When agents are interacting with APIs directly in a Zero-UI setup, security is super important. A good approach is to use role-based access control (RBAC) so each agent only has access to the APIs and actions they actually need. Pair that with token-based authentication to make sure every request is verified. On top of that, using API gateways helps manage and protect the traffic. And don’t forget to **log and monitor everything, you want a full audit trail so you can track what’s happening and catch any issues quickly. Essentially, it’s about giving agents the access they need, but in a safe, controlled, and observable way.
Think of it this way, MCPs like Playwright are all about the UI. They help you automate browser interactions and test what users actually see and click. Zero-UI agent testing, on the other hand, often skips the UI entirely. It focuses more on the underlying APIs or event streams that drive the system. That said, there’s still some crossover, you can borrow ideas from MCPs, like recording and replaying sessions, to help understand how agents interact with the system, even if it’s happening behind the scenes.
In zero-UI environments, some unique security risks can pop up because there’s no traditional interface to watch over. For example, APIs could be accessed without permission, agents might act in unexpected ways, or hidden inputs could be exploited for injection attacks. Another challenge is that audit trails can be weak, making it harder to track what happened. To stay safe, it’s really important to keep a close eye on everything, enforce strong agent governance, and have monitoring in place so nothing slips through the cracks.
Absolutely! In a world without traditional UIs, humans won’t be clicking buttons or navigating screens like we do today. Instead, our job will be more about setting the rules, defining goals, and putting boundaries in place. The agents, whether AI or automated systems, will take it from there, figuring out the best way to get things done and optimizing workflows on their own. Essentially, we move from hands-on interaction to guiding, overseeing, and orchestrating the process. It’s like being the conductor of an orchestra rather than playing every instrument yourself.
Definitely! When it comes to agent-based experiences, traditional testing like functional, performance, and security checks just isn’t enough. We also need to focus on things like how the agent behaves in different situations, whether users can trust its actions, if its decisions are explainable, and whether there are any ethical risks. Basically, it’s about making sure these agents act safely, reliably, and in ways people can actually understand and trust.
When it comes to SSO, the Agent Experience (AX) handles it pretty smoothly. Basically, it can manage short-lived tokens or refresh credentials on the fly, so agents don’t have to constantly log in. And the cool part? You can test all of this in a sandbox environment, which means you can make sure the authentication flow works correctly without having to do everything manually every time.
That’s a really good question, and honestly, something a lot of new QAs worry about. But here’s the thing: while experience does give you an edge, it’s not the only thing that matters anymore.
What’s really changing the game now is how fast you can learn and adapt especially, with new trends like AI-driven testing, agent workflows, and Zero-UI systems that Dana talked about in her session. Companies are starting to value testers who can understand these modern tools and think beyond just clicking buttons or writing test cases.
So even if you’re just starting out, focus on building practical skills, experimenting with AI tools, and getting comfortable with automation and intelligent systems. The more curious and adaptable you are, the more doors will open, even without years of experience.
Absolutely! With Zero-UI engineering, the tester’s role is going to evolve quite a bit. Instead of clicking through buttons or checking if a screen looks right, testers will start focusing more on how the system thinks and reacts.
You’ll be testing how agents make decisions, how they handle different workflows or events, and even how reliable or trustworthy their responses are. It’s less about “does this button work?” and more about “did the system make the right call?”
In short, testing will shift from surface-level UI checks to deeper behavioral testing, making sure these AI-driven systems act intelligently, consistently, and ethically.
Nice question, here’s how I’d explain it like a fellow attendee trying to be useful, not preachy:
Start with the agent’s day-to-day: watch what they actually do and list the workflows they repeat (e.g., verify a customer, escalate a bug, approve a release). Those high-frequency, high-impact tasks are your gold — expose APIs and event streams that let agents complete those tasks without hopping between systems. Do a simple impact vs. effort check: which interfaces will save the most time or reduce the most risk if automated or surfaced? Run a quick risk assessment too, anything that can cause big downstream issues (billing, security, customer data) should be treated carefully or exposed with stricter controls.
Practical rules I use: begin small (one or two core APIs + the key state-change events), make them idempotent and well-instrumented, and add observability so you can see how agents use them. Iterate based on real usage and feedback, what looks important on paper often changes once agents start using the system.
So: focus on real agent workflows, rank by impact and risk, start compact, monitor, and evolve. That gets you the most value fastest.
That’s a great question, and one that comes up a lot when testing systems that use tools like reCaptcha.
In an Agent Experience (AX) setup, you don’t want your automated agents getting stuck at a “select all traffic lights” screen, right? 
So instead of using the live reCaptcha, teams usually switch to sandbox or test-mode tokens provided by Google. These let you test how your system behaves without actually triggering real verification checks.
Another common approach is to simulate human-like interactions or mock the reCaptcha responses during testing. This way, your automated workflows can move smoothly without getting blocked, while you still validate that the flow works as intended.
Basically, during testing, we “fake it” in a safe, controlled way so that our agents can focus on testing the real logic instead of solving puzzles meant for humans.
Honestly, AI can be a huge help in QA if used in the right areas. From my experience, it works really well for things like regression testing, where it can quickly spot what’s breaking after changes. It’s also great for exploratory testing, giving suggestions on what areas to test that we might otherwise overlook.
Another area where AI shines is handling flaky tests it can help figure out which tests are unstable and why, saving a lot of manual troubleshooting. Plus, it’s smart at spotting performance anomalies before they become big issues and can even assist in validating API responses, making sure everything behaves as expected.
Basically, if there’s repetitive, pattern-based, or data-heavy work in QA, AI can step in and make life a lot easier.
Honestly, AX is still very much a growing field. Even though there are some best practices out there, we’re constantly learning and tweaking them. As more real-world agent systems get built and used, we start noticing gaps—like in security, how much we can observe, or where trust can break down. So, it’s really a process of refining things as we go, based on what actually works in practice.
When you give AI agents the ability to learn and adapt on their own, things can get pretty unpredictable over time. That’s why the whole Agent Experience (AX) approach can’t stay static, it needs to grow alongside the AI. In practice, this means constantly monitoring how agents behave, running adaptive tests to catch anything unusual, assessing risks, and putting governance in place to keep everything in check. Basically, AX evolves with the agents, making sure they stay helpful and safe as they learn new things on their own.
When the agents themselves are the main “users,” building trust for the humans overseeing them is all about keeping things clear and understandable. One practical approach is to give managers or supervisors visual dashboards that show what’s happening in real time. Make sure the decisions the agents make can be explained easily, so humans aren’t left guessing why something happened. It also helps to have audit trails to track actions, alerts when something unusual occurs, and, importantly, the ability for a human to step in or override decisions if needed. Basically, it’s about giving people visibility and control without making things complicated.
Absolutely! I’d say leaning towards Specialized or Smaller Language Models (SLMs) can be a smart move. They’re lighter, faster, and cost less to run, but still pack enough accuracy for specific tasks, like testing in your particular domain or improving agent workflows. Basically, you get efficiency without compromising on quality.