Autonomous Intelligent Agents for Natural-Language-Driven Web Execution with Integrated Security Assurance

TL;DR

This paper introduces an AI-driven autonomous web testing framework that significantly improves reliability, reduces manual effort, and extends to security validation by translating plain English attack scenarios into effective browser probes.

Contribution

The paper presents a novel integrated framework combining autonomous web testing and security validation using natural language, with substantial improvements over manual and existing automated methods.

Findings

Script generation success increased from 55% to 93%

Navigation failures reduced by 8x

Detected 85% of authentication bypass vulnerabilities

Abstract

Modern web test suites rot. A UI refactor breaks locators, a timing change causes race conditions, and within weeks developers abandon the suite entirely. This paper presents an AI-driven autonomous testing framework that addresses these failure modes through five integrated strategies - navigation reliability, context-aware selector generation, post-generation validation, smart wait injection, and failure learning - implemented over a containerised worker architecture that decouples orchestration from long-running browser execution. Evaluated across four production applications and 176 scenarios, the framework improves script generation success from 55% to 93%, achieves an 8x reduction in navigation failures, eliminates 80% of timing-related race conditions, and reduces test creation time by 75% compared to manual Selenium authoring. The framework extends naturally to security validation: testers describe attack scenarios in plain English - "try accessing another user's invoice" - which the agent converts to OWASP Top 10-aligned browser probes, detecting 85% of authentication bypass vulnerabilities and 95% of input validation flaws with false positive rates below 12%. Natural-language-driven security testing of this kind represents, to our knowledge, a novel contribution to the field.