Blog

Daily notes on AI, testing, and building software.

April 21, 2026Vulnerability Analysis
CVE-2026-27681: Critical CVSS 9.9 SQL Injection in SAP BPC & Business Warehouse — What It Is & How to Fix It
CVE-2026-27681 is a CVSS 9.9-rated SQL injection vulnerability in SAP Business Planning and Consolidation (BPC) and SAP Business Warehouse (BW) that allows any low-privileged authenticated user to upload a file…
April 21, 2026Vulnerability Analysis
CVE-2026-20122 / CVE-2026-20128 / CVE-2026-20133: The Cisco SD-WAN Manager Attack Chain & How to Fix It
Three actively exploited vulnerabilities in Cisco Catalyst SD-WAN Manager — CVE-2026-20133 (information disclosure), CVE-2026-20122 (arbitrary file overwrite), and CVE-2026-20128 (credential exposure via recoverable…
April 21, 2026Vulnerability Analysis | Mitigation Guide | Security Testing
CVE-2026-39987: Marimo Pre-Auth RCE — Root in One WebSocket Request
CVE-2026-39987 is a critical pre-authentication remote code execution (RCE) vulnerability in Marimo, an increasingly popular open-source Python notebook used in AI/data science workflows. An unauthenticated attacker can…
April 21, 2026Test Automation | Code Generation | AI/LLM Updates
Nobody Is Testing Their LLM Apps — Here's the Six-Layer Framework That Changes That
As LLM features ship without proper test suites, QA teams are being asked to validate AI-powered software with tools and methods designed for deterministic code — a growing mismatch that's creating silent quality debt…
April 21, 2026Test Automation
The Hidden Fragility of AI-Generated Tests: What Happens When Your Code Evolves
New research accepted at ICST 2026 reveals a critical blind spot in LLM-based test generation: when code changes semantically, AI-generated tests pass rates collapse to just 66%, and AI fault localization accuracy…
April 21, 2026AI/LLM Updates
LLM-Driven Test Oracle Generation: What QA Engineers Need to Know in 2026
The "oracle problem" — deciding whether software output is correct — has always been one of the hardest unsolved challenges in test automation. LLMs are now sophisticated enough to generate test assertions…
April 21, 2026Test Automation
The LLM Testing Gap: Most Teams Are Shipping Untested AI Features (Here's How to Fix That)
Most engineering teams shipping LLM-powered features in 2026 are testing them less rigorously than they test a login form — and as AI becomes load-bearing infrastructure, that gap is a serious production risk that QA…
April 21, 2026Code Generation
GPT-5.3-Codex-Spark Is Doing 1,000 Tokens Per Second—Here's What That Means for Writing Tests in Real Time
GPT-5.3-Codex-Spark's near-instant output speed—over 1,000 tokens per second—changes the fundamental interaction model between developers and AI assistants. For test writing specifically, this eliminates the latency…
April 21, 2026AI/LLM Updates | Code Generation | Test Automation
1,000 Tokens Per Second: What GPT-5.3-Codex-Spark Means for Real-Time Test Generation
OpenAI's GPT-5.3-Codex-Spark delivers over 1,000 tokens/second — fast enough to generate a full test file as you type — which fundamentally changes the economics of AI-assisted test writing and opens a new paradigm of…
April 21, 2026AI/LLM Updates
GPT-5.2-Codex Is Here: How OpenAI's Most Advanced Coding Model Changes Test Automation Forever
GPT-5.2-Codex is purpose-built for the hardest software engineering tasks — long-horizon refactors, large-scale migrations, and complex multi-file changes — which maps almost perfectly onto the work QA teams dread most:…

Latest from the blog