diff --git a/ee/app/controllers/ee/registrations_controller.rb b/ee/app/controllers/ee/registrations_controller.rb
index 141b702413ef64a990ba700e977da641e02d3c86..77b1006135e361533c35dfbc886fc00e5d6b2590 100644
--- a/ee/app/controllers/ee/registrations_controller.rb
+++ b/ee/app/controllers/ee/registrations_controller.rb
@@ -121,6 +121,8 @@ def record_arkose_data
 
     override :arkose_labs_enabled?
     def arkose_labs_enabled?
+      return false if ::Gitlab::Qa.request?(request.user_agent)
+
       ::Arkose::Settings.enabled_for_signup?
     end
   end
diff --git a/ee/app/controllers/ee/sessions_controller.rb b/ee/app/controllers/ee/sessions_controller.rb
index 8d4a9ca7dbc547df946919e8114c7853e7f7889b..086be4d1fd085c94c57d2a37d36a35d45cee2d2d 100644
--- a/ee/app/controllers/ee/sessions_controller.rb
+++ b/ee/app/controllers/ee/sessions_controller.rb
@@ -104,6 +104,8 @@ def check_arkose_captcha
     end
 
     def verify_arkose_token(user)
+      return if ::Gitlab::Qa.request?(request.user_agent)
+
       result = Arkose::TokenVerificationService.new(session_token: params[:arkose_labs_token], user: user).execute
 
       if result.success? && result.payload[:low_risk]
diff --git a/ee/app/controllers/users/identity_verification_controller.rb b/ee/app/controllers/users/identity_verification_controller.rb
index 2d2c6a6e38441569865c5b6c89f946c7b4ffaf3b..6f6bf68a19cdd94e71a95a9281206a456a8ae9de 100644
--- a/ee/app/controllers/users/identity_verification_controller.rb
+++ b/ee/app/controllers/users/identity_verification_controller.rb
@@ -105,6 +105,7 @@ def require_unverified_user!
 
     def require_arkose_verification!
       return unless Feature.enabled?(:arkose_labs_oauth_signup_challenge)
+      return if ::Gitlab::Qa.request?(request.user_agent)
       return unless @user.identities.any?
       return unless @user.arkose_risk_band.blank?
 
diff --git a/ee/spec/controllers/ee/sessions_controller_spec.rb b/ee/spec/controllers/ee/sessions_controller_spec.rb
index 2c39964d1ca0e40d559ed4ac2bab010b390e1354..19a840a689893f41719417bceff10622fe67fb5f 100644
--- a/ee/spec/controllers/ee/sessions_controller_spec.rb
+++ b/ee/spec/controllers/ee/sessions_controller_spec.rb
@@ -162,19 +162,19 @@ def authenticate_2fa(otp_user_id: user.id, **user_params)
       end
 
       context 'when the user was verified by Arkose' do
+        let(:low_risk) { true }
+
         before do
           allow_next_instance_of(Arkose::TokenVerificationService) do |instance|
             response = ServiceResponse.success(payload: { low_risk: low_risk })
             allow(instance).to receive(:execute).and_return(response)
           end
-
-          post(:create, params: params, session: {})
         end
 
         context 'when user is low risk' do
-          let(:low_risk) { true }
-
           it 'successfully logs in the user' do
+            post(:create, params: params, session: {})
+
             expect(subject.current_user).to eq user
           end
         end
@@ -183,11 +183,31 @@ def authenticate_2fa(otp_user_id: user.id, **user_params)
           let(:low_risk) { false }
 
           it 'prevents the user from logging in' do
+            post(:create, params: params, session: {})
+
             expect(response).to render_template(:new)
             expect(flash[:alert]).to include 'Login failed. Please retry from your primary device and network'
             expect(subject.current_user).to be_nil
           end
         end
+
+        context 'when request is for QA' do
+          before do
+            allow(Gitlab::Qa).to receive(:request?).and_return(true)
+          end
+
+          it 'skips token verification' do
+            expect(Arkose::TokenVerificationService).not_to receive(:new)
+
+            post(:create, params: params, session: {})
+          end
+
+          it 'logs in the user' do
+            post(:create, params: params, session: {})
+
+            expect(subject.current_user).to eq user
+          end
+        end
       end
 
       context 'when the user was not verified by Arkose' do
diff --git a/ee/spec/requests/users/identity_verification_controller_spec.rb b/ee/spec/requests/users/identity_verification_controller_spec.rb
index 7d34dafbb469eb04350f634f6799b927e74f54ed..964e727bd97f7e7943e414d289515091fb99f3ba 100644
--- a/ee/spec/requests/users/identity_verification_controller_spec.rb
+++ b/ee/spec/requests/users/identity_verification_controller_spec.rb
@@ -66,10 +66,13 @@
   shared_examples 'it requires oauth users to go through ArkoseLabs challenge' do
     let(:user) { create(:omniauth_user, :unconfirmed) }
     let(:arkose_labs_oauth_signup_challenge) { true }
+    let(:is_qa_request) { false }
 
     before do
+      allow(Gitlab::Qa).to receive(:request?).and_return(is_qa_request)
       stub_feature_flags(arkose_labs_oauth_signup_challenge: arkose_labs_oauth_signup_challenge)
       stub_session(verification_user_id: user.id)
+
       do_request
     end
 
@@ -88,6 +91,12 @@
 
       it { is_expected.not_to redirect_to(arkose_labs_challenge_identity_verification_path) }
     end
+
+    context 'when request is for QA' do
+      let(:is_qa_request) { true }
+
+      it { is_expected.not_to redirect_to(arkose_labs_challenge_identity_verification_path) }
+    end
   end
 
   describe '#show' do
diff --git a/ee/spec/support/shared_examples/requests/signup_arkose_challenge_shared_examples.rb b/ee/spec/support/shared_examples/requests/signup_arkose_challenge_shared_examples.rb
index d8bba7cae7336ed8ef6e097d37092c8fba03ad9a..07c703692da6d0889e185128a1013b3f64c131e0 100644
--- a/ee/spec/support/shared_examples/requests/signup_arkose_challenge_shared_examples.rb
+++ b/ee/spec/support/shared_examples/requests/signup_arkose_challenge_shared_examples.rb
@@ -119,4 +119,14 @@
 
     it_behaves_like 'skips verification and data recording'
   end
+
+  context 'when request is for QA' do
+    before do
+      allow(Gitlab::Qa).to receive(:request?).and_return(true)
+    end
+
+    it_behaves_like 'skips verification and data recording'
+
+    it_behaves_like 'creates the user'
+  end
 end