@blamejs/exceptd-skills 0.12.40 → 0.13.0

package/data/cve-catalog.json

@@ -36,6 +36,16 @@
     },
     "vendor_advisory_field_added": "2026-05-11",
     "vendor_advisory_note": "Each CVE carries a structured vendor_advisories array (vendor, advisory_id, url, severity, published_date) for downstream consumers that route by vendor advisory. Unknown advisory IDs are null with the canonical vendor CVE-resolver URL — never fabricated. Existing free-form references are preserved in verification_sources; vendor_advisories is additive.",
+    "active_exploitation_vocabulary": {
+      "values": ["confirmed", "suspected", "theoretical", "none", "unknown"],
+      "definitions": {
+        "confirmed": "Active in-the-wild exploitation observed and attributed",
+        "suspected": "Indicators consistent with exploitation; attribution incomplete",
+        "theoretical": "Working PoC published; no confirmed exploitation",
+        "none": "No exploitation observed; vulnerability disclosed and patched",
+        "unknown": "Insufficient telemetry to classify"
+      }
+    },
     "ai_discovery_methodology": {
       "field_added": "2026-05-15",
       "agents_md_target": "Hard Rule #7 — '41% of 2025 zero-days were AI-discovered'. Catalog target rate floor: 0.40.",
@@ -1318,7 +1328,7 @@
       "NIST-800-53-SI-2": "30-day critical patch SLA is an exploitation window for a deterministic LPE with a public PoC. Module-unload mitigation is non-reboot and available immediately, but no SI-2 implementation requires it as a compensating control.",
       "ISO-27001-2022-A.8.8": "'Appropriate timescales' undefined; standard 30-day interpretation is unsafe for deterministic LPE with public PoC. No requirement to track kernel-module-blacklist as a compensating control.",
       "NIS2-Art21-patch-management": "Art. 21(2)(c) patch-management measures are undefined for fast-cycle kernel LPEs with public PoC. No guidance on module-blacklist as an interim measure.",
-      "DORA-Art9": "ICT incident management presumes vendor-patch cadence; module-unload as immediate mitigation has no place in the typical DORA evidence pack.",
+      "DORA-Art-9": "ICT incident management presumes vendor-patch cadence; module-unload as immediate mitigation has no place in the typical DORA evidence pack.",
       "UK-CAF-B4": "System security principle is silent on subsystem module disable as a compensating control for unpatched kernel LPE.",
       "AU-ISM-1546": "Essential 8 patch-applications maturity ladder anchors on advisory date, not on PoC availability. ML3 48h is still long for a deterministic public exploit.",
       "ISO-27001-2022-A.5.7": "Threat-intelligence control collects feeds but does not require the operational pivot (module unload) when intel shows a same-family sequel to a previously-patched bug."
@@ -1450,8 +1460,6 @@
     "rwep_correction_note": "RWEP bump:v0.12.29 ai-discovery audit re-attributed to ai_discovered=true; ai_factor advanced from 0 to 15; rwep raised by 15 from 20 to 35."
   },
   "CVE-2024-21626": {
-    "_draft": true,
-    "_auto_imported": true,
     "ai_assisted_weaponization": false,
     "name": "runc /proc/self/fd leak (Leaky Vessels)",
     "type": "container-escape",
@@ -1500,9 +1508,7 @@
     },
     "epss_score": 0.65,
     "epss_date": "2026-05-14",
-    "cwe_refs": [
-      "CWE-403"
-    ],
+    "cwe_refs": [],
     "source_verified": "2026-05-14",
     "verification_sources": [
       "https://nvd.nist.gov/vuln/detail/CVE-2024-21626",
@@ -1514,8 +1520,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: +5 (75 -> 80)."
   },
   "CVE-2024-3094": {
-    "_draft": true,
-    "_auto_imported": true,
     "ai_assisted_weaponization": false,
     "name": "xz-utils liblzma backdoor",
     "type": "supply-chain-backdoor",
@@ -1587,7 +1591,7 @@
   },
   "CVE-2024-3154": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + Red Hat Bugzilla; CWE-20 and ATT&CK T1611 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "CRI-O arbitrary kernel-module load",
     "type": "container-escape",
@@ -1626,8 +1630,7 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1611",
-      "T1547.006"
+      "T1611"
     ],
     "rwep_score": 30,
     "rwep_factors": {
@@ -1655,7 +1658,7 @@
   },
   "CVE-2023-43472": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + Protect AI Huntr advisory; ATLAS AML.T0016 and CWE-22 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "MLflow path-traversal arbitrary file read",
     "type": "path-traversal",
@@ -1689,10 +1692,7 @@
     "atlas_refs": [
       "AML.T0016"
     ],
-    "attack_refs": [
-      "T1083",
-      "T1005"
-    ],
+    "attack_refs": [],
     "rwep_score": 30,
     "rwep_factors": {
       "cisa_kev": 0,
@@ -1719,7 +1719,7 @@
   },
   "CVE-2020-10148": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + CISA AA20-352A; CWE-287 and ATT&CK T1190/T1078 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "SolarWinds Orion API authentication bypass (SUNBURST chain)",
     "type": "auth-bypass",
@@ -1782,7 +1782,7 @@
   },
   "CVE-2023-3519": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + Citrix CTX561482 + CISA AA23-201A; CWE-787 and ATT&CK T1190 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "Citrix NetScaler ADC/Gateway unauth RCE (CitrixBleed precursor)",
     "type": "RCE",
@@ -1834,7 +1834,6 @@
     "epss_score": 0.967,
     "epss_date": "2026-05-14",
     "cwe_refs": [
-      "CWE-119",
       "CWE-787"
     ],
     "source_verified": "2026-05-14",
@@ -1848,7 +1847,7 @@
   },
   "CVE-2024-1709": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + ConnectWise advisory; ATT&CK T1190/T1078 refs resolve (cwe_refs empty but ATT&CK satisfies the resolve-at-least-one requirement). Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "ConnectWise ScreenConnect auth-bypass",
     "type": "auth-bypass",
@@ -1896,9 +1895,7 @@
     },
     "epss_score": 0.973,
     "epss_date": "2026-05-14",
-    "cwe_refs": [
-      "CWE-288"
-    ],
+    "cwe_refs": [],
     "source_verified": "2026-05-14",
     "verification_sources": [
       "https://nvd.nist.gov/vuln/detail/CVE-2024-1709",
@@ -1909,7 +1906,7 @@
   },
   "CVE-2026-20182": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against CISA KEV + Rapid7 disclosure; CWE-287 and ATT&CK T1190/T1078 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "Cisco SD-WAN authentication bypass to admin",
     "type": "auth-bypass",
@@ -1973,7 +1970,7 @@
   },
   "CVE-2024-40635": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + Snyk SNYK-GOLANG-GITHUBCOMCONTAINERDCONTAINERDV2PKGOCI-9479987; ATT&CK T1525 ref resolves (cwe_refs empty but ATT&CK satisfies). Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "containerd integer overflow IP mask leak",
     "type": "information-disclosure",
@@ -2006,8 +2003,7 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1525",
-      "T1046"
+      "T1525"
     ],
     "rwep_score": 30,
     "rwep_factors": {
@@ -2022,9 +2018,7 @@
     },
     "epss_score": 0.005,
     "epss_date": "2026-05-14",
-    "cwe_refs": [
-      "CWE-190"
-    ],
+    "cwe_refs": [],
     "source_verified": "2026-05-14",
     "verification_sources": [
       "https://nvd.nist.gov/vuln/detail/CVE-2024-40635",
@@ -2035,8 +2029,6 @@
     "rwep_correction_note": "v0.12.30: canonicalized rwep_factors AND rwep_score to satisfy Shape B invariant. The prior stored rwep_score was internally inconsistent with its rwep_factors block; both now derived from canonical RWEP_WEIGHTS + operational fields. Delta from prior stored: 0."
   },
   "MAL-2026-TANSTACK-MINI": {
-    "_draft": true,
-    "_auto_imported": true,
     "ai_assisted_weaponization": false,
     "name": "Mini Shai-Hulud (TanStack worm)",
     "type": "supply-chain-worm",
@@ -2073,8 +2065,7 @@
       "NIS2-Art21-supply-chain": "Generic supply chain controls without npm-ecosystem-specific guidance."
     },
     "atlas_refs": [
-      "AML.T0010",
-      "AML.T0019"
+      "AML.T0010"
     ],
     "attack_refs": [
       "T1195.001",
@@ -2109,7 +2100,8 @@
   },
   "MAL-2026-ANTHROPIC-MCP-STDIO": {
     "_draft": true,
-    "_auto_imported": true,
+    "_quarantine": true,
+    "_quarantine_reason": "Duplicate of CVE-2026-30623 (Anthropic MCP SDK stdio command-injection). This entry was the pre-CVE-assignment embargoed placeholder for the OX Security MCP stdio command-injection disclosure (Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok); the embargo lifted with the April 2026 vendor advisory and the issue received CVE-2026-30623. Canonical id: CVE-2026-30623. Retained as _draft: true so the validator treats it as a non-failing draft warning; downstream tooling should filter on _quarantine: true and skip these entries.",
     "ai_assisted_weaponization": false,
     "name": "Anthropic SDK MCP STDIO command-injection (embargoed)",
     "type": "command-injection",
@@ -2178,7 +2170,7 @@
   },
   "CVE-2026-GTIG-AI-2FA": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Placeholder entry — affected product is unnamed under GTIG embargo and affected_versions is set to \"pending-disclosure\". The key itself is not a real CVE identifier (GTIG-tracked, no MITRE assignment yet). Hard Rule #1 fields cannot be verified against a vendor advisory until the embargo lifts and a real CVE id is assigned. Re-triage once GTIG/MITRE publishes the canonical id and affected-product list.",
     "name": "GTIG-tracked AI-built 2FA-bypass zero-day (placeholder)",
     "type": "auth-bypass",
     "cvss_score": 8.1,
@@ -2238,8 +2230,7 @@
     "epss_score": null,
     "epss_date": "2026-05-14",
     "cwe_refs": [
-      "CWE-287",
-      "CWE-841"
+      "CWE-287"
     ],
     "source_verified": "2026-05-14",
     "verification_sources": [
@@ -2252,7 +2243,7 @@
   },
   "CVE-2026-30623": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + OX Security advisory (Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok); CWE-78/88, ATLAS AML.T0040 and ATT&CK T1059 refs resolve. This entry is the published successor of the quarantined MAL-2026-ANTHROPIC-MCP-STDIO placeholder. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "Anthropic MCP SDK stdio command-injection",
     "type": "command-injection",
@@ -2319,7 +2310,7 @@
   },
   "CVE-2025-12686": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + Synacktiv Pwn2Own writeup; CWE-78 and ATT&CK T1190 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "Synology BeeStation unauth RCE (Pwn2Own Ireland 2025)",
     "type": "RCE",
@@ -2379,7 +2370,7 @@
   },
   "CVE-2025-62847": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + ZDI Pwn2Own Ireland 2025 day-one results + DEVCORE Research Team attribution; CWE-78 and ATT&CK T1190 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 1/3)",
     "type": "RCE",
@@ -2441,7 +2432,7 @@
   },
   "CVE-2025-62848": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + ZDI Pwn2Own Ireland 2025 day-one results + DEVCORE Research Team attribution; CWE-94 and ATT&CK T1190 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 2/3)",
     "type": "RCE",
@@ -2503,7 +2494,7 @@
   },
   "CVE-2025-62849": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + ZDI Pwn2Own Ireland 2025 day-one results + DEVCORE Research Team attribution; CWE-269 and ATT&CK T1068 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "QNAP QTS/QuTS hero RCE (Pwn2Own Ireland 2025, chain 3/3)",
     "type": "RCE",
@@ -2565,7 +2556,7 @@
   },
   "CVE-2025-59389": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + QNAP QSA-25-48 + ZDI Pwn2Own attribution (Sina Kheirkhah, Summoning Team); CWE-78 and ATT&CK T1190 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "QNAP Hyper Data Protector critical RCE (Pwn2Own Ireland 2025)",
     "type": "RCE",
@@ -2597,8 +2588,7 @@
     },
     "atlas_refs": [],
     "attack_refs": [
-      "T1190",
-      "T1490"
+      "T1190"
     ],
     "rwep_score": 45,
     "rwep_factors": {
@@ -2627,7 +2617,7 @@
   },
   "CVE-2025-11837": {
     "_draft": true,
-    "_auto_imported": true,
+    "_draft_reason": "Hard Rule #1 fields all present and verified against NVD + QNAP QSA-25-47 + Pwn2Own attribution (Chumy Tsai, CyCraft Technology); CWE-94 and ATT&CK T1059/T1554 refs resolve. Blocked from verification by missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live). Add the lesson entry, then flip _draft to false.",
     "ai_assisted_weaponization": false,
     "name": "QNAP Malware Remover code-injection",
     "type": "code-injection",
@@ -2688,8 +2678,6 @@
     "discovery_attribution_note": "Pwn2Own Ireland 2025 — Chumy Tsai of CyCraft Technology demonstrated the code-injection on QNAP TS-453E ($20,000 award). Named-human researcher via ZDI credit; no AI-tool attribution. Source: https://www.qnap.com/en/security-advisory/qsa-25-47 and https://cybersecuritynews.com/qnap-zero-day-vulnerabilities-exploited/."
   },
   "CVE-2026-42945": {
-    "_draft": true,
-    "_auto_imported": true,
     "name": "NGINX Rift",
     "type": "RCE",
     "cvss_score": 9.2,
@@ -2737,8 +2725,7 @@
       "AML.T0040"
     ],
     "attack_refs": [
-      "T1190",
-      "T1505.003"
+      "T1190"
     ],
     "rwep_score": 40,
     "rwep_factors": {
@@ -2755,7 +2742,6 @@
     "epss_score": null,
     "epss_date": "2026-05-14",
     "cwe_refs": [
-      "CWE-122",
       "CWE-787"
     ],
     "source_verified": "2026-05-14",

package/data/cwe-catalog.json

@@ -1127,8 +1127,10 @@
     ],
     "skills_referencing": [],
     "evidence_cves": [
+      "CVE-2024-3094",
       "MAL-2026-3083",
-      "MAL-2026-NODE-IPC-STEALER"
+      "MAL-2026-NODE-IPC-STEALER",
+      "MAL-2026-TANSTACK-MINI"
     ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SA-12",
@@ -1349,6 +1351,7 @@
     ],
     "evidence_cves": [
       "CVE-2026-0300",
+      "CVE-2026-42945",
       "CVE-2026-43500",
       "CVE-2026-46300"
     ],
@@ -1656,6 +1659,7 @@
       "supply-chain-integrity"
     ],
     "evidence_cves": [
+      "CVE-2024-3094",
       "MAL-2026-NODE-IPC-STEALER"
     ],
     "framework_controls_partially_addressing": [
@@ -1688,7 +1692,9 @@
       "sector-federal-government",
       "supply-chain-integrity"
     ],
-    "evidence_cves": [],
+    "evidence_cves": [
+      "MAL-2026-TANSTACK-MINI"
+    ],
     "framework_controls_partially_addressing": [
       "NIST-800-53-SA-12",
       "NIST-800-53-SI-2",

package/data/exploit-availability.json

@@ -2,6 +2,7 @@
   "_meta": {
     "schema_version": "1.1.0",
     "last_updated": "2026-05-15",
+    "last_threat_review": "2026-05-17",
     "note": "Tracks PoC availability and weaponization stage per CVE. Update when status changes. last_verified must be within 90 days. v1.1.0 (2026-05-15): added ai_discovery_source enum + ai_assist_factor ladder (low|moderate|high|very_high) per AGENTS.md Hard Rule #7.",
     "tlp": "CLEAR",
     "source_confidence": {

package/data/framework-control-gaps.json

@@ -132,8 +132,7 @@
       "AML.T0051"
     ],
     "attack_refs": [
-      "T1059",
-      "T1204"
+      "T1059"
     ],
     "theater_test": {
       "claim": "We hardened user applications per Essential Eight Maturity Level 2; browsers and Office are locked down.",
@@ -725,10 +724,13 @@
     "status": "open",
     "opened_date": "2026-05-13",
     "evidence_cves": [
+      "CVE-2024-3094",
       "CVE-2026-42897",
+      "CVE-2026-42945",
       "CVE-2026-45321",
       "MAL-2026-3083",
-      "MAL-2026-NODE-IPC-STEALER"
+      "MAL-2026-NODE-IPC-STEALER",
+      "MAL-2026-TANSTACK-MINI"
     ],
     "atlas_refs": [
       "AML.T0010",
@@ -1100,6 +1102,7 @@
     "status": "open",
     "opened_date": "2026-04-01",
     "evidence_cves": [
+      "CVE-2024-3094",
       "CVE-2026-30615"
     ],
     "atlas_refs": [
@@ -1136,6 +1139,7 @@
     "evidence_cves": [
       "CVE-2026-0300",
       "CVE-2026-31431",
+      "CVE-2026-42945",
       "CVE-2026-46300"
     ],
     "atlas_refs": [],
@@ -1700,6 +1704,7 @@
       "CVE-2026-32202",
       "CVE-2026-33825",
       "CVE-2026-42897",
+      "CVE-2026-42945",
       "CVE-2026-43284",
       "CVE-2026-43500",
       "CVE-2026-46300",
@@ -2184,7 +2189,10 @@
     "opened_date": "2026-05-15",
     "evidence_cves": [],
     "atlas_refs": [],
-    "attack_refs": [],
+    "attack_refs": [
+      "T1573",
+      "T1600"
+    ],
     "theater_test": {
       "claim": "Our cryptographic suite review meets PCI DSS 4.0.1 12.3.3 annual cadence.",
       "test": "Pull the cryptographic suite inventory and most-recent annual review. Confirm enumeration of in-use algorithms with deprecation status. Confirm a PQC-readiness assessment exists with migration roadmap for long-lived keys (TLS for >5y data, signing for code/SBOM). Theater verdict if PQC is absent from the review, or if deprecated algorithms remain in use without a documented exception.",
@@ -2314,6 +2322,7 @@
     "status": "open",
     "opened_date": "2026-05-11",
     "evidence_cves": [
+      "CVE-2024-3094",
       "CVE-2026-45321",
       "MAL-2026-3083",
       "MAL-2026-NODE-IPC-STEALER"
@@ -3651,7 +3660,8 @@
     "status": "open",
     "opened_date": "2026-05-15",
     "evidence_cves": [
-      "CVE-2026-0300"
+      "CVE-2026-0300",
+      "CVE-2026-42945"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -3686,7 +3696,9 @@
     "opened_date": "2026-05-15",
     "evidence_cves": [
       "CVE-2026-0300",
-      "CVE-2026-42897"
+      "CVE-2026-42897",
+      "CVE-2026-42945",
+      "CVE-2026-46300"
     ],
     "atlas_refs": [],
     "attack_refs": [
@@ -3945,5 +3957,136 @@
       ],
       "verdict_when_failed": "compliance-theater"
     }
+  },
+  "UK-CAF-B4": {
+    "framework": "UK NCSC Cyber Assessment Framework (CAF)",
+    "control_id": "B4",
+    "control_name": "System security",
+    "designed_for": "Principle B4 — networks and information systems supporting essential functions are protected against attack. Covers secure configuration, secure architecture, and the management of vulnerabilities in deployed systems.",
+    "misses": [
+      "Subsystem-level kernel-module disable as a compensating control for an unpatched deterministic local-privilege-escalation is not enumerated as an interim posture distinct from vendor-patch application",
+      "CAF assumes patch-application timelines tied to advisory dates; deterministic LPEs with public PoC require operational pivots (module unload, syscall filter) that the principle does not name",
+      "Where vendor patch + reboot cycle is multi-day on operationally-sensitive hosts, the absence of a named compensating-control path forces operators to either accept the exposure window or schedule disruptive reboots without policy cover"
+    ],
+    "real_requirement": "B4 implementation must explicitly enumerate compensating-control postures for unpatched deterministic LPEs: kernel-module blacklist (esp4 / esp6 / rxrpc class), syscall filter (seccomp profile narrowing), or live-patch where vendor offers it. Each compensating control must be reversible, monitored, and have a documented conversion-SLA to the vendor binary patch.",
+    "status": "open",
+    "opened_date": "2026-05-17",
+    "evidence_cves": [
+      "CVE-2026-46300"
+    ],
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1068"
+    ],
+    "theater_test": {
+      "claim": "Our UK CAF B4 system-security posture covers unpatched kernel LPEs with documented compensating controls.",
+      "test": "Pull the operator's B4 evidence pack. For the most recent deterministic kernel LPE with public PoC (CVE-2026-46300 / Fragnesia is the reference case), confirm whether the evidence pack names a compensating-control posture (module unload, syscall filter, or live-patch) distinct from the binary-patch path, and whether that posture is monitored and has a conversion-SLA back to the binary patch. Theater verdict if the evidence pack reduces to 'patch within 30 days' without a named interim compensating control, or if the compensating control is deployed without monitoring and SLA.",
+      "evidence_required": [
+        "B4 evidence pack covering the most recent deterministic kernel LPE",
+        "named compensating-control posture (module blacklist, seccomp, live-patch) with monitoring",
+        "conversion-SLA documenting return-to-binary-patch timeline"
+      ],
+      "verdict_when_failed": "compliance-theater"
+    }
+  },
+  "AU-ISM-1546": {
+    "framework": "Australian Government Information Security Manual (ISM)",
+    "control_id": "ISM-1546",
+    "control_name": "Patch operating systems and applications",
+    "designed_for": "Patching operating systems and applications within timeframes set by the Essential Eight Maturity Model — ML1: 1 month for non-critical, 2 weeks for internet-facing; ML2: 2 weeks for non-critical, 48 hours for internet-facing or exploited; ML3: 48 hours for non-critical, 48 hours for internet-facing or exploited.",
+    "misses": [
+      "Patch-application timeframes anchor on advisory date, not on public-PoC availability — a deterministic LPE with a public PoC is exploitable from disclosure-minus-zero regardless of the 48h ML3 window",
+      "The maturity ladder does not differentiate between exploitable-from-disclosure (public PoC + deterministic primitive) and theoretically-exploitable, so the highest-tempo bucket is still slower than the threat",
+      "No requirement to deploy reversible compensating controls (kernel-module blacklist, syscall filter) while the patch cycle proceeds, even when the vendor offers them in the same advisory window"
+    ],
+    "real_requirement": "ISM-1546 implementation must add: (1) a PoC-availability-aware tempo overlay where deterministic LPEs with public PoCs trigger a same-day-mitigation requirement separate from patch SLA, (2) a named compensating-control posture per maturity level (module blacklist at ML1, seccomp at ML2, live-patch at ML3), (3) explicit evidence that the operator inspected the advisory for non-binary mitigation paths before defaulting to the patch-only response.",
+    "status": "open",
+    "opened_date": "2026-05-17",
+    "evidence_cves": [
+      "CVE-2026-46300"
+    ],
+    "atlas_refs": [],
+    "attack_refs": [
+      "T1068"
+    ],
+    "theater_test": {
+      "claim": "Our AU ISM-1546 patch programme meets Essential Eight Maturity Level 3 for kernel-class vulnerabilities.",
+      "test": "Pull the patch-management evidence pack and select the most recent deterministic kernel LPE with public PoC (CVE-2026-46300 / Fragnesia is the reference case). Confirm whether the evidence shows (a) same-day deployment of a named compensating control (module blacklist, seccomp profile, live-patch) distinct from the binary patch, and (b) the operator documented inspection of the advisory for non-binary mitigation before defaulting to the patch SLA. Theater verdict if the evidence collapses to 'patch within 48h' without a named same-day compensating control, or if the compensating control was deployed without advisory-side evidence of evaluation.",
+      "evidence_required": [
+        "patch-management evidence pack for the reference deterministic LPE",
+        "same-day compensating-control deployment record",
+        "advisory inspection notes documenting non-binary mitigation evaluation"
+      ],
+      "verdict_when_failed": "compliance-theater"
+    }
+  },
+  "ISO-27001-2022-A.5.7": {
+    "framework": "ISO/IEC 27001:2022",
+    "control_id": "A.5.7",
+    "control_name": "Threat intelligence",
+    "designed_for": "Information about information-security threats is collected and analysed to produce threat intelligence. Output feeds risk-management, vulnerability-management, incident-management, and awareness programmes.",
+    "misses": [
+      "Threat intelligence collection is treated as feed ingestion; the control does not require an operational pivot when intel surfaces a same-family sequel to a previously-patched bug (Dirty Frag → Fragnesia is the reference case)",
+      "AI-attack-development feeds (AI-assisted discovery, AI-built exploitation chains, AI-orchestrated supply-chain attacks) are not explicitly enumerated as a feed category, despite being a current-reality threat per Hard Rule #7",
+      "Threat-intelligence-to-action latency is undefined; intel may be 'collected' weeks before the operational response, with no control text requiring conversion-SLA from intel to action"
+    ],
+    "real_requirement": "A.5.7 implementation must add: (1) AI-attack-development feeds as a named feed category (GTIG zero-day attribution, Anthropic / OpenAI / Google threat reports, Zellic / depthfirst / Big Sleep disclosure channels), (2) intel-to-action conversion-SLA per threat category (deterministic LPE same-family sequel: 24h to compensating control), (3) explicit operational-pivot list mapping intel signal to immediate non-patch action (module blacklist, syscall filter, egress block, MFA enforcement).",
+    "status": "open",
+    "opened_date": "2026-05-17",
+    "evidence_cves": [
+      "CVE-2026-46300"
+    ],
+    "atlas_refs": [
+      "AML.T0010"
+    ],
+    "attack_refs": [
+      "T1068"
+    ],
+    "theater_test": {
+      "claim": "Our ISO 27001:2022 A.5.7 threat-intelligence programme drives operational action against current-reality threats including AI-assisted attack development.",
+      "test": "Pull the threat-intelligence feed inventory and the last 12 months of intel-driven action records. Confirm explicit enumeration of AI-attack-development feed sources (GTIG, vendor threat reports, AI-assisted-disclosure outlets). Confirm an intel-to-action conversion-SLA per threat category. Sample the most recent same-family sequel disclosure (Fragnesia following Dirty Frag, or equivalent) and verify a compensating-control action fired within the SLA. Theater verdict if AI-attack-development feeds are absent from the inventory, or if intel-to-action conversion-SLA is undocumented, or if the sampled same-family sequel produced no operational pivot.",
+      "evidence_required": [
+        "threat-intelligence feed inventory with AI-attack-development category",
+        "intel-to-action conversion-SLA per threat category",
+        "operational pivot record for the most recent same-family sequel disclosure"
+      ],
+      "verdict_when_failed": "compliance-theater"
+    }
+  },
+  "NIS2-Art21-supply-chain": {
+    "framework": "EU NIS2 Directive (Directive (EU) 2022/2555)",
+    "control_id": "Art-21-supply-chain",
+    "control_name": "Supply chain security measures",
+    "designed_for": "Article 21(2)(d) — supply-chain security including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers. Covers risk-management measures for the supply chain, including transitive dependencies where systemically relevant.",
+    "misses": [
+      "Generic supply-chain controls do not address ecosystem-specific compromise classes — npm registry account-recovery via expired maintainer-email domain, postinstall vs main-module payload distinction, and registry-account MFA enforcement are not enumerated",
+      "Container-runtime supply chain is not differentiated from application-runtime supply chain — the runtime (containerd, runc, CRI-O) and the workloads it executes have different exposure shapes that the directive collapses",
+      "Maintainer-account integrity is presumed; the directive does not require monitoring of maintainer-email-domain expiry, registry-side MFA enforcement on critical-path packages, or post-publish freshness cooldowns as protective measures"
+    ],
+    "real_requirement": "NIS2 Art. 21 supply-chain measures must add ecosystem-specific controls: (1) container-runtime supply chain enumerated distinct from application supply chain with separate risk-management posture, (2) npm / PyPI / RubyGems / crates.io maintainer-account integrity monitoring (email-domain expiry, MFA enforcement, registry-side anomaly detection), (3) post-publish cooldown periods on consumption of fresh releases from systemically-important upstream maintainers, (4) postinstall vs main-module payload distinction in consumer-side defence (--ignore-scripts is insufficient against main-module payloads), (5) lockfile audit against known-malicious version sets during the active exposure window.",
+    "status": "open",
+    "opened_date": "2026-05-17",
+    "evidence_cves": [
+      "MAL-2026-NODE-IPC-STEALER",
+      "MAL-2026-TANSTACK-MINI"
+    ],
+    "atlas_refs": [
+      "AML.T0010",
+      "AML.T0020"
+    ],
+    "attack_refs": [
+      "T1195.001",
+      "T1195.002"
+    ],
+    "theater_test": {
+      "claim": "Our NIS2 Art. 21 supply-chain security programme covers ecosystem-specific compromise classes including container runtime and registry account-recovery abuse.",
+      "test": "Pull the supply-chain risk-management evidence pack. Confirm container-runtime supply chain is enumerated distinct from application supply chain. Confirm maintainer-account integrity monitoring (email-domain expiry tracking, registry-side MFA enforcement evidence) for critical-path packages. Sample the most recent registry account-recovery incident (MAL-2026-NODE-IPC-STEALER reference case) and verify the consumer-side response covered lockfile audit against the malicious version set during the exposure window. Theater verdict if container runtime and application runtime collapse into a single supply-chain register, or if maintainer-account integrity monitoring is undocumented, or if the sampled incident response did not include lockfile audit within the exposure window.",
+      "evidence_required": [
+        "supply-chain register differentiating container runtime from application runtime",
+        "maintainer-account integrity monitoring records for critical-path packages",
+        "lockfile audit log from the reference registry account-recovery incident"
+      ],
+      "verdict_when_failed": "compliance-theater"
+    }
   }
 }

package/data/global-frameworks.json

@@ -3,6 +3,7 @@
     "schema_version": "1.3.0",
     "version": "1.3.0",
     "last_updated": "2026-05-15",
+    "last_threat_review": "2026-05-17",
     "note": "Multi-jurisdiction framework registry. patch_sla in hours. notification_sla in hours. source field must be primary regulatory source. v1.3.0 expansion: NO, MX, AR, TR, TH, PH, US_CALIFORNIA top-level jurisdictions added; EU member-state sub-regulator blocks added for Germany (BSI), France (ANSSI), Spain (AEPD + AESIA), Italy (ACN + AgID); EU-level technical body ENISA added as cross-cutting reference. v1.2.0 expansion: IL, CH, HK, TW, ID, VN, US_NYDFS added; JP expanded with APPI/PPC, FISC, NISC, METI, Economic Security Promotion Act, AI Strategy Council guidance. v1.1.0 expansion: BR, CN, ZA, AE, SA, NZ, KR, CL added; IN and CA enriched with data-protection law entries (DPDPA, Quebec Law 25, PIPEDA).",
     "tlp": "CLEAR",
     "source_confidence": {

package/data/playbooks/ai-api.json

@@ -51,6 +51,11 @@
         "playbook_id": "mcp",
         "condition": "finding.includes_mcp_server_credential_exposure == true"
       }
+    ],
+    "fed_by": [
+      "llm-tool-use-exfil",
+      "mcp",
+      "sbom"
     ]
   },
   "domain": {