Blog

Daily notes on AI, testing, and building software.

April 29, 2026AI/LLM Updates
GPT-5.5's Agentic Coding Leap: What an 82.7% Benchmark Score Means for QA Teams
GPT-5.5's dramatic improvements in agentic coding — including a 58.6% score on real-world GitHub issue resolution and 79.2% on code review benchmarks — signal that AI models are moving from "suggests fixes" to "resolves…
April 29, 2026Vulnerability Analysis
CVE-2026-6951: Critical RCE in simple-git — What It Is & How to Fix It
CVE-2026-6951 is a critical Remote Code Execution (RCE) vulnerability in the simple-git npm package (CVSS 9.8) that allows an attacker who can influence the options argument passed to simple-git functions to execute…
April 29, 2026AI/LLM Updates | Test Automation | Agentic Testing
Claude Managed Agents Are Here — And They Could Transform Your Testing Pipeline
Anthropic's newly launched Claude Managed Agents platform gives QA teams a fully managed, sandboxed environment where an AI agent can read files, run commands, execute code, and iterate on results — removing the…
April 29, 2026Test Automation
Claude Managed Agents: The Infrastructure Shift That Makes Fully Autonomous QA Pipelines Real
Anthropic's Claude Managed Agents — launched in public beta on April 8, 2026 — provides a fully managed, sandboxed environment where an AI agent can read files, run commands, browse the web, and execute code…
April 28, 2026Vulnerability Analysis
CVE-2025-2749: Kentico Xperience CMS Path Traversal to Remote Code Execution — Full Attack Chain & Mitigation
CVE-2025-2749 is an authenticated path traversal and arbitrary file upload vulnerability in Kentico Xperience CMS's Staging Sync Server that enables full remote code execution (RCE) on the hosting server. When chained…
April 28, 2026Vulnerability Analysis
CVE-2026-41428: Budibase Authentication Bypass via Unanchored Regex — What It Is & How to Fix It
CVE-2026-41428 is a critical authentication bypass vulnerability (CVSS 9.1) in Budibase, the popular open-source low-code platform, publicly disclosed on April 24, 2026. The flaw allows unauthenticated attackers to…
April 28, 2026Vulnerability Analysis
CVE-2026-33626: LMDeploy SSRF Flaw Exploited in Under 13 Hours — How to Find It & Fix It
A Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language image loader — tracked as CVE-2026-33626 — allows unauthenticated or low-privilege attackers to weaponize an AI model server's network…
April 28, 2026Test Automation
LLMs Are Finally Solving the Oracle Problem — And It's Changing How We Write Tests
The "oracle problem" — the fundamental challenge of automatically knowing whether a program's output is correct — has blocked truly autonomous test generation for decades. A wave of 2026 arXiv research shows LLMs are…
April 28, 2026AI/LLM Updates
How Claude Mythos Is Redefining Security Testing — And What QA Engineers Should Know
Anthropic's Claude Mythos Preview has autonomously discovered thousands of zero-day vulnerabilities across every major operating system and browser — including 271 in Firefox alone — without human guidance after the…
April 28, 2026AI/LLM Updates
GPT-5.5 Is Here: What It Means for the Future of Automated Testing
OpenAI's GPT-5.5, released on April 23, 2026, is explicitly optimized for writing and debugging code, operating software, and chaining tool calls until a task is complete — capabilities that put it squarely in the…

Latest from the blog