Disclosure Outcomes: 2026-05-04 Bulk Send
NuClide Research · Public record of operator responses to the 2026-05-04 university-AI disclosure batch (36 emails) + adjacent disclosures from the same session.
Bulk send summary
- 36 disclosure emails sent via Gmail API from
nicholas@nuclide-research.com(OAuth at~/.config/nuclide/, scopegmail.send) - 44 unique recipients (To + Cc, including
abuse@<domain>belt-and-suspenders fanouts) - 0 syntax / MX errors at SMTP-accept time
- Wall time 4m 56s with 8s throttle between sends
- Result: 36/36 SMTP-accepted; downstream outcomes below
Confirmed remediations
✅ KTH Royal Institute of Technology (Sweden): both hosts nullrouted
Disclosure: disclosures/SE-KTH.md, 130.237.67.161 + 130.237.3.105 (Ollama + DeepSeek cloud proxies + abliterated Gemma model running as root)
Response from KTH IT-SOC (Patrik Lidehäll, it-soc@kth.se, ticket [#ID:KTH-INC-5245868#]):
Hello and thank you for your report!
Both hosts nullrouted.
Outcome: Both Ollama instances taken offline at the network layer. Cleanest possible remediation path, operator action verified by confirmation reply within hours of disclosure send.
✅ NCU / Chang Gung University / Oplentia: Aiden Assistant medical scheduler port-closed
Disclosure: disclosures/TW-ncu-aiden.md, 163.25.105.115 (Aiden Assistant production medical staff scheduling SaaS at Linkou Chang Gung Memorial Hospital, Pharmacy + Orthopedics)
Response chain:
- Disclosure forwarded by Janice Tsai (
janice.tsai@oplentia.com, Oplentia operator listed in the exposed Aiden system prompt) to 張人天 (Joe Chang,d000020231@cgu.edu.tw, Chang Gung University) at 09:28 UTC+8 - Reply from Joe Chang at 21:08 UTC+8:
We have investigated the matter and can confirm that the exposed port has been successfully closed, and the affected service is no longer accessible from the public network. Appropriate actions have been taken to prevent similar misconfigurations from occurring again.
Outcome: Port closed, production medical SaaS no longer publicly reachable. Operator coordination spanned: NCU (network owner) → Oplentia (product operator) → Chang Gung University (developer/research host). Clean cross-organization coordination.
Active engagement (in-progress)
🟡 UCSB AI Lab: Open WebUI auth-disabled (May 1 disclosure, May 4 response)
Disclosure: case-studies/universities/US/CA-ucsb.md (Open WebUI v0.8.12 with auth=false at 169.231.124.164)
Active handlers:
- Catherine Ullman, UB IT Security (initial misroute reply that caught our
suny-buffaloslug-to-domain bug) - bhavel, UCSB Security Operations (
security@ucsb.edu, ticketUCSB-OIT #1345064), actively coordinating with internal Larry / drjackson, MAT network team - Their internal escalation cited our four recommended actions verbatim (enable auth, restrict network, bind to localhost, review tool integrations)
Outcome: Multi-team internal coordination in flight. Functioning security-ops process at UCSB.
Auto-ticketed (intake confirmed, remediation TBD)
| Institution | Ticket | System | Notes |
|---|---|---|---|
| KTH (Sweden) | KTH-INC-5245868 | KTH IT-Support service desk | (also closed, see remediations above) |
| ITMO (Russia) | DIS-14972 | Jira Service Management | Both nicholas@nuclide-research.com and abuse@itmo.ru on the ticket |
| Syracuse (US) | POLVIOL-5952 (Policy Violations queue) + INFOSEC-10385 (InfoSec queue) | Jira Service Management ×2 | Two parallel queues triggered, Information Security Policy Violations queue + listserv DMARC handler routed to InfoSec queue |
| UC Davis (US) | INC2569169 | UC Davis Service Desk | nicholas@nuclide-research.com + abuse@ucdavis.edu both on the ticket |
Mailman moderator holds (likely positive: pending list moderator approval)
🟡 Newcastle Australia: 3 internal lists held for moderator approval
dts-cybersecurity@newcastle.edu.auauto-replied: deprecated, usecap-d-core-technology@newcastle.edu.auit-ops@mailman.newcastle.edu.au, moderator hold (“not from a list member”)networks@mailman.newcastle.edu.au, moderator hold (“implicit destination”)
Newcastle has the disclosure visibility through three internal channels concurrently. List moderators will approve or escalate; remediation outcome pending. Action item: resend to the new cap-d-core-technology@ address per the deprecated-address auto-response.
Misroutes (operator caught our pipeline bug)
⚠️ SUNY Buffalo State University → University at Buffalo (slug-resolution bug)
Disclosure: disclosures/US-NY-suny-buffalo.md, case study correctly identifies OrgName=SUNY Buffalo State University (NetName SUCBUFFALO from ARIN WHOIS for 136.183.56.88), but gen_emails.py slug-to-domain resolver mapped suny-buffalo → buffalo.edu (University at Buffalo, a separate SUNY institution).
Response from UB IT Security (Catherine Ullman, cende@buffalo.edu):
As I responded to you already, this IP does not belong to the University at Buffalo but to Buffalo State University.
Pipeline-bug filed: see feedback_disclosure_contact_resolver memory + SESSION.md session 7 next-moves. The fix is WHOIS-driven to: derivation from OrgName/NetName/OrgAbuseEmail rather than slug-string heuristics.
Outcome: UB action: noted (not their network). Buffalo State action: pending re-route to the registered abuse contact killiatd@buffalostate.edu (Thomas Daniel Killian, ARIN OrgAbuseEmail).
Hard dead-letters (no human reach)
| Slug | Recipient | Failure mode |
|---|---|---|
| PK-comsats | security@comsats.edu.pk + abuse@comsats.edu.pk | Both rejected 554 5.4.14 hop-count exceeded, Microsoft 365 mail-loop misconfig at pern.onmicrosoft.com |
| TW-fju-medph | security@fju.edu.tw + abuse@fju.edu.tw | Both rejected 550 Relaying mail to ... is not allowed, server misconfig |
| AM-armenian-academy | ipia@ipia.sci.am | Forwarded to iiap.sci.am where local-part ipia is user-unknown; abuse@sci.am unverified |
| VN-vnu-hanoi | security@vnu.edu.vn | 550 5.1.1 user-unknown (Gmail-hosted); abuse@vnu.edu.vn status unconfirmed |
| BR-cefet-rj (CC only) | abuse@cefet-rj.br | 550 5.4.1 access denied; primary dtinf@cefet-rj.br accepted at SMTP |
Action item: all five need alternate-contact research via the planned nuclide-contact tool (WHOIS abuse + DNS SOA + security.txt + FIRST.org CSIRT directory + REN-ISAC + pattern-guess+MX). Re-route + resend pending.
Adjacent disclosures (same session, different threads)
Elastic Information Security: SEC0006144 (re: tweet-optimize.com Milvus finding)
Elastic auto-redirected to their HackerOne program. Per their own VDP: “Security issues in third party systems… fall outside this policy.” Operator misconfig of Milvus (third-party, not Elastic product), out of scope. Logged in case-studies/commercial/disclosure/tweet-optimize-2026-05-03-log.md. Closed on our side; no resubmission warranted.
tweet-optimize.com / OnlyFans Milvus (May 3 disclosure, May 4 24h re-probe)
Exposure remained live at the 24h re-probe checkpoint. Counts unchanged at 897,111 onlyfans + 313,066 psos face embeddings. Disclosed to operator + Fenix International / OnlyFans + Hetzner abuse + Finnish Data Protection Ombudsman. Tracking continues per case-studies/commercial/disclosure/tweet-optimize-2026-05-03-log.md.
Aggregate
| Outcome class | Count | % of 36 |
|---|---|---|
| ✅ Confirmed remediation (port closed / nullroute) | 2 (KTH, NCU/Aiden) | 5.6% |
| 🟡 Active human engagement | 1 (UCSB) | 2.8% |
| 🎫 Auto-ticketed (institutional intake) | 4 (KTH, ITMO, Syracuse ×2 queues, UC Davis) | 11.1% |
| 🟡 Mailman moderator hold (likely positive) | 1 (Newcastle, 3 lists) | 2.8% |
| ⚠️ Misroute caught by operator | 1 (Buffalo State / UB) | 2.8% |
| ❌ Hard dead-letter | 4 (COMSATS, FJU, IIAP Armenia, VNU Hanoi) | 11.1% |
| ⏳ No reply yet (window still open) | 23 | 63.9% |
Headline metric: 2 confirmed remediations within hours of bulk send (KTH + NCU). The remaining institutions with auto-tickets are tracking through their internal processes; long-tail responses expected over 7-30 days.
Disclosure-pipeline lessons learned (filed as memory entries):
- WHOIS-driven contact resolution is non-negotiable; slug-string heuristics caused the Buffalo State misroute → memory:
feedback_disclosure_contact_resolver - Gmail-API + OAuth (
gmail.sendscope) is the canonical send path; Workspace admin disabled app-passwords ruled out the SMTP path → memory:project_disclosure_send_pipeline - 4 hard dead-letters per 36 sends = ~11% bounce-or-misconfigured rate; argues for the planned
nuclide-contacttool to chain WHOIS + DNS SOA + security.txt + FIRST.org CSIRT before any disclosure batch
See also
SE-KTH.md,TW-ncu-aiden.md, disclosure drafts that landedbuild_gmail_drafts.py,send_drafts_api.py, pipeline tools_sent.json, sent-state record (36 slugs)~/AI-LLM-Infrastructure-OSINT/SESSION.md, session 7 + 8 narrative