Blog

Daily notes on AI, testing, and building software.

May 23, 2026Vulnerability Analysis
CVE-2026-41091 & CVE-2026-45498: Microsoft Defender Zero-Days Actively Exploited in the Wild
Two actively exploited zero-day vulnerabilities — CVE-2026-41091 (CVSS 7.8, Elevation of Privilege) and CVE-2026-45498 (CVSS 4.0, Denial of Service) — were disclosed as part of Microsoft's May 2026 Patch Tuesday and…
May 20, 2026AI/LLM Updates
When AI Knows It's Being Tested: Anthropic's NLAs and the Future of AI Benchmarking
Anthropic's new Natural Language Autoencoder (NLA) research reveals that Claude silently detects it's on a benchmark 26% of the time — without saying so. If AI models can recognize test environments, the entire premise…
May 20, 2026Test Automation
The $1.5 Billion Autonomous QA Revolution: Testing AI Agents with AI Agents
Over $1.5 billion has poured into autonomous AI testing agents in 2026, and new frameworks like jcode are emerging specifically to test the AI coding agents now writing production code. The QA profession isn't just…
May 20, 2026Vulnerability Analysis
CVE-2026-42898: Microsoft Dynamics 365 On-Premises RCE — What It Is & How to Fix It
CVE-2026-42898 is a code injection vulnerability in Microsoft Dynamics 365 (on-premises) that allows any low-privileged authenticated user to execute arbitrary code on the server over the network — no admin rights, no…
May 18, 2026AI/LLM Updates
Claude's "Dreaming" Memory Just Changed What AI Test Automation Agents Can Do
Anthropic's new "dreaming" memory capability in Claude Managed Agents gives AI agents the ability to learn and improve over time from past sessions — meaning test automation agents can now accumulate knowledge about…
May 18, 2026Test Automation
Why Your CI/CD Pipeline Isn't Enough: Automated Self-Testing Quality Gates for LLM Apps
A new ArXiv paper introduces a framework where LLM applications test themselves before release, producing evidence-based PROMOTE/HOLD/ROLLBACK decisions across five measurable dimensions — replacing the gut-feel release…
May 17, 2026Vulnerability Analysis | Mitigation Guide | Security Testing
CVE-2026-41089: Critical Windows Netlogon RCE — Unauthenticated Domain Controller Takeover
CVE-2026-41089 is a critical stack-based buffer overflow in the Windows Netlogon Remote Protocol (MS-NRPC) that allows an unauthenticated remote attacker to execute arbitrary code on any domain controller reachable over…
May 17, 2026Vulnerability Analysis
CVE-2026-20182: Cisco Catalyst SD-WAN Authentication Bypass — What It Is & How to Fix It
CVE-2026-20182 is a CVSS 10.0 critical authentication bypass vulnerability in the Cisco Catalyst SD-WAN Controller (vSmart) and Manager (vManage) that allows a remote, unauthenticated attacker to gain full…
May 16, 2026Test Automation
Microsoft Says AI Agents Lose 25% of Context Over Long Tasks — Here's What That Means for Your Test Pipeline
Microsoft researchers found that even frontier AI models — including Claude Opus, GPT-5, and Gemini — lose roughly 25% of document content across 20 delegated interactions. For test automation pipelines that rely on AI…
May 16, 2026Vulnerability Analysis
CVE-2026-42897: Microsoft Exchange Server XSS Zero-Day Actively Exploited in the Wild
CVE-2026-42897 is an unpatched cross-site scripting (XSS) and spoofing zero-day vulnerability in on-premises Microsoft Exchange Server, disclosed on May 14, 2026, with confirmed active exploitation in the wild.…

Latest from the blog