Welcome to the next generation of Burp Suite: elevate your testing with Burp AI

Amelia Coen | 31 March 2025 at 12:26 UTC


At PortSwigger, we believe AI has the power to transform penetration testing - not by replacing human testers, but by augmenting them.


With the release of Burp Suite Professional 2025.2, we’re introducing Burp AI - a suite of powerful new features designed to enhance your testing workflow, reduce noise, and give you deeper insight into vulnerabilities.


Burp AI is now built into Burp Suite Professional and includes five brand new features…




To help you get started, we’re giving all Burp Suite Professional users 10,000 free AI credits.


Now, let’s take a look at what each of these new features can do for your workflow.


Explore Issue


Turn Burp AI into your personal assistant that doesn’t just stop at identifying a vulnerability – it digs deeper.


Explore Issue picks up where the scanner leaves off, automatically following up on findings to validate issues, demonstrate impact, and uncover hidden attack vectors. It’s like having an extra set of eyes on every alert – working tirelessly in the background.







AI-Generated Recorded Login Sequences


No more fiddling around with browser recordings. Burp AI can now generate login sequences with a single click, reducing configuration time and ensuring better scan coverage - especially for complex authentication flows.





Explainer


Confused by an unfamiliar cookie? Unsure what a strange header means? Just highlight it in Repeater and let Burp AI explain it from a security perspective.


This feature removes the friction of switching tabs and searching docs. It’s like having a security-savvy co-pilot in your tab bar.






Reduced False Positives - Access Control


False positives drain time and energy. With Burp AI, we’ve started cutting down on the noise - starting with one of the hardest vulnerability classes to detect through automation: Broken Access Control.


Burp Scanner now uses AI to intelligently filter out irrelevant findings, boosting accuracy and freeing you up to focus on real threats.






Build AI Extensions with the Montoya API


Want to create your own AI-enhanced Burp tools? Now you can. The Montoya API lets you build extensions that tap directly into Burp AI, with no need to integrate external APIs or manage your own AI account.



Want to plug AI extensions into your workflow?


The Burp community has already been very busy creating AI extensions with the Montoya API. You can get started by downloading these community-created extensions in the BApp Store.


This includes:





How do I get started with Burp AI?


Getting started with Burp AI is simple:


  1. Update to Burp Suite Professional 2025.2
  2. Enjoy 10,000 free AI credits on us

Not a Burp Suite Pro user yet? Request a free trial.


Trust & Security


We understand that AI in security tools raises important questions. As a long-standing and trusted vendor in the application security industry, we take your security and data seriously.


For a more technical breakdown of how we ensure security and reliability, read more about how your data is handled in our documentation.


We’re committed to building trust through transparency, ensuring that AI in Burp Suite meets the highest security standards.


To learn more about how we're approaching AI integration at PortSwigger, and why we feel the AppSec industry should reconsider its natural skepticism, check out Why it's time for AppSec to embrace AI: How PortSwigger is leading the charge from Burp Suite creator Dafydd Stuttard.


If you have any additional concerns, please reach out to us vis this survey.


Don’t want to use AI in Burp? No Problem.


All AI features in Burp are fully optional and can be toggled off at any time:


  1. Go to Settings > AI
  2. Tick the Disable AI features checkbox

When disabled, AI features will be grayed out and Burp won’t connect to PortSwigger’s AI infrastructure.


Join our exclusive launch events


We’re celebrating the launch of Burp AI with a series of exclusive live events on the PortSwigger Discord - featuring AppSec legends, Burp devs, and a thriving community of security professionals.


Upcoming Events:



Join the PortSwigger Discord to attend, and hang out with Burp Suite devs, PortSwigger Researchers, and help shape the future of AppSec.


The next generation of Burp Suite


AI is changing the game - and with Burp AI, the power of cutting-edge security testing is now in your hands.


Whether you’re hunting bugs manually, building custom tools, or scaling your assessments, Burp AI is here to help you move faster, go deeper, and test smarter. Start using Burp AI in your testing workflow today.


Don’t forget to let us know how you’re getting on with these new features by using #BurpAI or tagging @Burp_Suite on X or @PortSwigger on LinkedIn. We can’t wait to see what you do with it!