Systems | Development | Analytics | API | Testing

AI solves the velocity problem, but confidence is still holding testing teams back.

Digital transformation rarely happens in a clean, technical environment. Most organizations aren’t starting from a blank slate – you’re operating across a mix of legacy desktop applications, internal web systems, custom-built interfaces, and business-critical workflows that must remain stable while modernization continues around them. The central challenge is whether that automation can remain reliable as underlying technologies evolve.

There’s a tension building inside most engineering organizations right now, and not many people are talking about it openly. AI has given development teams an extraordinary gift: the ability to build faster than ever before. Features that once took days can be prototyped in hours. Applications that required large teams can now be scaffolded by a handful of engineers with the right tools. By almost every measure of development velocity, we are living through a remarkable moment.

Between March 19 and March 31, five major open-source projects were compromised in rapid succession: Aqua Security’s Trivy vulnerability scanner, Checkmarx’s AST GitHub Actions, the LiteLLM AI proxy on PyPI, the Telnyx communications library, and Axios—the most downloaded HTTP client in the npm registry. Collectively, these projects serve hundreds of millions of installations across virtually every enterprise software environment on earth.

On March 31, an attacker hijacked the npm account of Axios’s primary maintainer and published two malicious versions of the most popular HTTP client library in the JavaScript ecosystem. The backdoored packages—axios@1.14.1 and axios@0.30.4—injected a trojanized dependency that delivered cross-platform remote access trojans to macOS, Windows, and Linux machines within seconds of installation.

On March 31, Axios—the most widely used HTTP client in the JavaScript ecosystem, with approximately 100 million weekly npm downloads and a presence in roughly 80% of cloud environments—was compromised via a hijacked maintainer account. Two malicious versions (1.14.1 and 0.30.4) delivered a cross-platform remote access trojan (RAT) that harvested credentials, SSH keys, cloud tokens, and API secrets from every machine where they were installed.