ctipilot.ch

2026-W20-71c96b25

One pipeline fire, in full · weekly run of 2026-05-17 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-17/2026-W20-71c96b25.md.

Run telemetry

2026-W20-71c96b25 weekly prompt v2.59
29m 54s duration 52 published 0 updates
Claude Opus 4.7 (claude-opus-4-7) main agent
W1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
11
Duration
11m 33s
Tool calls
14 WebFetch18 WebSearch2 bridge
Cited sources
15 of 20 in slice
W2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
8
Duration
5m 27s
Tool calls
18 WebFetch14 WebSearch12 bridge
Cited sources
12 of 17 in slice

Verification

#1 ERROR-CLASSIFIER-TRIP · Claude Opus 4.7 · t=0 e=0 a=0 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=12 e=4 a=2 #3 NEEDS_FIXES · Claude Sonnet 4.6 · t=2 e=1 a=1 #4 NEEDS_FIXES · Claude Sonnet 4.6 · t=3 e=0 a=1 #5 NEEDS_FIXES · Claude Opus 4.7 (1M context) · t=0 e=1 a=2

Deep dive

Entries published (this run)

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

No coverage gaps in this run · every source the brief needed returned usable content via its documented recipe.

Bridge invocations (this run)

2 bridge calls this run · these are successful bridge fetches (separate from "Coverage gaps" above).

2 other
  • bridge:cisa-kev ×1
  • bridge:ncsc-ch-security-hub ×1

Verification findings · all iterations

Per-iteration finding detail. Each table is one verifier pass · what was flagged, how the main agent remediated it, and the outcome. Walking the tables top-to-bottom shows the verifier's debugging trail across iterations.

Iteration #3 NEEDS_FIXES · 4 findings (truth=2, editorial=1, advisory=1) · Claude Sonnet 4.6 · 7m 10s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F3
claim-not-supported
long-running-campaignsSecret Blizzard / Turla — The Record citation removed (iter-2 remediation not ap
Cited Dec-2024 article does not cover 2026 Kazuar botnet
F4
hallucinated-fact
sector-patternsSophos 'federal government' CH-sector claim still present
Source does not mention federal government for CH
F5
missing-citation
policy-regulatory-horizonNIS2 '21 of 27' transposition count unsupported by cited EC page (last updated J
F11
editorial-advisory
sector-patternsManufacturing weak cross-reference to W19 AI-tooling theme

Iteration #4 NEEDS_FIXES · 4 findings (truth=3, editorial=0, advisory=1) · Claude Sonnet 4.6 · 6m 02s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F14
quantifier-without-source
policy-regulatory-horizonNIS2 H3 heading '21 / 27' still present (iter-3 only fixed body)
F14
quantifier-without-source
multi-day-campaigns'172 packages / 403 versions' not directly stated in cited Wiz/Datadog sources
F3
claim-not-supported
multi-day-campaignsSeven Dutch universities named without source — NL Times not in footer
F11
editorial-advisory
multi-day-campaignsTL;DR/H3 '10+' vs body 'approximately 10' Cisco SD-WAN inconsistency (advisory o

Iteration #5 NEEDS_FIXES cap-breach · 3 findings (truth=0, editorial=1, advisory=2) · Claude Opus 4.7 · 2m 50s

F-codeSectionItem · URL/quoteVerifier summaryRemediation · outcome
F12
single-source-batch-advisory
annual-reportsF12 single-source-heading-marker drift on vendor-research items (Verizon DBIR, C
F11
editorial-advisory
verification-notes§ 10 line on TeamPCP wave-4 count: was '172/403', updated to 'qualified per dail
F11
editorial-advisory
verification-notes§ 10 verification-iterations narrative: was iter-1+iter-2 only; updated to full

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-W20-71c96b25 · weekly · Claude Opus 4.7 · 52 entries published

Coverage window: 2026-05-10 → 2026-05-17 (8 days, one calendar day overlap with the 2026-W19 weekly's coverage end on 2026-05-10). Previous weekly: briefs/weekly/2026-W19.md. gap_days = 7, window_days = max(7, gap_days + 1) = 8. Eight daily briefs were read in window (2026-05-10 through 2026-05-17). Standard week — no disclosure required, noted here for transparency.

Items still flagged [SINGLE-SOURCE]-equivalent in this run:

  • GTIG UNC6671 "BlackFile" vishing → AiTM → rogue-MFA → programmatic SharePoint exfiltration — single source GTIG (daily 2026-05-16). Included given the operationally distinctive TTP set and the DLS-shutdown / probable-rebrand signal; treated with standard single-source caution.
  • Unit 42 Gremlin Stealer evolved with .NET-resource XOR obfuscation, real-time crypto-clipper, WebSocket browser-process session-hijack — single source Unit 42 (daily 2026-05-16). Defender takeaway focuses on the WebSocket browser-process session-hijack class, which is more broadly attributable than the specific stealer.
  • SentinelOne Living Off the Pipeline CI/CD subversion taxonomy — single source SentinelOne (daily 2026-05-16). Included as a synthesis reference rather than a campaign attribution; the three-case taxonomy is corroborated indirectly by the W20 Mini Shai-Hulud chain (§ 2).
  • Sophos 2026 State of Identity Security — Switzerland highest identity-breach incidence finding — single source Sophos survey (daily 2026-05-15). The 17-country survey methodology is documented; Switzerland's specific ranking is a single-survey output and should not be over-weighted relative to longitudinal data.
  • CVE-2026-45793 PHP Composer GitHub Actions CI token disclosure — single source (daily 2026-05-15). Patched in Composer 2.8.10; the disclosure mechanism (error-message leakage) is technically corroborated by the Composer GHSA but the broader exploitation context is single-source.
  • West Pharmaceutical Services SEC 8-K — single source SEC filing (daily 2026-05-12). Standard victim-disclosure verification status; awaiting independent breach analysis.
  • PAN-OS CVE-2026-0300 wave-2 schedule — Palo Alto PSIRT advisory is the only source. National-CERT carve-out applies; CERT-EU and other corroborating advisories typically lag the vendor PSIRT by 24–48 hours.
  • Verizon DBIR 2026 headline figures — single source Verizon DBIR page; full PDF release pending 2026-05-19 webinar. Figures may shift on full-PDF reading.
  • SEPPmail CVE-2026-44128 — two national CERTs (NCSC-CH + CIRCL) corroborate; status improved from W19 but remains SINGLE-SOURCE-NATIONAL-CERT because no independent third-party PoC / root-cause analysis surfaced this week.
  • Kaspersky GReAT — Kimsuky Rust-based HelloDoor + TryCloudflare-tunnel C2 — single source Kaspersky (daily 2026-05-17). Standard single-source-OTHER caution.
  • § 6 vendor-research items operating as single-source-equivalent for the weekly: Verizon DBIR 2026 page-summary (Verizon only — full PDF pending 2026-05-19 webinar); Check Point Research April 2026 ransomware analysis (Check Point only — vendor monthly threat report); GTIG AI Threat Tracker May 2026 (Google Cloud only — vendor threat-intel report); Datadog Security Labs Shai-Hulud framework analysis (Datadog only — vendor research). Per the daily prompt's annual-report carve-out, vendor-research roll-ups stand as primary sources; flagged here so the single-source posture is explicit on the page.
  • § 3 CVE-2026-46300 (Fragnesia) — single primary source Wiz Research (Linux kernel security advisory). The Wiz post is the canonical research write-up; flagged here so the single-source posture is explicit.

Items dropped from this week's roll-up that may resurface:

  • TrickMo "TrickMo C" Android banking trojan — TON-blockchain C2 (daily 2026-05-13) — dropped under W-PD-1: Android banking-trojan content is off-audience for a Swiss / EU public-sector SOC weekly. If a Swiss / EU public-sector entity discloses an incident traced to TrickMo C, resurfaces.
  • NCSC-UK "10 questions to ask when using AI models to find vulnerabilities" (daily 2026-05-13) — covered briefly in the daily; the NCSC-UK guidance is policy-advisory rather than operationally novel. The W19 weekly already absorbed the CERT-FR CERTFR-2026-ACT-016 agentic-AI advisory and the parallel NCSC.ch BACS assessment; the NCSC-UK piece adds questions but no new defender-action items.
  • Microsoft MDASH multi-model agentic vulnerability discovery (daily 2026-05-13 research) — dropped under W-PD-1: this is interesting research-platform reporting but does not currently change defender obligations or surface a new operator pattern.
  • GemStuffer — RubyGems weaponised as a one-way exfiltration channel (daily 2026-05-14 research) — held under reduced weight; the abuse pattern is novel but limited to UK local-authority ModernGov portals at this stage; if cross-EU GemStuffer expansion is documented in 2026-W21, resurfaces.
  • CVE-2026-41940 FunnelKit (2026-05-17 § 1) — daily covered as "FunnelKit Funnel Builder for WooCommerce actively exploited as Magecart skimmer on 40,000+ WordPress stores — no CVE assigned"; included in § 4 sector pattern rather than § 1 to avoid leading with a non-CVE'd WooCommerce-plugin item against the inaction-=-incident bar of the strongest § 1 placements.

Contradictions / ambiguities flagged for the verifier's attention:

  • Microsoft Exchange CVE-2026-42897 vs. DEVCORE Pwn2Own three-bug chain. The two findings are distinct vulnerability classes; Microsoft has not formally linked them at week-end. The weekly treats them as adjacent threats with potential composite-exploitation risk but explicitly does not claim a chained ITW exploitation has been observed. Verifier: confirm the framing is consistent across §§ 0, 1, 2, 3.
  • CISA ED-26-03 deadline 2026-05-17 vs. KEV deadline alignment. ED-26-03 mandates US-FCEB action by 2026-05-17; the underlying KEV addition has a 2026-05-29 deadline for the CVE-2026-42897 Exchange flaw and 2026-05-17 for CVE-2026-20182. The two timelines are distinct: ED-26-03 is Cisco SD-WAN-specific.
  • The Gentlemen RaaS — Bedrock Safeguard decryptor scope. Bedrock Safeguard's testing documented 35/35 files decrypted with their PoC; the operator has claimed to patch the binary, so the decryptor's continued effectiveness is bounded to pre-patch encrypted material. The weekly frames the decryptor as "best-case retrospective" capability accordingly.
  • CVE-2026-43500 (Dirty Frag RxRPC) patch status. AlmaLinux 8 is documented as not affected (rxrpc module not built); other distros are propagating. Defenders should not generalise the AlmaLinux-8 not-affected status to other RHEL-derivatives.

Items included with reduced confidence:

  • Verizon DBIR 2026 figures (page-summary level). Full PDF release pending; figures cited are from the public page summary and may be revised on full-PDF reading after the 2026-05-19 webinar.
  • TeamPCP Mini Shai-Hulud wave-4 package count (qualified as "170+ packages / 400+ versions" per daily-brief tracking). The qualified figure derives from daily-brief tracking of the 2026-05-13 wave; the Wiz Blog and Datadog Security Labs writeups list named packages without an aggregate count, so exact totals are contingent on registry-side observations that may shift as additional malicious versions are identified.
  • Qilin DLS 65 German victims total. Number is current as of 2026-05-16 per W1 horizon research; leak-site counts are operator-controlled data and should be treated as a lower bound.

Sub-agent telemetry (Phase 2):

  • W1 (Long-horizon ongoing developments + annual / periodic reports) — returned: Claude Sonnet 4.6 (claude-sonnet-4-6); started_at=2026-05-17T22:12:01Z, ended_at=2026-05-17T22:23:34Z, duration_seconds=693; webfetch_calls=14, websearch_calls=18, bridge_fetches=2. Returned 11 items: 7 status-updates on W19 "Looking Ahead" items (PAN-OS CVE-2026-0300, Canvas/Instructure, The Gentlemen RaaS, Dirty Frag distro propagation, CVE-2026-31431 Copy Fail, MOVEit Automation CVE-2026-4670, SEPPmail CVE-2026-44128), 2 campaign-status updates (Secret Blizzard / Turla Kazuar, FrostyNeighbor / Ghostwriter UNC1151, Mini Shai-Hulud, Qilin / Agenda), 2 annual / periodic reports (Sophos State of Identity Security 2026, Verizon DBIR 2026). W1 coverage gaps: bleepingcomputer (article URLs frequently 403 even via bridge — WebSearch corroboration used), inside-it-ch (Cloudflare Managed Challenge — no relevant in-window items via WebSearch fallback), Verizon DBIR full PDF (not released until 2026-05-19 webinar), independent third-party SEPPmail CVE-2026-44128 write-up (not found in window — CIRCL advisory strongest available corroboration).
  • W2 (Strategic & policy horizon) — returned: Claude Sonnet 4.6 (claude-sonnet-4-6); started_at=2026-05-17T22:12:32Z, ended_at=2026-05-17T22:17:59Z, duration_seconds=327; webfetch_calls=18, websearch_calls=14, bridge_fetches=12. Returned 8 items: 3 net-new policy items (EU Digital Omnibus AI Act extension 2026-12-02, CRA milestones 11 June / 11 September 2026, DORA first oversight cycle with 19 designated CTPPs), 4 status updates (ENISA CNA Root 4 new CNAs onboarded, EDPB CEF 2026 25 DPAs investigating, KRITIS-DachG registration deadline 17 July 2026, NIS2 transposition status no Court of Justice referral), 1 CISA KEV addition (CVE-2026-42897 Exchange OWA-XSS KEV-added 2026-05-15 deadline 2026-05-29). W2 coverage gaps: CERT-FR RSS feed serving items only through September 2025 (feed appears stale / misconfigured; direct-URL fetches work), BAKOM / OFCOM (no cybersecurity-relevant CH telecom-regulator publication this week), FINMA (no new circular this week), Council of Europe Budapest Convention (no in-window cybercrime action), OFAC cyber (no in-window sanctions action).

Sub-agent self-identification: both W1 and W2 self-identified as Claude Sonnet 4.6 (canonical id claude-sonnet-4-6) — model id and friendly name aligned, no drift. The main agent (this Opus 4.7 invocation) is Claude Opus 4.7 with canonical id claude-opus-4-7.

Verification iterations: Phase 4.7 verifier ran with model rotation across five iterations.

  • Iter 1 (cti-verification, Opus) tripped Anthropic's cyber-content classifier and returned no verdict — a documented failure mode on dense-CTI weekly composition.
  • Iter 2 (cti-verification-alt, Sonnet) returned NEEDS_FIXES truth=12 / editorial=4 / advisory=2; all findings remediated.
  • Iter 3 (cti-verification-alt, Sonnet — re-spawned on Sonnet to avoid recurrence of iter-1 classifier-trip risk) returned NEEDS_FIXES truth=2 / editorial=1 / advisory=1; all truth + editorial findings remediated (two iter-2 remediations had been partially applied; iter-3 caught them).
  • Iter 4 (cti-verification-alt, Sonnet) returned NEEDS_FIXES truth=3 / editorial=0 / advisory=1; all truth findings remediated.
  • Iter 5 (cti-verification, Opus — cap iteration, classifier-trip risk re-paid; succeeded) returned NEEDS_FIXES truth=0 / editorial=1 / advisory=2 — content is CLEAN at the truth level; residual editorial-advisory items are this very § 10 self-report (now updated) and a batch F12 single-source-heading-marker advisory that § 10's single-source-flag table compensates for.

Cap reached at iter 5 per the prompt's Cap 5 iterations rule with publish-anyway fail-open safety valve. verification_residual_count = 1 (editorial only; F11 advisory excluded per v2.47 semantics). Iteration-by-iteration model + verdict + duration + per-finding records persisted in state/run_log.json.verification.iterations[].

Coverage gaps: bleepingcomputer (article URLs 403 even via bridge); inside-it-ch (Cloudflare Managed Challenge); cert-fr (RSS stale through Sep 2025 — direct URL fetches succeed); bakom-ofcom (no in-window publication); finma-ch (no new circular); coe-budapest (no in-window cybercrime action); ofac-cyber (no in-window action); verizon-dbir-2026-full (PDF not released until 2026-05-19); seppmail-cve-2026-44128-third-party (no third-party PoC / write-up in window); databreaches-net (403 persistent — bridge allowlisted but no W20 item via secondary discovery); prodaft (403 persistent); nccgroup (403 persistent); csirt-acn-it (403 persistent); ccn-cert-es (geo-blocked); ico-uk (JS SPA — South Staffordshire penalty already covered via the daily citation); cisa-news / cisa-kev / cisa-directives (bridge-fetched successfully — ED-26-03 + KEV CVE-2026-42897 / CVE-2026-20182 captured); ncsc-ch-security-hub (bridge-fetched successfully — post #12577 captured for CVE-2026-42897); enisa-euvd (SPA — no W20 item surfaced via WebFetch); advisories-ncsc-nl (Angular SPA — listing returns no advisory data; individual URLs work).

Migrated from briefs/weekly/2026-W20.md (v2).

← Operations dashboard · day page 2026-05-17 · run-record contract: docs/pipeline.md