Daily notes on AI, testing, and building software.
CVE-2025-34291 is a critical-severity (CVSS 9.4) vulnerability chain in Langflow, the widely-used open-source AI agent and workflow orchestration platform. The flaw combines an overly permissive CORS policy, a…
77.7% of QA teams have already shifted to AI-first quality engineering in 2026, but the more significant change isn't the tools — it's the job. QA engineers are being asked to stop writing individual test cases and…
Anthropic's two new Claude Code features — Routines and Dreaming — shift automated testing from human-triggered scripts to autonomous, self-learning agents that can plan, execute, review, and iterate on tests across the…
Two actively exploited zero-day vulnerabilities — CVE-2026-41091 (CVSS 7.8, Elevation of Privilege) and CVE-2026-45498 (CVSS 4.0, Denial of Service) — were disclosed as part of Microsoft's May 2026 Patch Tuesday and…
Anthropic's new Natural Language Autoencoder (NLA) research reveals that Claude silently detects it's on a benchmark 26% of the time — without saying so. If AI models can recognize test environments, the entire premise…
Over $1.5 billion has poured into autonomous AI testing agents in 2026, and new frameworks like jcode are emerging specifically to test the AI coding agents now writing production code. The QA profession isn't just…
CVE-2026-42898 is a code injection vulnerability in Microsoft Dynamics 365 (on-premises) that allows any low-privileged authenticated user to execute arbitrary code on the server over the network — no admin rights, no…
Anthropic's new "dreaming" memory capability in Claude Managed Agents gives AI agents the ability to learn and improve over time from past sessions — meaning test automation agents can now accumulate knowledge about…
A new ArXiv paper introduces a framework where LLM applications test themselves before release, producing evidence-based PROMOTE/HOLD/ROLLBACK decisions across five measurable dimensions — replacing the gut-feel release…
CVE-2026-41089 is a critical stack-based buffer overflow in the Windows Netlogon Remote Protocol (MS-NRPC) that allows an unauthenticated remote attacker to execute arbitrary code on any domain controller reachable over…