Portswigger Logo
Burp Suite DASTThe enterprise-enabled dynamic web vulnerability scanner.
Burp Suite ProfessionalThe world's #1 web penetration testing toolkit.
Burp Suite Community EditionThe best manual tools to start web security testing.
View all product editions
Burp ScannerBurp Suite's web vulnerability scannerFeatured Article
Attack surface visibilityImprove security posture, prioritize manual testing, free up time.
CI-driven scanningMore proactive security - find and fix vulnerabilities earlier.
Application security testingSee how our software enables the world to secure the web.
DevSecOpsCatch critical bugs; ship more secure software, more quickly.
Penetration testingAccelerate penetration testing - find more bugs, more quickly.
Automated scanningScale dynamic scanning. Reduce risk. Save time/money.
Bug bounty huntingLevel up your hacking and earn more bug bounties.
ComplianceEnhance security monitoring to comply with confidence.
View all solutions
Burp ScannerBurp Suite's web vulnerability scannerFeatured Article
ResearchAcademy
Support CenterGet help and advice from our experts on all things Burp.
DocumentationTutorials and guides for Burp Suite.
Get Started - ProfessionalGet started with Burp Suite Professional.
Get Started - EnterpriseGet started with Burp Suite Enterprise Edition.
User ForumGet your questions answered in the User Forum.
DownloadsDownload the latest version of Burp Suite.
Visit the Support Center
DownloadsDownload the latest version of Burp SuiteFeatured Article
Burp AIAI CapabilitiesBurp AI NewsPrivacy & SecurityBurp Suite Professional
Burp AI
AI Capabilities
Burp AI News
Privacy & Security
Burp Suite Professional
Get certified
Get certified
How to prepare
How it works
Practice exam
What the exam involves
FAQs

Burp AI capabilities

Burp AI introduces a number of AI-powered capabilities designed to accelerate your workflow, reduce human error, and help you focus on the tasks that require your human expertise and intuition.
Portswigger Culture Hero Image

Explainer: Instant AI-powered insights

No more context-switching - get AI-powered, security-focused insights, directly in Burp Repeater.

Bridge knowledge gaps

Quickly research unfamiliar HTTP headers, cookies, and other data and their potential security implications.

Quickly decipher code

Ask Burp AI to explain client-side JavaScript to you, so you can quickly understand what the code is doing, and whether it warrants deeper manual investigation, without having to decipher it line-by-line.

Reduce context-switching

Eliminate the need to switch between Burp and external information sources to look things up.
Portswigger Culture Hero Image

Explore issue: Automated vulnerability analysis

Cover more ground

By outsourcing some of the issue analysis to AI, you can choose to focus your time and effort where you feel it's most valuable.

Demonstrate and escalate impact

Burp AI attempts to leverage the vulnerability to exfiltrate sensitive data, reach additional attack surface, and identify escalation paths, automatically generating PoCs on your behalf.

Stay in control

Burp AI provides step-by-step insights into what it's attempting at each stage, along with an executive summary of the findings so far. You can intervene at any point, whether it's to take over manually or simply because you feel the issue has been explored sufficiently.
Portswigger Culture Hero Image

AI-powered false positive reduction

Automate testing for broken access controls

Testing for access control vulnerabilities is repetitive and tedious, but has traditionally proved challenging to automate reliably. Using AI-powered false positive reduction, Burp Scanner can now detect broken access controls with significantly more accuracy.

Less noise, more signal

Spend less time chasing dead ends and focus on investigating real vulnerabilities.

Validation before reporting

Burp AI helps validate access control issues before they're reported, ensuring you don't get distracted by an overwhelming to-do list of irrelevant findings.
Portswigger Culture Hero Image

AI-generated login sequences

Simplified scan setup

Instantly generate recorded login sequences instead of manually navigating login flows in the browser.

Reliable authenticated scanning

Avoid common pitfalls of manual recording, such as missed interactions or unrecognized input methods, ensuring successful authentication during scans. Ensure Burp Suite can reliably access and scan authenticated areas, reducing blind spots in your security assessments.
Portswigger Culture Hero Image

Burp AI FAQs

Is Burp AI replacing pentesters?

No. Burp AI enhances efficiency but does not replace human expertise.

Will AI leak my sensitive data?

No. Your data stays within PortSwigger’s secure AI platform and is never stored by the AI service provider or used for model training purposes.

Can I disable AI?

Yes. AI features can be fully disabled from Burp Suite’s settings.

Can I use Burp AI offline?

Not currently, but we may explore local model options based on demand.

Join the official PortSwigger Community

Chat with Burp developers and researchers

Connect with the people behind Burp Suite, ask questions, share insights and get advice from experts.

Exclusive events

Gain access to members-only events, including live demos, deep dives and Q&A sessions with our developers and security researchers.

Feature previews and much more

Be the first to see what's coming next - get sneak peeks of upcoming features, new tools and other exciting updates exclusive to the PortSwigger Discord.
Portswigger Culture Hero Image