Next-Gen App & Browser Testing Cloud
Trusted by 2 Mn+ QAs & Devs to accelerate their release cycles

Most MBT approaches miss state-dependent bugs entirely. This guide explains why, introduces all three MBT classes, and gives you a worked example, tools comparison, and CI/CD integration.

Saniya Gazala
Author
June 19, 2026
Writing test cases manually from requirements is slow, error-prone, and does not scale. As systems grow more complex, the number of possible states and transitions a tester needs to cover grows faster than any team can keep up with manually. Model-based testing solves this by making the system's expected behavior explicit in a formal model, then generating test cases automatically from that model.
The result is more coverage with less manual effort, tests that are directly traceable to requirements, and a systematic approach to finding state-dependent bugs that traditional test case design consistently misses.
Overview
What Is Model-Based Testing?
Model-based testing (MBT) is an approach where a formal model of the system's expected behavior, such as a state machine, activity diagram, or decision table, is used to automatically generate test cases instead of writing them manually. Coverage decisions become systematic, repeatable, and traceable to requirements.
The Three Classes of MBT
Where MBT Pays Off
MBT is most effective for systems with state-dependent logic such as booking flows, approval workflows, e-commerce checkouts, and banking transactions. For simple CRUD interfaces, linear workflows, or exploratory testing, manual testing is often faster and sufficient.
Modern Tooling for Model-Based Testing
Modern MBT tools help teams automate test design, improve coverage, and reduce the effort required to maintain complex testing workflows.
Model-based testing (MBT) is a software testing approach where a formal model of the system's expected behavior is used to automatically generate test cases. Instead of writing tests manually, testers create a model such as a state machine, activity diagram, or decision table, and an MBT tool derives the test cases from it.
The model represents the system in a structured form by defining states, actions, transitions, and expected outcomes. Once validated against requirements, the MBT tool generates test cases based on selected coverage criteria.
Unlike traditional testing, where coverage depends on the tester's interpretation, MBT provides systematic, repeatable, and traceable test coverage through the model itself.
MBT is most effective for systems with state-dependent logic, such as booking flows, approval workflows, e-commerce checkouts, and banking transactions.
For simple CRUD interfaces, linear workflows, or exploratory testing, manual testing remains faster and sufficient. The upfront cost is model creation; the return is systematic coverage, direct requirement traceability, and lower maintenance when requirements change.
MBT delivers automated, repeatable, and traceable test generation that excels at validating complex, state-dependent systems, but it demands upfront modeling effort and ongoing maintenance.
Model-based testing (MBT) offers systematic and automated test generation, making it highly effective for validating complex systems with state-dependent behavior. However, it also requires significant upfront modeling effort and careful maintenance to ensure accurate and reliable test coverage.
MBT improves software quality by enabling automated, repeatable, and traceable testing based on system models and defined coverage criteria.
Despite its benefits, MBT can be time-consuming to implement and may become difficult to manage for highly complex systems with large state spaces.
Note: Reduce manual test design effort and generate smarter workflow coverage with KaneAI. Book a KaneAI Demo.
Model-based testing works by defining requirements, building a formal model, validating it, then automatically generating, annotating, executing, and maintaining test cases from that model.
MBT spans the full Software Development Life Cycle (SDLC); the model is created during requirements definition, validated before development begins, and maintained as a living artifact through every change cycle.
The seven steps below apply regardless of which MBT class you use.

The three classes of model-based testing are stateless, stateful, and action-state, each trading off coverage power, setup complexity, and reliability of state-dependent bug detection.
There are many MBT methods, and the choice between them is not obvious from the tool marketing alone. A practical classification based on efficiency and usability in test automation separates them into three distinct classes: stateless, stateful, and action-state (aggregate).
Each class makes different trade-offs between coverage power, setup complexity, and reliability of bug detection.
Stateless MBT models business processes by describing the dynamic aspects of a system without representing its internal states. The models capture user actions, events, and system responses, but not the conditions the system is in when those actions happen.
Common modeling notations in this class include BPMN (Business Process Model and Notation), UML activity diagrams, and use case flows.
All have different visual syntax but represent similar information: what happens, in what order, with what branching conditions.
Most commercial MBT tools, including CA Agile Requirements Designer (now offered by Broadcom) and Curiosity, apply this technique.
Any stateless model can be transformed into a directed graph where edges represent user actions and nodes represent system responses.
A test generation algorithm traverses this graph according to a selection criterion, typically edge coverage or all-transition-pairs, and produces test sequences from the paths it finds.
The approach is straightforward and broadly applicable. For systems where internal state does not affect the correct output, stateless MBT is efficient and practical.
Two significant issues arise when stateless MBT is applied to systems with complex internal logic.
To make these trade-offs concrete, consider the following requirement specification for a rental company that loans cars for EUR 300 per week and bikes for EUR 100 per week.
The following requirements are labeled as R1, R2, R3, and so on, where each label represents a specific functional requirement in the system specification.
The stateless model represents user actions as transitions (edges) and system responses as nodes. From the initial node, the customer can either add a car or add a bike, and the model branches further when the discount threshold is reached.
At first glance, the model appears complete because every valid add/remove sequence can be traversed in the graph. However, the stateless approach contains a critical limitation: it cannot accurately represent the system's internal state.
The infeasible path problem: The graph permits a path of add car, then deleting two cars. This is invalid because you cannot delete cars that do not exist, yet no node in a stateless model represents "how many cars are currently in the cart." Without guard conditions like number_of_cars >= 1 applied to delete transitions, the model generates invalid tests.
Adding these guard conditions requires code:
number_of_cars >= 1 // guard for "delete car" transition
number_of_bikes >= 1 // guard for "delete bike" transitionAnd the state variables must be maintained:
number_of_cars++ // on "add car"
number_of_cars-- // on "delete car"The missed bug: Even with guard conditions applied and the all-transition-pairs criterion selected (which requires covering all adjacent edge pairs), the stateless model still fails to detect a real bug. The correct test sequence is:
This sequence requires the system to be in a specific internal state (discount previously granted, then withdrawn).
The stateless model's all-transition-pairs criterion does not mandate this sequence because it has no concept of the internal state that makes step 3 different from step 1.
Even strengthening the criterion to all-transition-triples does not reliably detect this bug, because the relevant pair is buried within a longer sequence that the criterion does not prioritize.
Conclusion for stateless MBT: It is broadly applicable and the most widely used approach. For systems where internal state does not affect correctness, it works well. For systems with discount logic, approval workflows, cart management, or any feature where the correct output depends on what happened earlier in the session, it will consistently miss a class of important bugs.
Stateful MBT solves the core limitation of the stateless approach by explicitly representing the internal states the system can be in.
Rather than modeling only what happens, stateful MBT models what conditions the system is in at each point, which makes state-dependent bugs detectable by construction.
The challenge of stateful MBT is state space reduction. A real software system has an enormous number of possible states: every combination of every variable's value is technically a distinct program state.
Modeling all of them produces thousands of nodes and millions of test cases. The practical solution is to model only the inner states, or test states: the distinct conditions that actually affect the correctness of the outputs you care about.
Tools implementing stateful MBT include Opkey and Conformiq, which support state transition modeling with automated test case generation.
Inner states are the conditions that change what the correct output is. For the rental system specification, there are five meaningful inner states:
These five states represent the complete set of conditions that determine what the system should do next. Every other variation, such as exactly how many cars or the total price, is handled through guard conditions rather than additional states.
The state transition graph places these five states as nodes and the user actions (add car, add bike, delete car, delete bike) as labeled edges between them. The minimum test coverage requirement, that each state is visited at least once, guarantees the discount is tested, because reaching "Discount, bike added" or "Discount, bike converted" requires traversing the discount threshold.
More importantly, using the all-transition-pairs criterion generates the exact test sequence that the stateless model missed:
Add vehicles to reach the discount.
Remove vehicles until the discount is withdrawn.
Add vehicles again to confirm the discount returns.This sequence appears naturally in the stateful model because the transition from "Discount, bike added" back to "No discount, no bike" (via delete actions), followed by a return to "Discount, bike added" (via add actions), is a pair that must be covered. The criterion forces it.
The improvement in bug detection comes at a cost. Guard conditions in stateful MBT are more complex than in the stateless approach because the graph must distinguish valid transitions between specific states.
For example, the guard condition for the "add car" transition that returns from "No discount, no bike" back to itself (rather than moving to a discount state) is:
total_price + 300 < 700This requires computing the total price, which is itself a function of the current cart contents. The model must encode business logic that is also being tested. A mistake in the guard condition produces a test that validates incorrect behavior.
This is the primary practical risk of stateful MBT. The more complex the system, the harder it is to write guard conditions correctly.
For systems with no meaningful inner states, such as simple CRUD interfaces and linear workflows with no conditional logic, stateful MBT adds complexity without adding value. The stateless approach is the better choice for those systems.
Conclusion for stateful MBT: It reliably detects state-dependent bugs that stateless MBT misses. It is the correct choice for systems with meaningful internal states: booking systems, e-commerce checkouts, approval processes, and any workflow where the correct response depends on what the user has done previously.
The trade-offs are higher model creation effort, the need to encode expected outputs in guard conditions, and the risk of errors in those conditions.
Both stateless and stateful MBT have complementary strengths and weaknesses. Stateless MBT is broadly applicable but misses state-dependent bugs. Stateful MBT detects those bugs reliably but requires significant modeling effort and guard condition coding that is itself error-prone.
Action-state testing, also referred to as aggregate MBT or two-phase MBT, addresses both sets of limitations through a two-phase modeling approach. It is the most effective of the three classes for complex systems and the approach this guide recommends as the starting point for any team building a new MBT practice.
Action-state testing works by combining action-based workflow modeling with explicit state tracking to improve test coverage for complex, state-dependent systems.
Action-state testing combines action-based modeling with explicit state awareness, allowing it to detect complex behavioral issues while avoiding the scalability problems of fully stateful models.
The three main classes of model-based testing differ in modeling complexity, state awareness, scalability, and suitability for different types of systems.
| Dimension | Stateless | Stateful | Action-State |
|---|---|---|---|
| Modelling complexity | Low | High | Medium |
| State-dependent bug detection | No | Yes | Yes |
| Guard condition effort | Medium | High | Low to medium |
| Risk of guard condition errors | Medium | High | Low |
| Applicable to simple systems | Yes | Overkill | Yes |
| Applicable to complex systems | Insufficient | Yes | Yes |
| Test case volume | Manageable | Can explode | Manageable |
| Recommended for | Simple flows, no inner states | Known complex state logic | General recommendation |
Recommendation: For most QA teams building a new MBT practice, action-state testing is the correct starting point. It delivers the bug detection power of stateful MBT without the guard condition complexity that makes pure stateful MBT error-prone and time-consuming to maintain.
Popular model-based testing tools include GraphWalker, Conformiq, Opkey, CA Agile Requirements Designer, Curiosity Software, and AI-native KaneAI by TestMu AI.
Choosing the right tool determines how much of your MBT practice is codeless, how well it integrates with your existing automation stack, and how much maintenance effort the model requires over time.
GraphWalker is an open-source, Java-based MBT tool that reads models in the form of directed graphs and generates test paths from them. It is the most widely used open-source MBT tool and has active academic and industrial adoption, including work presented at the 2025 IEEE International Conference on Software Testing, Verification and Validation Workshops.
Conformiq is an enterprise-grade MBT tool supporting multiple modeling notations, including finite state machines, statecharts, and decision tables. It provides automated test script generation in multiple output formats.
Opkey is a low-code MBT and test automation platform with particular strength in ERP and enterprise application testing, including Salesforce, SAP, and Oracle. It implements stateful MBT through a visual model builder that non-engineers can use.
CA Agile Requirements Designer is a stateless MBT tool based on BPMN process modeling. It generates test cases from business process models and integrates with ALM and test management platforms.
Curiosity combines model-based test design with test data automation. It uses decision tables and stateless flow modeling to generate tests and pairs them with synthetic test data generation.
KaneAI by TestMu AI (formerly LambdaTest) is a GenAI-native testing agent that applies model-based testing (MBT) principles through natural language-driven test generation and intelligent workflow analysis. Instead of requiring teams to manually create and maintain explicit models, KaneAI derives workflows, state transitions, and coverage paths from plain-language requirements to enable AI test automation for modern quality engineering teams.
Model-based testing integrates directly into Agile and CI/CD workflows when the model is treated as a living artifact updated alongside requirements in each sprint.
The most effective pattern updates the model during sprint planning, regenerates tests before development begins, and version-controls the model alongside the codebase.
On the CI side, MBT-generated tests are standard test cases that plug into any automation testing platform your team already uses.
When a pull request touches a feature covered by the model, the updated model regenerates the affected tests automatically, and results feed into your test management software with each failure traceable to the specific model path that triggered it.
For scale, connecting MBT-generated tests to a test automation cloud provides parallel execution across environments without infrastructure management.
This connects MBT directly to shift-left testing principles: Quality Assurance (QA) validation starts at the model level during requirements definition, not after development completes.
The most significant development in MBT practice in 2026 is the convergence of large language models with model-based test generation.
This convergence is reducing the primary cost of MBT, specifically model creation, while expanding its applicability to teams without formal modeling expertise.
Creating an accurate, validated model has historically been the skill bottleneck in MBT adoption. Translating natural language requirements into a formal state machine or activity diagram requires expertise in both the domain and the modeling notation.
Large language models are now capable of generating initial MBT models directly from requirement documents. Given a set of user stories or functional specifications, an LLM can produce a draft state transition graph, identify candidate inner states, and suggest guard conditions for the identified transitions.
The result is not a production-ready model. Domain expert review and validation remain essential, but it reduces the time to first draft from days to hours and makes MBT accessible to teams without a dedicated model-based testing specialist.
Guard conditions, the programmatic checks that prevent invalid paths in both stateless and stateful MBT, have been the main source of model maintenance burden. When requirements change, guard conditions must be updated manually and carefully, as errors in them produce tests that validate wrong behavior.
AI assistance in guard condition generation analyses the requirement specification and the existing model structure to suggest updated conditions when requirements change. This does not eliminate the need for human review but significantly reduces the time required and the cognitive load on the tester maintaining the model.
AI-native automation testing platforms like KaneAI by TestMu AI apply MBT principles without requiring explicit model creation. The system analyses the application under test, identifies state transitions through intelligent exploration, and generates tests that cover the state space systematically.
Self-healing locators adapt the generated tests when the application changes, reducing the maintenance overhead that makes traditional MBT suites brittle over time.
For teams evaluating AI for QA testing, this represents the practical convergence of MBT's coverage principles with the accessibility of AI-powered test authoring: the benefits of systematic state space coverage without the upfront model creation cost.
An emerging application of MBT principles in 2026 is the use of agentic AI tools to explore application state spaces autonomously.
Enterprise AI agents embedded in CRM, banking, or service applications are increasingly automating multi-step business workflows, the same state-driven flows that MBT was designed to validate.
Agentic AI systems that navigate an application, identify distinct states, and generate test sequences covering state transitions are applying MBT logic without a human-authored model.
This is an active research and product development area with early commercial implementations already available in AI for software testing platforms.
Effective model-based testing depends on choosing the right modeling approach, maintaining accurate models, and aligning test generation closely with business requirements.
Model-based testing is the most systematic approach to test case design available to QA teams in 2026. It replaces subjective manual test writing with a formal model that generates coverage automatically, detects state-dependent bugs reliably, and reduces maintenance overhead when requirements evolve.
For teams starting with MBT, action-state testing is the right entry point: it delivers the bug detection power of stateful modeling without the complexity that makes pure stateful MBT difficult to sustain.
For teams running generated tests at scale, connecting MBT output to an automation testing platform with real device execution and test management integration closes the loop from model to production validation. Start testing your workflows with KaneAI and get systematic coverage without the upfront model creation cost.
Note: Start generating state-aware model-based tests in plain English with KaneAIBook a KaneAI demo.
Author
Saniya Gazala is a Product Marketing Manager and Community Evangelist at TestMu AI with 2+ years of experience in software QA, manual testing, and automation adoption. She holds a B.Tech in Computer Science Engineering. At TestMu AI, she leads content strategy, community growth, and test automation initiatives, having managed a 5-member team and contributed to certification programs using Selenium, Cypress, Playwright, Appium, and KaneAI. Saniya has authored 15+ articles on QA and holds certifications in Automation Testing, Six Sigma Yellow Belt, Microsoft Power BI, and multiple automation tools. She also crafted hands-on problem statements for Appium and Espresso. Her work blends detailed execution with a strategic focus on impact, learning, and long-term community value.
Did you find this page helpful?
More Related Blogs
TestMu AI forEnterprise
Get access to solutions built on Enterprise
grade security, privacy, & compliance