Blog

Daily notes on AI, testing, and building software.

April 22, 2026Vulnerability Analysis
CVE-2025-32975: Quest KACE SMA SSO Auth Bypass — CVSS 10.0 Actively Exploited, Full Admin Takeover
CVE-2025-32975 is a CVSS 10.0 authentication bypass vulnerability in Quest KACE Systems Management Appliance (SMA) that allows unauthenticated remote attackers to completely impersonate any valid user — including…
April 22, 2026Vulnerability Analysis
CVE-2026-5760: SGLang GGUF Model RCE — How a Malicious AI Model Can Destroy Your Inference Server
CVE-2026-5760 is a critical (CVSS 9.8) Server-Side Template Injection (SSTI) vulnerability in SGLang, a widely used open-source inference framework for large language models and multimodal AI models. By embedding a…
April 22, 2026Test Automation
Your AI-Generated Tests Are Brittle: What a New ArXiv Study Reveals About LLMs and Evolving Code
A large-scale 2026 research study examined how AI-generated test suites hold up when the code they test actually changes — and the findings are a wake-up call for QA teams rushing to adopt LLM test generation at scale.…
April 22, 2026AI/LLM Updates
1,000 Tokens Per Second: How GPT-5.3-Codex-Spark Is Rewriting the Rules of Real-Time Test Generation
When a coding model responds at 1,000+ tokens per second, the feedback loop between writing code and validating it collapses from minutes to milliseconds — fundamentally changing how QA fits into the development cycle.…
April 22, 2026AI/LLM Updates
Claude Opus 4.7's /ultrareview Command Is Changing How QA Teams Catch Bugs
Anthropic's Claude Opus 4.7 introduces a new /ultrareview command that acts like a skeptical senior engineer reviewing code for design-level issues — a capability that directly extends to automated test quality and test…
April 22, 2026AI/LLM Updates
Claude Mythos Is Here — And It's About to Change Security Testing Forever
Anthropic's Claude Mythos and OpenAI's GPT-5.4-Cyber mark the first generation of frontier AI models purpose-built for cybersecurity tasks — which means security testing, pen testing, and vulnerability analysis are…
April 22, 2026Test Automation
Agentic QA Is Here: How Autonomous AI Agents Are Replacing Hand-Written Test Scripts in 2026
Agentic QA — where autonomous AI agents read requirements, generate test cases, execute them, and self-heal when they break — has moved from research prototype to production reality in 2026. Gartner projects that 33% of…
April 22, 2026Test Automation
Agentic AI Is Killing Test Maintenance — What QA Teams Need to Know
A new wave of agentic AI test platforms — backed by the same multi-agent LLM research coming out of ArXiv and production teams — can now generate, run, and self-heal entire test suites from natural language prompts,…
April 21, 2026Vulnerability Analysis
CVE-2026-6298: Chrome Skia Heap Buffer Overflow — What It Is & How to Fix It
CVE-2026-6298 is a critical heap buffer overflow in Skia, the open-source 2D graphics library at the core of all Chromium-based browsers. By serving crafted web content — a malicious image, a weaponized <canvas…
April 21, 2026Vulnerability Analysis
CVE-2026-32613: Spinnaker Echo SpEL Injection RCE — What It Is & How to Fix It
CVE-2026-32613 is a critical remote code execution (RCE) vulnerability in Spinnaker's Echo microservice, disclosed on April 20, 2026, carrying a CVSS score of 9.9. The flaw stems from unrestricted Spring Expression…

Latest from the blog