ctipilot.ch

2026-07-14T0409Z-intel

One pipeline fire, in full · intel run of 2026-07-14 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-07-14/2026-07-14T0409Z-intel.md.

Run telemetry

2026-07-14T0409Z-intel intel prompt v3.24 publish ok
29m 53s duration 3 published 1 updates
Claude Opus 4.8 (claude-opus-4-8) main agent
S1 Claude Sonnet 5 (claude-sonnet-5)
Items returned
2
Duration
9m 48s
Tool calls
not reported
Cited sources
2 of 11 in slice
S2 Claude Sonnet 5 (claude-sonnet-5)
Items returned
3
Duration
15m 25s
Tool calls
not reported
Cited sources
3 of 19 in slice
S3 Claude Sonnet 5 (claude-sonnet-5)
Items returned
2
Duration
12m 16s
Tool calls
not reported
Cited sources
2 of 19 in slice
S4 Claude Sonnet 5 (claude-sonnet-5)
Items returned
4
Duration
13m 28s
Tool calls
not reported
Cited sources
4 of 9 in slice

Verification

unconfirmed CLEAN · waived: single CLEAN at iteration cap (5): iteration 5 (Opus) returned CLEAN following i #1 NEEDS_FIXES · Opus 4.8 · t=1 e=0 a=1 #2 NEEDS_FIXES · Sonnet 5 · t=2 e=0 a=1 #3 CLEAN · Claude Opus 4.8 · t=0 e=0 a=0 #4 NEEDS_FIXES · Sonnet 5 · t=2 e=0 a=1 #5 CLEAN · Claude Opus 4.8 · t=0 e=0 a=0

Deep dive

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

No coverage gaps in this run · every source the brief needed returned usable content via its documented recipe.

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #1 NEEDS_FIXES · 2 findings (truth=1, editorial=0, advisory=1) · Claude Opus 4.8 · —

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
CrashStealer body said the dropper Developer ID was 'since-revoked' — neither Jamf nor BleepingComputer states Apple revoked it (Jamf says only that it reported the Team ID to Apple).Replaced 'since-revoked Developer ID' with 'a valid Developer ID — which Jamf reported to Apple after confirming it was used to distribute malicious payloads' (
F11
editorial-advisory
tags carried 'mobile' (iOS/Android), misclassifying a macOS desktop infostealer.Replaced 'mobile' with 'identity' (the malware's core behaviour is credential/keychain theft); 'infostealer' retained.

Iteration #2 NEEDS_FIXES · 3 findings (truth=2, editorial=0, advisory=1) · Claude Sonnet 5 · —

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
techniques[] mapped T1622, T1027 and T1560.001 (all genuinely Jamf-sourced) but the body described none of the three behaviours (anti-debug, string/control-flow obfuscation, zip archival) — every mappAdded a body sentence describing the sysctl/P_TRACED dual anti-debug checks (T1622), the encrypted runtime-decoded strings + control-flow flattening (T1027), an
F4
hallucinated-fact
techniques[] mapped T1090.003 (Multi-hop Proxy) but the cited government sources describe a single external VPN/anonymisation relay, not proxy chaining, and no body prose described the proxy behaviourChanged T1090.003 to T1090.002 (External Proxy) and added a body sentence (verbatim OFAC quote) describing ransomware groups using 1VPNS to hide attack origins,
F11
editorial-advisory
The reader-facing verification-notes body opened with workflow-internal language ('Phase 1 research sub-agents (S1-S4) returned within cap; no S5').Rewrote the notes body in plain reader-facing language; removed phase/sub-agent/cap/gate jargon throughout while keeping the prescribed borderline-drop / Covera

Iteration #4 NEEDS_FIXES · 3 findings (truth=2, editorial=0, advisory=1) · Claude Sonnet 5 · —

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F4
hallucinated-fact
Confirmation pass (did not confirm iter-3 CLEAN): body had the collection sequence backwards — 'packaging into a zip archive, AES-GCM-encrypting it' (zip-then-encrypt), but Jamf documents each item isCorrected the order: 'AES-GCM-encrypting each item into hidden staging files as it is collected ... then packaging each staging directory into its own zip archi
F3
claim-not-supported
The notarized-dropper / right-click-Open-is-social-engineering / Developer-ID-reported-to-Apple claims were cited to BleepingComputer, which states none of them; all are Jamf's.Re-cited those claims to Jamf Threat Labs; kept BleepingComputer as a co-citation on the May→July timeline claim, which it does support (so sources[] and inline
F11
editorial-advisory
Residual tool-name jargon 'WebSearch' remained in the reader-facing Coverage gaps line.Replaced 'no in-window content via WebSearch either' with 'no in-window content surfaced by searches either'.

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-07-14T0409Z-intel · Claude Opus 4.8 · window 24 h · 3 entries published

Intel run 2026-07-14T0409Z

Intraday run, about 8 hours after the previous one (2026-07-13T20:09Z). The coverage window spans the last 24 hours (the standard floor), though most of it was already swept by earlier runs, so only genuinely new signal is published. Research covered breaking vulnerabilities, the Swiss/European home-region and sector picture, threat-research labs and incident disclosures; no closed-source material was present this window. Coverage focus: Switzerland and Europe, Swiss/European critical infrastructure and government at the centre.

Verification & coverage notes

A quiet-but-non-empty window: two new entries and one update. No deep dive (no candidate decisively earned the long-form treatment) and no critical-priority item (nothing met the stop-and-act-now bar).

  • New (threat): CrashStealer — native-C++ macOS infostealer (Jamf Threat Labs + BleepingComputer, 2026-07-13; in-window under the 24 h floor, not previously covered). Novel tradecraft: notarized dropper clearing Gatekeeper, ad-hoc-re-signed payload from a hidden /private/tmp path, local dscl -authonly password validation, EDR-tooling reconnaissance, keychain/browser/wallet harvest. One do-now compromise-check action (fleet sweep for the Apple-impersonating bundle staged from a hidden path).
  • New (annual-report): Check Point Annual AI Security Report 2026 (Check Point Research, 2026-07-14, in-window). Covered once as a dedicated report entry — the durable defender takeaway (an agent's trusted config/context store is the new persistence surface) framed over the telemetry percentages, which are flagged as CPR's own product data. Distinct from CPR's earlier bimonthly AI Threat Landscape Digest.
  • Update (incident): OFAC/UK sanctions on First VPN Service (1VPNS), its administrator and a Belarusian cryptor seller (US Treasury + FBI, 2026-07-13). Filed as an update to the 2026-05-22 Operation Saffron takedown entry — the takedown (with Swiss joint-investigation-team participation) was already covered; the new development is the individual designations and the explicit targeting of the cryptor-as-a-service layer. The update carries only the new development, not a recap.

Single-source / carve-outs:

  • Check Point AI Security Report 2026 — single-source (CPR's own report; telemetry uncorroborated). Classification B2, confidence medium.
  • CrashStealer — multi-source but BleepingComputer relays the Jamf research rather than independently corroborating; credibility held at 2 (B2), confidence medium.

Borderline drops (recoverable audit trail):

  • borderline-drop: SAP July 2026 Security Patch Day (CVE-2026-44747 NetWeaver AS ABAP memory corruption CVSS 9.9; CVE-2026-44761 Commerce Cloud sample-OAuth2-credential CVSS 9.1; CVE-2026-27690 Approuter HTTP request smuggling CVSS 9.1) — routine monthly patch-cycle disclosure: EPSS 0.0, no exploitation, no public PoC, same-day patches; nothing here warrants action beyond the routine monthly SAP patch cycle, even at CVSS 9+. Relevant to the SAP-heavy constituency but correctly out of scope for an out-of-band item; logged for awareness. Surfaced first by ENISA EUVD before any vendor blog or press.
  • borderline-drop: DIRAC grid-computing framework eval-injection RCEs (CVE-2026-61667 FileCatalog, CVE-2026-45579 RequestManager, both CVSS 9.9) — authenticated (PR:L), patched same day, no exploitation/PoC; narrow research-computing audience (WLCG/HEP, CERN-adjacent). Routine patch cycle for a niche product.
  • borderline-drop: Swiss federal administration Microsoft 365 exit / OpenDesk (Kommando Cyber + Federal Chancellery PoC BOSS) — directly concerns the constituency's own core and is well-sourced (Republik/Netzwoche/heise + first-party bk.admin.ch), but it is a strategic sovereignty/policy decision with no near-term operational defender action. Held for the weekly strategic summary rather than the daily operational feed, and flagged for that run.
  • borderline-drop: Compass Security CRA Part II (IP-camera CRA/IEC 62443-4-2 compliance-assessment walkthrough) — high-quality defensive methodology, but GRC/procurement-oriented and single vendor-blog source; not operational SOC threat signal.
  • borderline-drop: Lidl online-shop third-party breach (DE/BE/NL) — retail, outside the constituency's sectors; limited personal data (no passwords/payment), no named actor, and a repeat of the third-party-service-provider trust-boundary pattern already covered this week (KDDI/Nayax/Odido/Nextcloud). No transferable new lesson.
  • borderline-drop: D1R extortion claim vs Synopsys/Bosch/ARM — unconfirmed leak-site claim, no vendor confirmation, possibly recycled from an earlier "Arkana" Synopsys claim; not published without corroboration. The one transferable point (a registration-form business-logic flaw enabling bulk client-database enumeration) is generic and does not justify an unverified named-victim entry.
  • borderline-drop: Qilin leak-site listing of Centro Científico e Cultural de Macau (Portuguese public institute) — bare listing, zero technical detail, no corroboration or victim statement; direct EU public-sector nexus but no actionable content, and unconfirmed leak-site claims are not published on their own.

Data-quality note: the FBI FLASH PDF (ic3.gov/CSA/2026/260521.pdf) referenced by both OFAC and the FBI Boston release returned self-flagged "paraphrased" text on fetch and named ransomware families/protocol details not verifiable in first-party text; those specifics (incl. VLESS/Reality protocol masquerading) were deliberately excluded from the 1VPNS entry, which stands on OFAC + the FBI Boston release only.

  • Coverage gaps: ncsc-uk (reports-advisories listing JS-only/cookie-shell — news RSS used instead); cisa-advisories (listing returned filter chrome only, JS-rendered results grid); mandiant-gtig (client-rendered SPA, no dated listing); intel471 (Next.js SPA, RSS 404); govcert-at (empty RSS); edpb, cnil-fr, truesec, withsecure-labs (SPA/cookie shells — no in-window content surfaced by searches either); inside-it-ch (article-detail 403 both transports; RSS reachable direct); industrialcyber-co (homepage 403; /feed/ reachable direct).
  • Watchlist: no product/supplier watchlist configured — product and supplier sweeps are structural no-ops this deployment (products checked=0, suppliers checked=0).
  • Essential-coverage: cisa-directives not confirmed attempted this run (it was allocated but the CISA-directives listing was not drilled after the CISA advisories fetch). CISA emergency directives are infrequent and nothing new was expected in this window; flagged for the next run to attempt explicitly.

← Operations dashboard · day page 2026-07-14 · run-record contract: docs/pipeline.md