Artificial intelligence is rapidly transforming industries, and security testing is no exception. At PortSwigger, we’ve always been driven by innovation, but we don’t chase trends for the sake of it. Instead, we focus on delivering real value to security professionals. AI represents a massive opportunity to enhance the way our users work, so we set out to meaningfully integrate it into Burp Suite.
For more details on how we're approaching AI assistance and why we believe now is the time for the AppSec industry to challenge its natural hesitancy towards AI, check out the following blog post from Burp Suite creator and PortSwigger CEO, Dafydd Stuttard: Why it's time for AppSec to embrace AI: How PortSwigger is leading the charge.
Our journey toward Burp AI didn’t start overnight. We laid the groundwork with extensive research, iterative development, and a strong focus on understanding how AI could truly benefit penetration testers.
In November 2024, we launched a private trial with 30 testers across multiple segments. This was a significant milestone—not just for our users but for us as well. We set out to validate key assumptions, including:
The feedback was invaluable. We learned what worked, where improvements were needed, and how we could further refine our approach.
The transition from trial to production wasn’t just about finalizing features—it was about incorporating everything we had learned to ensure Burp AI met the high standards our users expect.
We’re just getting started. We have already announced AI-Powered Extensibility, allowing security professionals to seamlessly integrate AI into their workflows using the Montoya API. This enables automation of tedious tasks, enhances security testing, and provides deeper insights into web application vulnerabilities.
Update 31 March 2025: We've now released a number of built-in AI-powered features. For details, see Welcome to the next generation of Burp Suite: elevate your testing with Burp AI.
By leveraging PortSwigger’s trusted platform, users can focus on developing innovative solutions without managing complex AI infrastructures. Additionally, Gareth Heyes’ Hackvertor & Shadow Repeater extensions demonstrates the power of AI-driven extensibility, offering new ways to create and apply transformations within Burp Suite.
Burp AI is the result of months of dedicated work, and we can’t wait to see how it helps security professionals.
Stay tuned for more updates on the dedicated #burp-ai channel on the PortSwigger Discord - join here.
As always, we welcome your feedback!