ctipilot.ch

2026-06-13-40b26572

One pipeline fire, in full · intel run of 2026-06-13 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-06-13/2026-06-13-40b26572.md.

Run telemetry

2026-06-13-40b26572 intel prompt v2.60
25m 05s duration 10 published 2 updates
Claude Opus 4.8 (claude-opus-4-8) main agent
S1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
7
Duration
6m 29s
Tool calls
14 WebFetch8 WebSearch12 bridge
Cited sources
6 of 14 in slice
S2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
4
Duration
5m 02s
Tool calls
4 WebFetch7 WebSearch12 bridge
Cited sources
4 of 15 in slice
S3 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
6
Duration
9m 10s
Tool calls
18 WebFetch8 WebSearch9 bridge
Cited sources
5 of 13 in slice
S4 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
6
Duration
9m 16s
Tool calls
22 WebFetch10 WebSearch9 bridge
Cited sources
3 of 12 in slice

Verification

#1 NEEDS_FIXES · Anthropic Claude Opus 4.8 · t=4 e=0 a=3 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=1 e=0 a=1 #3 NEEDS_FIXES · Anthropic Claude Opus 4.8 (1M context) · t=1 e=0 a=0 #4 CLEAN · Anthropic Claude Sonnet 4.6 · t=0 e=0 a=0

Deep dive

2026-06-13/velvet-ant-operation-highland-subverting-the-linux-authentic

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
databreaches-nethttps://databreaches.net/webfetchbridge:urlwayback403 transport-403
bridge HTTP 403; no usable Wayback snapshot (24-byte placeholder)
none
sec-disclosures-edgarhttps://efts.sec.gov/LATEST/search-index?q=%22Item+1.05%22&forms=8-Kapiwebsearch200
efts.sec.gov full-text search returned zero results across all attempted date ranges; endpoint degraded/indexing lag
Coupang 8-K story covered via The Record + BleepingComputer instead
group-ibhttps://www.group-ib.com/media-center/press-releases/sniperdz-investigation/webfetchbridge:urlwayback503 transport-5xx
bridge HTTP 503; no Wayback coverage
SniperDz story (editorial-cut anyway) corroborated via THN + Infosecurity Magazine
sophos-xopshttps://www.sophos.com/en-us/blog/feed?id=blt6f15f4f7deaf4242bridge:feedwebsearch503 transport-5xx
fetch_source: upstream HTTP 503 (recurring)
none — no in-window Sophos content found via WebSearch fallback
inside-it-chhttps://www.inside-it.ch/webfetchbridge:urlwaybackwebsearch403 transport-403
HTTP 403; Wayback 0 usable snapshots in 180d
none

Bridge invocations (this run)

3 bridge calls this run · these are successful bridge fetches (separate from "Coverage gaps" above).

3 ok
  • bridge:cisa-kev ×1
  • bridge:enisa-euvd.recent ×1
  • bridge:ncsc-csh.recent ×1

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 7 findings (truth=4, editorial=0, advisory=3) · Claude Opus 4.8 · 3m 23s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3a
claim-not-supported
trending-vulnerabilitiesCVE-2026-48558 SimpleHelp OIDC auth bypass
patched it in SimpleHelp 5.5.16 and 6.0 GA
vendor page lists fixed v6.0 RC2 not GAcorrected to 5.5.16 / 6.0 RC2 in §2 body, CVE table, §6 fixed-clean
F3b
claim-not-supported
researchLangGraph checkpointer chain
langgraph-checkpoint-redis >=1.0.1
Check Point states redis 1.0.2; brief understated by one versioncorrected to checkpoint-sqlite 3.0.1 / checkpoint 4.0.1 / checkpoint-redis 1.0.2 (re-fetched Check Point primary) fixed-clean
F4a
hallucinated-fact
trending-vulnerabilitiesCVE-2026-48558 SimpleHelp
The vendor rates it CVSS 4.0 9.5
neither cited source carries a CVSS; EUVD SPA unrenderable to confirmremoved CVSS claim from TL;DR/§2 body/footer/table; set CVSS n/a; added note that no cited source states a score fixed-degraded
F4b
hallucinated-fact
researchLangGraph chain
CVSS: 7.3 / 6.8 / 6.5
Check Point primary assigns no CVSS; THN relay unverifiableremoved all CVSS numbers from §3 prose + footer; set CVSS n/a fixed-degraded
F11a
editorial-advisory
verification-notesDuplicate empty §7 heading
## 7. Verification Notes / _(no content yet)_
trailing empty duplicate section headingdeleted trailing placeholder block fixed-clean
F11b
editorial-advisory
active-threatsCoupang PIPC fine
record ₩624.6 bn
The Record states 624.7 bncorrected to 624.7 bn fixed-clean
F10
missed-angle
trending-vulnerabilitiesCVE-2026-48558 SimpleHelp
Exploited: No (research PoC)
watch-KEV/hunt-now framing suggested (advisory)not applied — would require unsourced exploitation-history claim (PD-1); existing text already frames MSP-tooling auth bypass as recurring initial-access vector deferred

Iteration #2 NEEDS_FIXES · 2 findings (truth=1, editorial=0, advisory=1) · Claude Sonnet 4.6 · 4m 34s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
researchAgentjacking (§3)
Sentry acknowledged the disclosure on 3 June
specific date '3 June' not in the THN article; Tenet primary UA-blockedremoved the unsourced '3 June' date fixed-clean
F11
editorial-advisory
headerverify: _(pending)_ field
verify: _(pending)_
reader-visible pending placeholder in Generated-by lineset to 'Claude Opus 4.8, Claude Sonnet 4.6' fixed-clean

Iteration #3 NEEDS_FIXES · 1 finding (truth=1, editorial=0, advisory=0) · Claude Opus 4.8 · 3m 26s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
researchLangGraph chain CVE-2026-28277 fix version
langgraph-checkpoint 4.0.1 (CVE-2026-28277)
cited Check Point + THN support langgraph 1.0.10, not langgraph-checkpoint 4.0.1 (THN explicitly states it does not mention 4.0.1); the iter1 re-fetch summary introduced the wrong stringcorrected to langgraph 1.0.10 in §3 and §6 (matches cited sources + both research sub-agents) fixed-clean

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-06-13-40b26572 · Claude Opus 4.8 · 10 entries published

  • Items dropped (deduplication): CVE-2026-49261 (MariaDB Galera wsrep_notify_cmd OS command injection, CVSS 10.0) returned by S1 and S2 — already covered as the 2026-06-12 deep dive; no material in-window delta, so not re-reported.
  • Items dropped (out-of-window, PD-7): OpenSSL 9 June 2026 batch advisory (CVE-2026-45447 PKCS7_verify heap UAF plus CMS/QUIC/OCSP issues) — freshest source is the CERT-FR advisory of 2026-06-10, outside the 36 h window with no fresher in-window development. CERT-EU advisory 2026-008 on Ivanti Sentry (CVE-2026-10520/CVE-2026-10523) — the EU-institutions advisory is dated 2026-06-10 and the underlying CVEs were covered 2026-06-10; the only delta (CERT-EU echoing the vendor advisory) is itself out-of-window.
  • CVEs that did not clear a § 2 inclusion gate: CVE-2026-6552 (GitLab EE Group SAML account takeover, CVSS 8.7) — post-auth (Group Owner required), no in-the-wild exploitation and no public PoC, CVSS below the 9.0 EUVD threshold; patched in GitLab 19.0.2/18.11.5/18.10.8 and worth scheduling, but it does not meet the § 2 bar (KEV / EUVD-exploited / EUVD CVSS 9–10 / vendor-confirmed ITW / pre-auth RCE with public PoC). The LangGraph chain (CVE-2025-67644 / CVE-2026-28277 / CVE-2026-27022) is carried in § 3 as research rather than § 2 — no ITW, CVSS below threshold.
  • Editorial relevance cut: INTERPOL "Operation Ramz" / SniperDz PhaaS takedown (201 arrests across 13 MENA countries) — genuine and corroborated (THN + Infosecurity Magazine), but a MENA-centred law-enforcement takedown with only marginal CH/EU nexus (French/German templates) and no 1–7-day defender action; not promoted.
  • Reduced-confidence / UA-blocked primaries: the Sygnia "Operation Highland" post (sygnia.co, § 5) and the Tenet Security "Agentjacking" post (tenetsecurity.ai, § 3) both return automated-UA blocks (Imunify360 / Cloudflare). Each item leads with a verified-live The Hacker News relay as primary and lists the vendor originator as an additional source; the vendor pages are likely reachable from a human browser. Technical claims for both rest on the THN relay plus the named vendor report.
  • Single-source / national-CERT-primary items: none — every published item carries ≥2 independent sources.
  • Reduced confidence (aggregator-only sourcing): the Coupang PIPC item (§ 1) rests on The Record and BleepingComputer; the primary regulator announcement (PIPC) is Korean-language and was not directly fetched this run. The facts (fine amount, root cause, evidence-obstruction finding) are consistent across both outlets, but the item carries one degree of separation from the regulator's own filing.
  • Contradictions: none material. Minor figure variation across outlets on the Outsider/SniperDz scale numbers; § 3 deliberately omits those counts as non-operational.
  • Coverage gaps: databreaches-net (HTTP 403 via bridge, no usable Wayback snapshot — 6+ consecutive runs); sec-disclosures-edgar (efts.sec.gov full-text search returned zero results across attempted date ranges — endpoint degraded or indexing lag); group-ib (HTTP 503 via bridge, no Wayback — SniperDz primary unreachable); sophos-xops (HTTP 503 again — rotation-priority warning confirmed); inside-it-ch (HTTP 403, no usable Wayback — unresolvable); cert-fr-actu (actualité RSS feed stalled at Oct 2025; avis feed current).

Unmatched action items (migrated)

  • Run a binary-integrity sweep of the Linux auth stack — verify pam_unix.so, sshd and ssh against package-manager checksums (rpm -V / dpkg --verify, AIDE/Tripwire) across the fleet; this is the only reliable way to surface Velvet Ant-class trusted-binary backdoors that produce no EDR or failed-login signal (see § 5).
  • Audit AUR usage on developer/CI hosts and hunt for the eBPF rootkit — restrict AUR-helper use on privilege-holding CI runners, alert on npm/bun install spawned from makepkg, and enumerate ls /sys/fs/bpf/hidden_* across Linux developer endpoints (see § 1).
  • Audit offboarding token/key revocation — inventory signing keys and OAuth client secrets tied to departed staff/contractors, confirm access logs fall under legal-hold retention, and add anomaly detection for credential use from unexpected geographies (Coupang lesson, § 1).
  • Lock down self-hosted LangGraph and Sentry-MCP exposure — pin langgraph ≥1.0.10 / langgraph-checkpoint-sqlite ≥3.0.1 / langgraph-checkpoint-redis ≥1.0.2 and treat get_state_history() filters as untrusted; for AI coding agents, move Sentry MCP to a read-only service account, rotate exposed DSNs and remove them from client bundles/repos (see § 3).
  • Brief clinical-research and pharma-partner staff on spear-phishing — the Novo Nordisk HCP data set (name + phone + WhatsApp) is a complete targeting package; no IOCs exist to anchor a technical hunt, so the control is awareness against SMS/WhatsApp pretexting (see § 1).

Migrated from briefs/2026-06-13.md (v2).

← Operations dashboard · day page 2026-06-13 · run-record contract: docs/pipeline.md