ctipilot.ch

2026-W19-a5788b22

One pipeline fire, in full · weekly run of 2026-05-10 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-10/2026-W19-a5788b22.md.

Run telemetry

2026-W19-a5788b22 weekly prompt v2.48
24m 29s duration 53 published 0 updates
Claude Opus 4.7 (claude-opus-4-7) main agent
W1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
8
Duration
7m 02s
Tool calls
9 WebFetch22 WebSearch2 bridge
Cited sources
15 of 23 in slice
W2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
8
Duration
10m 48s
Tool calls
16 WebFetch18 WebSearch3 bridge
Cited sources
14 of 22 in slice

Verification

#1 NEEDS_FIXES · Anthropic Claude Opus 4.7 · t=17 e=6 a=3 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=7 e=5 a=2 #3 NEEDS_FIXES · Anthropic Claude (specific model not determined) · t=10 e=1 a=3 #4 NEEDS_FIXES · Claude Sonnet 4.6 · t=2 e=1 a=2 #5 CLEAN · Claude Opus 4.7 · t=0 e=0 a=0

Deep dive

Entries published (this run)

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

Source (uncovered)URL triedMethod chainStatus / classWhat the agent did instead
cisa-kev
covered via alternate · should NOT be in this list
https://www.cisa.gov/known-exploited-vulnerabilities-catalogwebfetchbridge:cisa-kev403 transport-403
WebFetch returned HTTP 403 (transport-side; expected on this host)
bridge:cisa-kev confirmed catalog version 2026.05.08 unchanged; no new KEV entries 2026-05-09 / 10
ncsc-ch-security-hub
covered via alternate · should NOT be in this list
https://security-hub.ncsc.admin.ch/api/posts/12552/detailsbridge:ncsc-csh.post403 transport-403
No post ID 12552+ exists — most recent confirmed post is 12551 (2026-05-08, SEPPmail)
post 12551 and earlier all in prior_coverage; NCSC-CH Im Fokus 2026-05-01 (AI in vulnerability management) fetched via webfetch directly
databreaches-net
covered via alternate · should NOT be in this list
https://databreaches.net/webfetchbridge:databreaches-net403 transport-403
Persistent 403 across direct and bridge UAs
secondary corroboration acceptable for in-window items
ico-uk
covered via alternate · should NOT be in this list
https://ico.org.uk/action-weve-taken/webfetchbridge:ico-uk200 spa-empty
JS-rendered listing returns empty content
bridge subcommand returned the same SPA-empty body; no W19 enforcement decisions surfaced via WebSearch fallback
enisa-euvd
covered via alternate · should NOT be in this list
https://euvd.enisa.europa.eu/webfetchbridge:enisa-euvd200 spa-empty
SPA — content empty to WebFetch (persistent gap)
bridge subcommand attempted; SPA-empty persistent; no new in-window exploited-vulnerability policy items beyond prior coverage
group-ib
covered via alternate · should NOT be in this list
https://www.group-ib.com/blog/hastalamuerte-gentlemen-raas-ttps/webfetch403 transport-403
Group-IB blog 403 — host not on bridge allowlist
The Gentlemen content recovered via Check Point Research DFIR + BleepingComputer corroboration
autoriteitpersoonsgegevens-nl
covered via alternate · should NOT be in this list
https://www.autoriteitpersoonsgegevens.nl/enwebfetch503 transport-5xx
Dutch DPA returned HTTP 503; host not on bridge allowlist
Dutch DPA W19 activity surfaced via Computer Weekly / Techzine / DutchNews secondary reporting
coe-cybercrimehttps://www.coe.int/en/web/cybercrime/octopus-conference-2026webfetch403 transport-403
Council of Europe Cybercrime portal 403; host not on bridge allowlist
no in-window CoE Cybercrime item required for the brief

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-W19-a5788b22 · weekly · Claude Opus 4.7 · 53 entries published

This is the first weekly summary in the series. briefs/weekly/ was empty at run start; window_days = 7 per default. Window: 2026-05-04 → 2026-05-10 (ISO week 2026-W19). Five daily briefs in window (2026-05-06 through 2026-05-10) were read in full; the gap between Monday 2026-05-04 and Wednesday 2026-05-06 reflects daily-routine start cadence rather than a coverage failure.

Items still flagged [SINGLE-SOURCE]-equivalent in this run:

  • SEPPmail CVE cluster (CVE-2026-44128 et al.) — primary advisory is NCSC-CH post 12551 (national-CERT carve-out applies) plus SEPPmail vendor release notes; no third-party security-researcher write-up located in window. Logged in daily 2026-05-09 § 7 as [SINGLE-SOURCE-NATIONAL-CERT carve-out + vendor].
  • MuddyWater Chaos ransomware false-flag campaign — single source Deep Instinct (daily 2026-05-08). Included given confirmed Iran-nexus TTP and European targeting; treated with standard single-source caution.
  • Amazon SES BEC technique — single source Kaspersky Securelist 2026-05-04 (daily 2026-05-08). Included as first coverage with age noted.
  • xrdp CVE-2025-68670 — single source Kaspersky Securelist 2026-05-08 (daily 2026-05-09). Vendor (xrdp project) GitHub commit and release 0.10.5 confirm the patch but not the vulnerability analysis.
  • Polish water OT named-facility list (Jabłonna Lacka, Szczytno, Małdyty, Tolkmicko, Sierakowo) — facility names appear only in the ABW 2025 Annual Report. The two-source requirement is met at the level of the core story (ABW annual report + SecurityAffairs coverage), but the specific facility names derive from a single document.
  • CERT-FR CERTFR-2026-ACT-016 (agentic AI advisory) — single-source national-CERT carve-out applies.
  • Bauman / GRU Department No. 4 investigation — six co-publishing outlets (The Insider, The Guardian, Le Monde, Der Spiegel, VSquare, Frontstory) constitute multi-source verification at the source-document level; the leaked-documents corpus itself is a single dataset, so cross-publisher reading of the same documents is the corroboration standard applied. Note: the specific APT28-to-2016-Bundestag and APT28-to-2017-Macron-campaign attributions surfaced in § 7 trace to the Guardian / Le Monde / Der Spiegel reporting; Meduza (the most accessible English mirror) corroborates the Sandworm / Unit 74455 / Kyivstar / NotPetya / Ukraine-power-grid attributions but does not itself name the Bundestag / Macron specifics. Readers verifying these latter two should consult the German / French primary outlets.

Items dropped from this week's roll-up that may resurface:

  • CallPhantom Android subscription-fraud cluster (28 apps, 7.3 M downloads; ESET 2026-05-07; daily 2026-05-10 § 7) — dropped under PD-11 (less is more) as off-audience consumer-mobile fraud rather than enterprise / public-sector defender content. If a CH/EU regulator opens an enforcement action against the 28-app cluster, this resurfaces.
  • TCLBANKER (Brazilian banking trojan) (Elastic Security Labs, daily 2026-05-07 / 2026-05-10) — Brazil-only geofenced targeting; no CH/EU defender takeaway materially different from generic "audit COM-driven Outlook automation".
  • Cisco Unity Connection CVE-2026-20034 / 20035 (daily 2026-05-10) — patched; not on KEV; no in-the-wild exploitation reported; rarely internet-exposed. Did not clear weekly §3 inclusion gates.
  • Laclinic-Montreux / Qilin dark-web aggregator listing (daily 2026-05-10) — no victim public statement, no independent corroboration; held under PD-6 (fake-news guard / leak-site claims require victim disclosure or HIGH-reliability journalism).
  • Microsoft AiTM "Code of Conduct" phishing campaign (Microsoft Threat Intelligence, 2026-05-04; covered daily 2026-05-06) and Microsoft Edge cleartext passwords in process memory (SANS ISC Diary, 2026-05-04; covered daily 2026-05-06) — both [SINGLE-SOURCE-OTHER] items from the start of the window; no material in-window development to surface them in the weekly. The Edge finding remains relevant to public-sector privileged-account hygiene but does not meet W-PD-1's three-question gate at the weekly level.

Contradictions / ambiguities flagged for the verifier's attention:

  • Ivanti EPMM named-EU-victim attribution. The daily 2026-05-09 names European Commission, Dutch DPA, Netherlands Council for the Judiciary, and Finnish Valtori as confirmed victims of the May 2026 wave (CVE-2026-5787 / CVE-2026-6973), citing CERT-FR CERTFR-2026-AVI-0552 and NCSC-CH 12548 (daily 2026-05-09); W1 horizon research re-reading Help Net Security, 2026-05-08 concluded the four organisations were victims of the January 2026 chain (CVE-2026-1281 / CVE-2026-1340), not the May 2026 chain — Ivanti has disclosed only "a very limited number of customers" exploited via the May chain without naming specifics. The weekly carries the daily's attribution because the daily was source-verified at composition time, but flags this for verifier review with both sources noted; defenders' operational response — patch and rotate — is identical regardless of which chain caught which organisation, so the brief framing intentionally does not lock either way.
  • Microsoft Semantic Kernel CVE-2026-25592 patched Python version. GitHub advisory GHSA-2ww3-72rp-wpp4 records 1.39.3 as the patched Python version; Microsoft research post and GHSA-xjw9-4gw8-4rqx (CVE-2026-26030) record 1.39.4. The brief recommends ≥ 1.39.4 as the single safe target since it supersedes 1.39.3 and closes both CVEs.
  • Akira-as-actor attribution for Groupe 3R. Victim statement and Swiss-press reporting confirm the incident and 2026-04-30 attack date; the Akira-as-actor attribution comes from ransomware.live (aggregator), not from the victim or an independent primary research lab. Logged with confidence HIGH on incident, MEDIUM on actor.
  • Ivanti EPMM exposure count. The "508 EU on-premises instances" figure originally surfaced via NCSC-NL scanning (daily 2026-05-09) and was reconfirmed by Shadowserver per BleepingComputer in the daily 2026-05-10 update with a global "~850" total. The two numbers are consistent (508 EU is the EU-specific count, ~850 is the global total).

Items included with reduced confidence:

  • JDownloader Python-payload capability description. Primary developer-confirmed disclosure (PiunikaWeb, 2026-05-08) corroborated by CyberKendra, 2026-05-07; both are mid-tier publishers, and the more-specific Python-payload capability description has not been corroborated by a named research lab in this run. Supply-chain-compromise fact, time window, and forged-publisher signatures are developer- and multi-source-confirmed.

Sub-agent telemetry (Phase 2):

  • W1 (Long-horizon ongoing developments + annual reports) — returned: Claude Sonnet 4.6 (claude-sonnet-4-6); started_at=2026-05-10T22:07:45Z, ended_at=2026-05-10T22:14:47Z, duration_seconds=422; webfetch_calls=9, websearch_calls=22, bridge_fetches=2. Returned 8 items; net-new horizon items integrated: "The Gentlemen" RaaS + Q1 2026 ransomware quarterly synthesis (§§ 6/7); Akamai's PatchDiff-AI incomplete-patch analysis for CVE-2026-32202 (§ 3); German Akira healthcare victims (§ 7). W1 fetch_failures: group-ib (403, mitigated via secondary sources); thehackernews on SystemBC C2 (503, mitigated via BleepingComputer / CPR).
  • W2 (Strategic & policy horizon) — returned: Claude Sonnet 4.6 (claude-sonnet-4-6); started_at=2026-05-10T22:08:24Z, ended_at=2026-05-10T22:19:12Z, duration_seconds=648; webfetch_calls=16, websearch_calls=18, bridge_fetches=3. Returned 8 items; net-new policy-horizon items integrated: LIBE MEPs call for Europol mandate-expansion pause (§ 8); EU Cybersecurity Package 2026 — NIS2 amendment COM(2026) 13 + Cybersecurity Act 2 with PQC Article 7(2)(k) (§ 8); Germany KRITIS-DachG in force with 17 July 2026 registration deadline (§ 8); EDPB 2026 CEF coordinated enforcement on GDPR Articles 12–14 transparency (§ 8); NCSC Switzerland 1 May 2026 AI-in-vulnerability-management BACS assessment (§ 8); Poland NIS2 transposition in force 3 April 2026 with water-sector essential-entity context (§ 8). W2 fetch_failures: autoriteitpersoonsgegevens.nl (503, no bridge available); coe-cybercrime (403, no bridge); bills-parliament-uk (403, mitigated via WebSearch); ncsc-ch-security-hub post-12552+ (no post exists — confirmed 12551 is most recent).

Sub-agent self-identification: both W1 and W2 self-identified as Claude Sonnet 4.6 (canonical id claude-sonnet-4-6) — model id and friendly name are aligned, no drift. The 2026-05-10 daily noted four sub-agents self-identifying as Claude Sonnet 4.5 with id claude-sonnet-4-6 (drift); W1/W2 correct self-identification on this run is an improvement to record in state/run_log.json.

Verification iterations: 5 iterations, final verdict CLEAN. Phase 4.7 ran the cti-verification sub-agent loop with model rotation: iter 1 Opus (NEEDS_FIXES, truth 17 / editorial 6 / advisory 3), iter 2 Sonnet (NEEDS_FIXES, truth 7 / editorial 5 / advisory 2), iter 3 Opus (NEEDS_FIXES, truth 10 / editorial 1 / advisory 3), iter 4 Sonnet (NEEDS_FIXES, truth 2 / editorial 1 / advisory 2), iter 5 Opus (CLEAN, 0 / 0 / 0). The verifier-loop telemetry block in state/run_log.json.verification.iterations[] records per-iteration model, timestamps, and finding counts.

Coverage gaps: cisa-kev (no new KEV entries 2026-05-09 / 10, bridge-fetched cleanly); ncsc-ch-security-hub (most recent post 12551, 2026-05-08, no new posts in window; bridge mandated); ico-uk (JS SPA — persistent, no W19 enforcement decisions surfaced); databreaches-net (403 across UAs — persistent); csirt-acn-it (403 persistent, bridge allowlisted but no W19 item surfaced); ccn-cert-es (geo-blocked 451/403 — no W19 item; Inditex/AEPD enforcement not yet a formal decision); inside-it-ch (403 direct, bridge needed); prodaft (403 persistent); nccgroup (403 persistent); enisa-euvd (SPA — content empty to WebFetch); advisories-ncsc-nl (CSAF SPA — listing returns no advisory data); cisco-psirt-publication-listing (Angular SPA — individual advisory URLs work directly); cert.ssi.gouv.fr (RSS works, individual advisory detail pages need bridge); bleepingcomputer article-page (403 on direct WebFetch — discovery via listing OK); group-ib (403 persistent — secondary corroboration acceptable); thehackernews (intermittent 503 on individual articles, secondary corroboration acceptable); autoriteitpersoonsgegevens.nl (503 — no bridge allowlist); coe-cybercrime (403 — no bridge); bills.parliament.uk (403 — WebSearch fallback); cnil-fr / finma / govcert-ch / govcert-at / cert-at (quiet window, no W19 policy items surfaced); edpb (W19 plenary 11 May not yet produced decisions — returns next week).

Migrated from briefs/weekly/2026-W19.md (v2).

← Operations dashboard · day page 2026-05-10 · run-record contract: docs/pipeline.md