCSC-NL, BSI, NCSC-CH instead
cert-fr-actu
covered via alternate · should NOT be in this list
https://www.cert.ssi.gouv.fr/actualite/webfetch200 stale-feed
Most recent CERT-FR actualite bulletin in feed is from October 2025 (feed not refreshed in window); CERT-FR avis feed remains current and is covered indirectly
Use CERT-FR avis feed instead; actualite feed treated as quiet

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 7 findings (truth=4, editorial=2, advisory=1) · Claude Opus 4.7 · 11m 59s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F1
hallucinated-fact
researchANNUAL REPORT — CrowdStrike 2026 Financial Services Threat Landscape Report
CrowdStrike published its 2026 Financial Services Threat Landscape Report on 2026-05-20
Both cited URLs carry publication date 2026-05-14, not 2026-05-20. 6 days outside 36 h window.Dropped item; added § 7 line consistent with SAP/Fortinet treatment. dropped-item
F2
hallucinated-fact
active-threatsWebworm (China-aligned) shifts to EU government targets
GraphWorm is more capable: a Go implant
ESET specifies EchoCreep as Go-written but does not specify GraphWorm language.Removed Go qualifier from GraphWorm; rephrased as implementation language not stated in source. fixed-clean
F3
hallucinated-fact
trending-vulnerabilitiesCVE-2026-45829 — ChromaDB Python FastAPI server
Approximately 73 % of internet-accessible ChromaDB deployments use the Python server per Hadrian s scan.
Hadrian has no percentage. 73% is from BleepingComputer Shodan queries describing vulnerable-version share, not Python-server share.Reframed and reattributed to BleepingComputer Shodan; population now correctly stated as running a vulnerable version. fixed-clean
F4
hallucinated-fact
tldrTL;DR bullet 1 (Drupal) and § 6 Action Item 1 (Drupal)
the Security Team explicitly warned exploits typically emerge within hours of advisory release
Drupal verbatim is conditional might be developed within hours or days; TL;DR + § 6 inflated to typically emerge.Reverted TL;DR + § 6 to conditional might be developed within hours or days wording matching the § 4 UPDATE blockquote. fixed-clean
F6
drop
researchANNUAL REPORT — CrowdStrike 2026 Financial Services Threat Landscape ReportOut-of-window per F1. Drop and add § 7 deferral line.Dropped item; state updated to remove annual-report:crowdstrike entry from covered_items.json. dropped-item
F7
needs-more-research
updatesUPDATE: Drupal SA-CORE-2026-004 / CVE-2026-9082
Drupal Steward WAF service provides immediate protection at advisory release for subscribers
Marketing-grade claim without inline source.Softened to subscribers receive vendor-provided rules at advisory release per the service description with inline link to Drupal Steward. fixed-clean
F10
editorial-advisory
updatesUPDATE: TeamPCP / Mini Shai-Hulud campaign
Single multi-paragraph blockquote consolidates GitHub + durabletask + Grafana
Advisory only. Consider splitting blockquote with bold sub-leads.Added bold sub-leads (**GitHub:** / **durabletask:** / **Grafana:**) at top of each blockquote paragraph for skim-readability. fixed-clean

Iteration #2 NEEDS_FIXES · 2 findings (truth=1, editorial=0, advisory=1) · Claude Sonnet 4.6 · 7m 00s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F1
broken-url
updatesUPDATE: Drupal SA-CORE-2026-004 — inline Drupal Steward WAF linkHTTP 404 — page does not exist; correct URL https://www.drupal.org/steward. Self-introduced by iter-1 F7 remediation.Replaced /drupal-steward with /steward in § 4 Drupal UPDATE blockquote inline link. fixed-clean
F14
quantifier-without-source
deep-dive§ 5 Verizon DBIR — dataset quantifiers (22,052 incidents / 12,195 confirmed brea
22,052 / 12,195 / Nov 2024 - Oct 2025 / 13%
Specific quantifiers not surfaced in either accessible cited source on re-fetch; sub-agent traced to press release but iter-2 re-fetch did not confirm. Plausible per DBIR-style publication; PDF too laHedged: attributed methodology paragraph to the full DBIR PDF; attributed 13% credentials figure to Help Net Security explicitly; preserved the press-release-su fixed-degraded

Iteration #3 NEEDS_FIXES · 10 findings (truth=8, editorial=1, advisory=1) · Claude Opus 4.7 · 9m 51s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F1
claim-not-supported
deep-diveVerizon DBIR § 5 quote
AI is compressing exploitation windows from months to hours
Brief quoted phrase Verizon does not use; correct verbatim is shrinking the window for defense from months to mere hours.Replaced with Verizon verbatim language and added explicit GlobeNewswire citation on the quote. fixed-clean
F2
claim-not-supported
active-threatsSonicWall pivots to DC within hours
intrusion responders observed pivots to domain controllers within hours of initial access
BleepingComputer says 30-60 minute recon/credential-reuse sessions; no DC-pivot claim in source.Replaced with source-accurate 30-60-minute sessions description in both body and detection-concept text. fixed-clean
F3
hallucinated-fact
updatesTeamPCP Grafana 3800-repo conflation
the residual unrotated token gave TeamPCP access to clone ~3,800 private source-code repos
3,800 figure belongs to GitHub VS Code breach not Grafana; Grafana own blog gives no count.Removed 3,800 from Grafana sub-paragraph; reframed to private source-code repositories (exact count not disclosed in Grafana post-mortem). fixed-clean
F4
hallucinated-fact
updatesTeamPCP durabletask FIRESCALE
A backup C2-discovery mechanism named FIRESCALE scans GitHub public commit messages
FIRESCALE mechanism attributed to Wiz but not in Wiz article; likely from StepSecurity / Endor Labs / Safedep or fabricated.Removed the FIRESCALE sentence entirely from the durabletask sub-paragraph. fixed-clean
F5
hallucinated-fact
updatesTeamPCP durabletask 417k downloads
official Microsoft durabletask PyPI package (~417k monthly downloads)
417k figure attributed to Wiz but not in Wiz article.Dropped (~417k monthly downloads) parenthetical from both TL;DR and § 4 UPDATE. fixed-clean
F6
hallucinated-fact
updatesTeamPCP durabletask SSM specifics
AWS Systems Manager SendCommand (AWS-RunShellScript) up to five instances per profile
Wiz says 5 targets/host; AWS-RunShellScript document-name and per-profile phrasing not in Wiz.Reframed to AWS Systems Manager SendCommand against up to 5 targets per host; dropped AWS-RunShellScript document-name specifier. fixed-clean
F7
hallucinated-fact
updatesTeamPCP durabletask infostealer target list
AWS credentials, 1Password and Bitwarden vaults, SSH keys, Docker credentials, VPN configs and shell history
Wiz lists AWS / Azure / GCP / Kubernetes / Vault / 1Password / Bitwarden / filesystem credentials / shell history. Brief dropped multi-cloud targets and added SSH/Docker/VPN absent from source.Aligned to Wiz verbatim list: AWS Azure GCP Kubernetes Vault 1Password Bitwarden filesystem credentials shell history. fixed-clean
F8
surface-contradiction
updatesGrafana TanStack detection date
Grafana detected the TanStack compromise on 2026-05-01
Grafana own blog says May 11; BleepingComputer says May 1. Brief picked BleepingComputer date against Grafana primary.Adopted Grafana 2026-05-11 detection date; surfaced May-11-vs-May-1 contradiction explicitly in § 7 as the difference between consumption time and detection tim fixed-clean
F9
quantifier-without-source
deep-diveDBIR 22052/12195 figures
approximately 22,052 security incidents and 12,195 confirmed breaches
Iter-2 hedge insufficient; figures still presented as if confirmed but absent from accessible cited sources.Replaced precise figures with qualitative scale tens of thousands of incidents / over ten thousand confirmed breaches and explicit not separately confirmed in t fixed-degraded
F10
editorial-advisory
updatesTeamPCP GitHub VS Code extension identity scope
audit VS Code extension marketplace policies
Advisory — adding extension identity not disclosed helps reader scope the hunt.Added GitHub has not publicly named the malicious VS Code extension or its publisher at this writing to GitHub sub-paragraph. fixed-clean

Iteration #4 NEEDS_FIXES · 1 finding (truth=1, editorial=0, advisory=0) · Claude Sonnet 4.6 · 4m 37s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
tldrVerizon DBIR TL;DR bullet — 31 % vs 13 % attribution
31 % vs 13 %
GlobeNewswire confirms 31% for exploitation but does not state 13% for credentials. The 13% is from Help Net Security (correctly cited in § 5 body but not in TL;DR).Extended TL;DR bullet 5 citation chain to include the Help Net Security link covering the 13% figure. fixed-clean

Iteration #5 NEEDS_FIXES cap-breach · 2 findings (truth=1, editorial=0, advisory=1) · Claude Opus 4.7 · 3m 57s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F1
hallucinated-fact
deep-diveVerizon DBIR § 5 Headline shift
31 % of breaches, up from approximately 20 % the previous year — Verizon press-release language
GlobeNewswire press release confirms 31% but does not state ~20% prior-year baseline. Help Net Security analysis also does not carry it. Unsupported attribution under em-dash citation.Deleted the , up from approximately 20 % the previous year phrase from § 5 Headline shift paragraph (one-line edit). fixed-clean
F2
editorial-advisory
updatesTeamPCP UPDATE Grafana sub-paragraph closing line
limited to internal repositories
Grafana own language covers public + private source code + internal repos. Brief framing risked misreading as private-only.Tightened wording to: limited to Grafana Labs GitHub repositories (public source code, private source code and internal repos); customer production data was not fixed-clean

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-05-21-77cdc4cd · Claude Opus 4.7 · 10 entries published

  • Out-of-window drops (primary source older than 36h window): Exim CVE-2026-45185 "Dead.Letter" — XBOW disclosure 2026-05-12, NCSC-NL advisory 2026-05-15; S2 surfaced an exploitation-confirmation quote from NCSC-NL but its publication date is ambiguous, so the item is held to the next run with the underlying advisory carried forward; Fortinet CVE-2026-44277 (FortiAuthenticator) / CVE-2026-26083 (FortiSandbox) — Fortinet PSIRT FG-IR-26-128 dated 2026-05-12, NCSC-CH advisory 2026-05-13, both outside the 36 h window; SAP May 2026 Security Patch Day (CVE-2026-34260, CVE-2026-34263) — SAP Security Notes dated 2026-05-12, outside window; CrowdStrike 2026 Financial Services Threat Landscape Report — both cited URLs carry publication date 2026-05-14 (not 2026-05-20 as the sub-agent return initially asserted), which puts the report 6 days outside the 36 h window. Item dropped from § 3 by iteration-1 verification (consistent with the SAP / Fortinet treatment in this same list); finance-sector audience may pick up the synthesis directly from the CrowdStrike press release or CrowdStrike blog.
  • Already-covered drops: Microsoft Fox Tempest malware-signing-as-a-service disruption — covered in 2026-05-20 active-threats; S3 re-surfaced the Microsoft Threat Intelligence and Microsoft On the Issues posts with no material new development beyond yesterday's coverage. Huawei VRP zero-day → Luxembourg POST 2025 nationwide outage — covered in 2026-05-20 active-threats with the same The Record + Security Affairs sources S4 re-surfaced; no new technical specificity or CVE assignment in this run.
  • Long-running-campaign rule application: Microsoft Exchange CVE-2026-42897 — re-surfaced by S2 with the same Microsoft MSRC + Microsoft Exchange Team + NCSC-CH + Help Net Security sources cited in the 2026-05-16 deep dive and the 2026-05-18 UPDATE. No new exploitation attribution, no new patch, no new victim class — per the long-running-campaign rule (≤1 consolidated UPDATE per week unless something critical changes) the item is not re-issued. Per PD-13 the imminent CISA KEV remediation deadline (2026-05-29, US-FCEB-only) is not a valid driver for a § 4 UPDATE.
  • Reduced-confidence / framing: B1ack's Stash 4.6M card dump included as a dark-web claim with explicit "not confirmed by issuing institutions" framing; SOCRadar and Security Affairs both analyse the actual dump, but per-issuer attribution is unverified. Huawei VRP / Luxembourg (not in this brief, but referenced in the dropped-list) — confidence remains MEDIUM in the sub-agent finding due to absence of any Huawei PSIRT advisory after ~10 months, no CVE assigned and no technical advisory specificity.
  • Contradiction: Grafana TanStack timeline — Grafana's own post-mortem (Grafana Labs, 2026-05-19) cites detection of the TanStack compromise on 2026-05-11; BleepingComputer's reporting (BleepingComputer, 2026-05-20) cites 2026-05-01 for the malicious-package consumption event. The brief reports Grafana's date on the basis that Grafana is the primary disclosing party for its own incident; the 10-day discrepancy may reflect the difference between the malicious-package's pull-time on the CI/CD runner and the detection event on Grafana's security team's timeline.
  • Single-source items: none in this brief — every published item carries ≥2 independent reputable sources or qualifies under the PD-5 national-CERT carve-out with the CERT acting as primary disclosing party.
  • CVEs that did not clear § 2 inclusion gates (PD-2 § 2 gates: CISA KEV, ENISA EUVD exploited=true or CVSS≥9.0, vendor/researcher report of ITW exploitation, or pre-auth RCE on widely-deployed internet-exposed software with public PoC): none dropped from in-window candidates in this run; out-of-window CVEs listed above were not evaluated against gates.
  • Sub-agent self-identification: all four cti-research sub-agents (S1, S2, S3, S4) returned with **Model:** and **Timestamps:** lines; the AI-content notice and Generated by: line collapse to the single distinct model Claude Sonnet 4.6 since all four research roles reported that model.
  • Verification disposition (Phase 5.7): five iterations ran with model rotation per v2.47 (iter-1 Opus, iter-2 Sonnet alt, iter-3 Opus cold, iter-4 Sonnet alt, iter-5 Opus cold); cumulative findings across iterations remediated in-line. Iter-5 returned NEEDS_FIXES with truth=1 (the unsupported "approximately 20 % the previous year" prior-year DBIR baseline in § 5 Headline shift paragraph) and one advisory (Grafana scope wording precision drift) — both remediated post-verdict before commit. The brief publishes at the v2.46 5-cap safety valve with verification_residual_count=1 recording the final-iteration verdict as the cap-breach signal for the Ops dashboard. The notable verification finding-cluster of this run was iter-3's surfacing of multiple sub-agent attribution-discipline regressions in the § 4 TeamPCP UPDATE (five FIRESCALE / 417k / SSM specifics misattributed to Wiz), all remediated by aligning the body to Wiz's actual published technical detail.
  • Coverage gaps: databreaches-net (Cloudflare 403, Wayback empty — now 5 consecutive run failures); inside-it-ch (403 persistent — 4-run failure); sophos-xops (HTTP 503 persistent — 4-run failure); trendmicro-research (HTTP 500 persistent, no Wayback snapshot); cyberscoop (TLS certificate not-yet-valid error); darkreading (HTTP 403, no Wayback); cert-fr-actu (feed stale since October 2025); us-treasury-ofac (503); cert-eu (200 empty-body — 2-run failure); edpb, cnil-fr, ico-uk, agid-csirt-it — quiet in window (no in-window enforcement items); ncsc-ch-security-hub bridge subcommand and chrome-releases and jpcert not fetched in this run.

Unmatched action items (migrated)

  • Patch Drupal core on PostgreSQL backends immediately — upgrade to 10.4.10 / 10.5.10 / 10.6.9 / 11.1.10 / 11.2.12 / 11.3.10. The Drupal Security Team warned that exploits "might be developed within hours or days" of the SA-CORE-2026-004 advisory (see § 4 UPDATE). If patch deployment is gated by change-control, temporarily front the site with Drupal Steward or an equivalent WAF rule covering SQL-injection vectors at the DB-API layer.
  • Complete the six-step SonicWall LDAP reconfiguration on every Gen6 SSL-VPN appliance per SonicWall KB kA1VN0000000RBd0AM — firmware-update status alone is insufficient and Akira-linked actors are actively exploiting the UPN/SAM split (see § 1). Given Gen6 EoL on 2026-04-16, schedule migration to Gen7/Gen8.
  • Hunt for Webworm Discord and Microsoft Graph API C2 — alert on outbound HTTPS to discord.com/api/* or graph.microsoft.com from process trees whose parent is not the expected first-party application; correlate Graph API non-interactive sign-ins for app registrations without enterprise approval, and flag cmd.exe spawned by long-running services with no interactive user context (see § 1). Apply Conditional Access on Microsoft Graph restricting non-managed device sign-ins on workstations that have no Graph integration need.
  • Audit VS Code extension installation policies on every developer endpoint — enforce a managed allowlist via Group Policy / MDM, set extensions.autoUpdate: false, and rotate every secret accessible to extensions whenever a supply-chain compromise is confirmed (see § 4 UPDATE TeamPCP / GitHub breach). Hunt Sysmon EID 1 for code --install-extension invocations on dev endpoints; search CI/CD pipeline logs for durabletask package imports in versions 1.4.1–1.4.3 and treat any host that imported a malicious version as fully compromised.

Migrated from briefs/2026-05-21.md (v2).

← Operations dashboard · day page 2026-05-21 · run-record contract: docs/pipeline.md