expo:QA 2025 – The Human Edge – Why Testers Matter in an AI World

Quick Overview

expo:QA Madrid 2025 provided two days of intensive training that showed modern QA needs to focus on practicality, security-first, performance-aware, ethical and AI-assisted testing instead of AI replacement. We attended Conference Day 1 on May 21 and Conference Day 2 on May 22 to gain practical methods and strategic insights and identify our upcoming work direction.

About expo:QA

The European QA event expo:QA brings together expert sessions and practical workshops and brief presentations which provide both functional solutions and strategic insights for attendees. The 2025 program focused on three main pillars that define the future of quality assurance in an AI-driven world.

Conference Focus Areas

This year’s program centered on three critical areas that reflect the evolving QA landscape:

• Practical AI Testing Applications: Moving beyond hype to understand how AI tools actually enhance testing workflows, where they fall short, and how to integrate them effectively into existing processes.
• Security and Regulatory Compliance: Addressing the growing importance of security-first thinking in QA, with hands-on approaches to identifying vulnerabilities and building compliance into delivery pipelines.
• Performance Optimization Methods: Exploring techniques for achieving faster time-to-market while maintaining quality standards through innovative release management and performance testing strategies.

Event Schedule & Sessions

1. Bright Future or Dark Age: Why Testers Matter – Michael Bolton

The opening presentation demonstrated that QA professionals continue to play an essential role in the industry. The speed of AI operations does not replace human testers because they provide essential context and skepticism and develop creative hypotheses that machines cannot duplicate.

Bolton’s key argument centered on the irreplaceable human elements in testing: the ability to understand business context, question assumptions, explore edge cases through intuition, and advocate for users whose needs may not be captured in requirements. While AI can execute tests rapidly, it lacks the critical thinking that identifies which tests matter most and why.

2. AI is not a goddess that we can trust – Ard Kramer

The presentation presented a necessary correction to AI enthusiasm by showing how to check results and examine data sources and record system boundaries and create plans for system breakdowns. The verification process should start with trust but you must design tests which reveal AI system breakdowns.

Essential Principles for AI Verification

Kramer outlined a practical framework for testing AI systems responsibly:

• Validate data sources: Understand where AI training data comes from and what biases it might contain.
• Document system boundaries: Clearly define what the AI can and cannot reliably do.
• Design for failure: Build systems that degrade gracefully when AI makes mistakes rather than catastrophically failing.
• Implement continuous monitoring: Track AI performance over time as data distributions shift and edge cases emerge.

3. Performance is happiness: Volume II – Almudena Vivanco

Vivanco shared how Lidl approaches performance testing not as a technical checkbox but as a direct driver of customer satisfaction and business results. The presentation revealed three specific methodologies that connect technical metrics to user experience.

Lidl’s Performance Testing Approach

• User-focused metric analysis: Moving beyond generic response times to measure metrics that directly impact customer behavior, such as time-to-interactive for key user journeys.
• Large-scale load testing: Simulating realistic traffic patterns including peak shopping periods to identify bottlenecks before they affect customers.
• Business outcome correlation: Linking performance improvements to measurable business metrics like conversion rates and customer retention.

The most compelling insight was Lidl’s data showing direct correlation between page load time improvements and increased conversion rates, providing clear ROI justification for performance optimization efforts.

4. AI-powered Test Automation: Building Bots in Playwright – Marcel Veselka

The presentation demonstrated how Playwright-based bots receive AI enhancements to achieve better test coverage and minimize test fragility. Veselka showed practical techniques for creating self-healing tests that adapt to UI changes and intelligent exploratory testing bots that discover edge cases human testers might miss.

Key Techniques for AI-Enhanced Automation

• Visual validation with AI: Using computer vision to verify UI correctness beyond simple element existence checks.
• Intelligent selectors: Leveraging AI to identify elements even when IDs or classes change.
• Exploratory test generation: Automatically generating test scenarios based on user behavior patterns and application structure.
• Predictable verification: Combining AI exploration with deterministic assertions to maintain test reliability.

5. (Masterclass) AI testing with ChatGPT and GitHub Copilot – Joaquín Suárez

This hands-on masterclass provided direct comparison between Copilot and ChatGPT for practical testing tasks. Suárez worked through developing manual regression test cases and unit tests for a basic custom web application, revealing the strengths and limitations of each tool in real-world scenarios.

Practical Findings

The session yielded several actionable insights for teams considering AI coding assistants:

• Context matters enormously: Both tools performed significantly better when provided with detailed context about application behavior and testing goals.
• Review is non-negotiable: AI-generated tests required careful review to ensure they tested meaningful scenarios rather than just exercising code paths.
• Iterative refinement works best: Starting with AI-generated drafts and refining through conversation produced better results than expecting perfect output initially.
• Structured input yields structured output: Providing templates and examples helped AI tools generate more consistent, maintainable test code.

6. E2E Tests for Web3 Applications – Rafaela Azevedo

Web3 applications present unique testing challenges that traditional approaches don’t address. Azevedo explained why blockchain-based systems require fundamentally different testing strategies and demonstrated practical solutions for creating reliable, repeatable tests.

Unique Web3 Testing Challenges

The presentation identified several blockchain-specific testing obstacles:

• Unpredictable network states: Transaction confirmation times vary wildly based on network congestion and gas prices.
• Immutable on-chain data: Unlike traditional databases, blockchain state cannot be easily reset between test runs.
• Wallet integration complexity: Testing requires simulating various wallet providers and handling transaction signing flows.
• Economic realism: Tests must account for real gas costs and economic incentives that affect smart contract behavior.

Practical Solutions

Azevedo demonstrated effective approaches for each challenge:

• Using local blockchain networks like Hardhat or Ganache to create controlled testing environments with instant block mining and zero gas costs.
• Implementing mainnet forking to test against real on-chain state while maintaining the ability to reset and replay scenarios.
• Automating wallet interactions through tools like Playwright to simulate user flows without manual intervention.
• Creating deterministic test scenarios by controlling block timestamps and mining behavior.

7. Accelerating Time to Market through Innovative QA and Release Management – Nino Abramishvili

Abramishvili tackled the perennial tension between speed and quality, demonstrating how modern release practices enable faster delivery without compromising reliability. The presentation focused on concrete techniques that QA teams can implement immediately.

Effective Release Acceleration Strategies

• Smaller, frequent releases: Deploying incremental changes reduces risk and makes issues easier to identify and fix.
• Feature toggle systems: Decoupling deployment from feature activation allows safer releases with instant rollback capabilities.
• Automated deployment safety: Implementing automated smoke tests, canary deployments, and gradual rollouts to catch issues before they affect all users.
• Continuous testing integration: Running comprehensive test suites on every code change to catch regressions immediately.
• Production monitoring: Treating observability as part of QA, with alerts that trigger when metrics deviate from expected patterns.

8. Leading Quality Improvements for Real Business Value – Andreea Cosariu

Cosariu challenged QA teams to think beyond technical metrics and focus on outcomes that matter to the business. The most effective quality initiatives aren’t those with the highest test coverage, but those that prevent the problems that actually hurt customers and revenue.

Shifting to Business-Outcome Metrics

The presentation outlined a framework for aligning QA efforts with business value:

• Identify high-impact user journeys: Focus testing effort on paths that drive revenue or contain high-risk operations.
• Measure real customer impact: Track metrics like customer support tickets, refund rates, and user churn rather than just defect counts.
• Calculate cost of quality issues: Quantify the business cost of bugs to prioritize fixes and justify quality investments.
• Communicate in business terms: Present QA work in terms of revenue protected, customer satisfaction maintained, and risks mitigated.

9. Cutting edge or Cutting corners? Let’s bring ethics to the table – Lena Nyström

Nyström delivered a thought-provoking session on ethical considerations in QA that often get overlooked in the rush to ship features. She argued that testers have unique visibility into how systems actually work and therefore bear responsibility for raising ethical concerns.

Integrating Ethics into Testing

The presentation proposed practical ways to incorporate ethical thinking into daily QA work:

• Social impact assessment: Considering who might be harmed by the system and how, beyond obvious security vulnerabilities.
• Bias detection: Testing for discriminatory outcomes across different user demographics, particularly in AI-driven features.
• Accessibility as ethics: Viewing accessible design not as compliance but as ensuring technology serves all users equitably.
• Privacy by design: Questioning data collection practices and ensuring users understand and control their information.
• Long-term consequences: Asking “will we regret building this?” before investing in systems with questionable downstream effects.

10. (Masterclass) Cybersecurity in Action! Testing for a Secure Digital Future – Sara Martínez

Martínez’s hands-on masterclass provided practical training in identifying and preventing common security vulnerabilities. The session focused on OWASP Top 10 vulnerabilities with real-world exploit demonstrations that made abstract security concepts tangible and urgent.

Security Testing Fundamentals

Participants learned to test for critical vulnerabilities including:

• Injection flaws: Testing input validation and parameterized queries to prevent SQL injection and command injection attacks.
• Authentication issues: Verifying session management, password policies, and multi-factor authentication implementation.
• Access control: Testing that users can only access resources they’re authorized for, with no horizontal or vertical privilege escalation.
• XSS vulnerabilities: Checking input sanitization and output encoding to prevent cross-site scripting attacks.

Building Security into CI/CD

The masterclass demonstrated how to integrate security testing into automated pipelines:

• Using static analysis tools to catch common vulnerabilities in code before it ships.
• Implementing automated dependency scanning to identify known vulnerabilities in third-party libraries.
• Running dynamic security tests against deployed applications to verify runtime behavior.
• Creating security regression tests for previously discovered vulnerabilities to prevent recurrence.

Our Favorite Presentations

Several sessions stood out for their immediate practical value and potential to transform how we approach QA:

• AI Testing with ChatGPT and GitHub Copilot: The hands-on masterclass provided actionable techniques we can implement immediately, with honest assessments of what works and what doesn’t.
• E2E Tests for Web3 Applications: Azevedo’s presentation tackled genuinely novel testing challenges with practical, field-tested solutions that go beyond theory.
• Cybersecurity in Action: An essential crash course for anyone deploying web applications, with live demonstrations that made security threats concrete and preventable.
• Accelerating Time to Market: Abramishvili presented release patterns that actually work in practice, backed by real implementation experience rather than aspirational theory.
• Performance is Happiness: Vivanco’s data-driven approach connected technical performance metrics directly to user satisfaction and business outcomes, making the ROI case crystal clear.

Madrid: Quick Notes from Our Downtime

Between sessions, we explored Madrid’s cultural landmarks and found that the brief escapes from conference intensity actually helped process and synthesize what we were learning.

Our Madrid Highlights

• Royal Palace of Madrid: The architectural grandeur provided perspective on building things meant to last.
• Plaza Mayor: Coffee breaks here sparked some of our best discussions about applying conference concepts to our actual projects.
• Catedral de la Almudena: A quiet moment between the intensity of technical sessions.
• Santiago Bernabéu and Estadio Alfredo Di Stéfano: For the football enthusiasts in our group, these visits were non-negotiable.

The cultural experiences balanced the technical immersion, preventing conference fatigue while allowing ideas to percolate naturally.

Conclusion: QA’s Rising Mandate – Durable, Ethical & AI-Aware

expo:QA Madrid 2025 delivered a clear message that contradicts the “AI will replace testers” narrative. Instead, the conference revealed that QA’s role is expanding and evolving rather than diminishing. The modern QA professional must be security-conscious, performance-aware, ethically grounded, and capable of leveraging AI tools while maintaining critical oversight.

Key Takeaways We’re Implementing

The team returned with concrete action items and new capabilities:

• AI-assisted workflows: Integrating ChatGPT and Copilot into our test development process while maintaining human oversight and critical review.
• Playwright bot framework: Building intelligent test automation that adapts to changes and discovers edge cases systematically.
• Security integration: Embedding OWASP Top 10 testing directly into our CI/CD pipelines as a non-negotiable quality gate.
• Ethics checklist: Adding bias detection and social impact assessment to our test planning process.
• Performance-to-business metrics: Establishing clear connections between technical performance and customer satisfaction indicators.

The future of QA isn’t about being replaced by AI but about elevating our practice to meet higher standards across more dimensions: durability, security, ethics, performance, and intelligent automation. expo:QA Madrid showed us both the direction and the practical methods to get there.