ctipilot.ch

Calif / Codex security research (blog.calif.io)

calif-codex · B · active

https://blog.calif.io

researchvulnslang: enfailures: 0last fetch: 2026-07-13

2026-06-04: discovered as primary author of HTTP/2 Bomb CVE-2026-49975 (deep dive briefs/2026-06-04.md). AI-assisted vulnerability discovery, high technical depth. Candidate — promote to active after 3 runs with content contribution. | 2026-06-20 full audit (v2.62): live=Y, drill=Y. FETCH → rss: python3 tools/fetch_source.py feed https://blog.calif.io/feed 5 (Substack feed) then WebFetch the /p/{slug} article URL for the full writeup.. AVOID: WebFetch on the blog ROOT returns a Substack SPA/marketing shell with no articles — skip it, go straight to the feed. Per-article /p/{slug} pages DO render to WebFetch (substantive).. | 2026-07-05 admiralty audit: B — original primary CVE research, high technical depth; stays active. Use the Substack /feed then drill /p/<slug> (blog root is a marketing SPA). | 2026-07-12: added explicit rss_url https://blog.calif.io/feed (Substack feed) — two research sub-agents this run guessed /rss.xml and /rss/ (both 404/empty); the working feed path was documented in notes but not in a machine-readable rss_url field. Feed verified 200 with items (newest 2026-07-01). No content change to fetch_method (rss).

Cited in 2 entries

Citation cadence

Citation days per ISO week (4 weeks of coverage span, total 2).