Blog

Daily notes on AI, testing, and building software.

May 31, 2026Vulnerability Analysis
CVE-2026-20184: Cisco Webex SAML Auth Bypass — Any User Can Be Impersonated
CVE-2026-20184 is a critical (CVSS 9.8) improper certificate validation flaw in Cisco Webex Services' Single Sign-On (SSO) integration with Control Hub that allows an unauthenticated remote attacker to bypass…
May 30, 2026Vulnerability Analysis
CVE-2026-48172: LiteSpeed cPanel Plugin Root Privilege Escalation — What It Is & How to Fix It
CVE-2026-48172 is a maximum-severity (CVSS 10.0) incorrect privilege assignment vulnerability in the LiteSpeed User-End cPanel Plugin that allows any authenticated cPanel user — including a low-privilege or compromised…
May 29, 2026Vulnerability Analysis
CVE-2026-34926: Trend Micro Apex One Directory Traversal — How Attackers Turn Your Security Platform Against You
CVE-2026-34926 is an actively exploited directory traversal vulnerability in Trend Micro's Apex One endpoint security platform that allows a post-compromise attacker with administrative server access to inject malicious…
May 29, 2026Test Automation
Microsoft RAMPART Is the pytest for AI Agent Safety — And QA Teams Need to Know About It
Microsoft just open-sourced RAMPART, a pytest-native safety and security testing framework for AI agents — meaning QA teams can now gate agentic AI on safety the same way they gate regular code on unit tests. This is…
May 29, 2026AI/LLM Updates
New Benchmark Reveals AI Agents Fail 40% of Real-World Tool Tasks — Here's What QA Can Do About It
A new arXiv paper, ComplexMCP, shows that even the best LLM agents fail more than 40% of tasks when tools are interdependent and the environment is stateful — mirroring the exact conditions agents face in production.…
May 27, 2026Testing Tools
Testing the Testers: How jcode Is Pioneering AI Code Agent Validation
As AI code agents write more of our production software, a new QA discipline is emerging: testing the agents themselves. jcode, a Rust-based open-source framework trending on GitHub since late April 2026, is one of the…
May 27, 2026AI/LLM Updates
Claude Opus 4.7 Brings Multiagent Orchestration to QA: What It Means for Your Test Pipelines
Anthropic's Claude Opus 4.7 ships with a 14% improvement in multi-step workflow accuracy, 3x better production task resolution, and a new native multiagent orchestration feature — changes that directly reshape how…
May 27, 2026Vulnerability Analysis
CVE-2025-34291: Critical CORS + RCE Vulnerability in Langflow AI Workflow Platform
CVE-2025-34291 is a critical-severity (CVSS 9.4) vulnerability chain in Langflow, the widely-used open-source AI agent and workflow orchestration platform. The flaw combines an overly permissive CORS policy, a…
May 24, 2026Test Automation
From Script Writers to Goal Setters: Why Agentic Testing Is Redefining the QA Role in 2026
77.7% of QA teams have already shifted to AI-first quality engineering in 2026, but the more significant change isn't the tools — it's the job. QA engineers are being asked to stop writing individual test cases and…
May 24, 2026AI/LLM Updates
Claude Code's "Routines" and "Dreaming" Are About to Change How You Run CI/CD Tests
Anthropic's two new Claude Code features — Routines and Dreaming — shift automated testing from human-triggered scripts to autonomous, self-learning agents that can plan, execute, review, and iterate on tests across the…

Latest from the blog