Whenever the AI agent generates tests for user flows on your page, or when the test runner executes those tests, requests are sent to your application. Depending on the volume of requests and your app’s configuration, this activity might be mistaken for an attack and potentially cause issues.

AI test generation

The AI agent generates test cases based on user flows on your site, much like a human would interact with your application. However, the agent typically operates faster than a human and may run multiple test generations in parallel. As a result, this behavior can sometimes trigger CAPTCHAs or be flagged as suspicious activity.

Test runner

When you “run all” tests or a scheduled run occurs on a given test target, all active test cases are run at once and with up to 20 parallel browser sessions. This can lead to either an overload of your application or a rate limiter getting active, if you have one in place.

Login / Authentication

If your application requires a login, the configured test user is used for the AI test case auto-generation as well as for the test runs. This could also lead to hitting a limit of allowed logins, depending on your login system. If you are using a 3rd party login service, there are most likely security configurations in place that prevent users from logging in too frequently.

OTP / 2FA

While Octomind supports a login with a one time password (OTP), it might run into a limit on how often the same OTP code can be used for login.

How to prevent the Rate Limiter to kick in

If your application is protected against DoS Attacks with a rate limiter it is very likely that Octomind test runs and/or AI generation will fail.

IP addresses

The easiest solution is to configure an exception for our IP addresses for white listing.
  • 35.192.162.70 (US proxy)
  • 34.159.153.198 (Europe proxy)
  • 34.129.193.156 (Australia proxy)