Bitso described another suspected North Korean Chollima job applicant who attempted to interview for an engineering role under the claimed identity of Camilo Andrés Pantoja from Colombia. During the call, a Canary Token link exposed that the applicant connected from a residential Bogotá IP address rather than the VPNs, VPS infrastructure, or proxy paths commonly associated with this activity. The report assesses that the connection may indicate either a residential proxy not yet labeled as such or local facilitation through a Colombian network and device access. Bitso also notes interview behaviors consistent with AI-assisted response tools and separately details an AI-powered malicious redirect network abusing domains resembling crypto exchanges.