ctipilot.ch

2026-W22-da77963d

One pipeline fire, in full · weekly run of 2026-05-31 · sub-agent allocation and telemetry, per-iteration verification verdicts and findings, source-list edits, coverage gaps, bridge invocations — and the run's own verification & coverage notes: what was published, what was dropped at the borderline or judged not relevant (and why), single-source carve-outs, and contradictions. Rendered from runs/2026-05-31/2026-W22-da77963d.md.

Run telemetry

2026-W22-da77963d weekly prompt v2.60
18m 55s duration 32 published 0 updates
Claude Opus 4.8 (claude-opus-4-8) main agent
W1 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
13
Duration
5m 11s
Tool calls
10 WebFetch22 WebSearch4 bridge
Cited sources
5 of 18 in slice
W2 Claude Sonnet 4.6 (claude-sonnet-4-6)
Items returned
6
Duration
6m 27s
Tool calls
9 WebFetch10 WebSearch7 bridge
Cited sources
3 of 14 in slice

Verification

#1 NEEDS_FIXES · Claude Opus 4.8 · t=3 e=1 a=1 #2 NEEDS_FIXES · Claude Sonnet 4.6 · t=4 e=1 a=1 #3 CLEAN · Claude Opus 4.8 · t=0 e=0 a=0

Deep dive

Entries published (this run)

Sources changed (this run)

Edits this run made to sources/sources.json · promotions, demotions, new candidates, and fetch-method / category / reliability / url corrections (the run record's sources_changed[]). Paginated; 10 per page.

No source-list edits recorded for this run.

Coverage gaps (this run)

Sources this run's brief needed that returned no usable content via any documented recipe. Bridge-recovered or quiet-day sources do NOT appear here. (Distinct from the independent source-accessibility probe at the foot of this section, which probes all active sources regardless of what any run needed.)

No coverage gaps in this run · every source the brief needed returned usable content via its documented recipe.

Bridge invocations (this run)

2 bridge calls this run · these are successful bridge fetches (separate from "Coverage gaps" above).

2 other
  • bridge:ncsc-csh ×1
  • bridge:databreaches-net ×1

Verification & coverage notes

The run record's narrative body, verbatim. This is where the run accounts for its own judgement calls — every borderline drop and judged-not-relevant item with its reason, dedup decisions, single-source items and their carve-outs, contradictions, and per-source coverage gaps — so nothing the run considered disappears silently.

Verification & coverage notesrun record body

2026-W22-da77963d · weekly · Claude Opus 4.8 · 32 entries published

  • [SINGLE-SOURCE] items carried into this summary: the Cisco Talos DICOM/Orthanc heap analysis (§ 4, single research-lab source — a technical study, not an incident claim); the Red Canary Entra Agent ID privilege-escalation detection (§ 2, single-vendor); Delta DIAView CVE-2026-9642 (§ 3 table / § 9, Tenable-only, no vendor patch). Each is attributed to its single source in place.
  • Reduced confidence / single-primary: the EU CRA milestone item (§ 8) rests on the European Commission implementation factpage as a single primary — the dates are authoritative but uncorroborated by a second source this run. The Check Point Q1 2026 ransomware figures (§ 6) are single-vendor leak-site telemetry; group-share and victim-count numbers are treated as directional landscape signal, not precise measurement, and no vanity metrics were carried into the prose.
  • Items dropped from this week's roll-up (cleared the daily bar, not the weekly W-PD-1 bar): the Underminr CDN domain-fronting research, Atos BYOVD-driver study, Google Cloud API-key deletion-latency, Tycoon 2FA AiTM detection-engineering, Lazarus RemotePE memory-only RAT, Wiz JINX-0164 crypto-targeting, and the SANS ISC Akira-from-syslog reconstruction were folded by reference or dropped — interesting in isolation but not inaction-=-incident / cross-day-pattern / strategic-horizon. The GitHub Enterprise SSRF (CVE-2026-9312) and the Rancher / Portainer / Veeam / GitLab patch clusters appear in the § 3 table without H3s (patched, no in-window exploitation). They may resurface if exploited.
  • Carry-forwards resolved this week: the W21 watch on the UNC6671/BlackFile rebrand (GTIG profile + "shutting down under this name", § 7), on Shai-Hulud wave-6 registries (npm @antv ecosystem confirmed hit; Maven Central exposure via mvnpm reported in secondary sourcing but not confirmed against a primary this run; Cargo status unverified, § 7), and on the SECO/MSS sanctions question (Switzerland deferred the MSS ban, § 8) are all closed. The GitHub internal-repo post-incident report remains outstanding and carries forward to W23.
  • Contradictions / open items: none unresolved this run. No European Commission interpretive guidance on the EU MSS-prohibition scope has been published, so a conservative reading stands (§ 8).
  • Sub-agents: both horizon sub-agents (W1 long-horizon, W2 policy) ran on Claude Sonnet 4.6 and returned within budget (W1 311s, W2 387s). Both were cut off at the very end of their runs before emitting their closing Markdown return; their findings were recovered intact from the committed work/2026-W22-da77963d/findings.W1.yaml / findings.W2.yaml, the agents' completion summaries, and the url-liveness.tsv ledger (every cited primary verified 200 OK). No candidate sources surfaced this run.
  • Verification iterations: 3 — iter-1 (Opus) NEEDS_FIXES (truth=3, editorial=1, advisory=1); iter-2 (Sonnet) NEEDS_FIXES (truth=4, editorial=1, advisory=1); iter-3 (Opus) CLEAN. Model rotation applied across iterations. Residuals: 0. Remediated across the loop: an unverified Maven/Cargo "confirmed" claim (downgraded to unconfirmed), an ENISA maturity-band miscategorisation, the Asocks name-attribution, the Samba config-dependence of both 10.0 paths, a CVE mislabel (CVE-2026-45585 is YellowKey, not MiniPlasma; MiniPlasma is CVE-2020-17103), the German-hackback per-agency overstatement, and an ESET "Sandworm vs NATO energy" overstatement (one rare Polish-energy incident).
  • Coverage gaps: databreaches-net (403 — transport, bridge-routed); sophos-xops (503); inside-it-ch (Cloudflare 403); cert-fr-actu (feed stalled); ec-presscorner (SPA, no static content); bmi-bund-de (bridge returned empty); enisa-nis360-pdf (full PDF not fetched — analysis page used instead); GovCERT.ch (no Shai-Hulud developer advisory exists — confirmed absent, not a fetch failure).

Migrated from briefs/weekly/2026-W22.md (v2).

← Operations dashboard · day page 2026-05-31 · run-record contract: docs/pipeline.md