Burp AI capabilities
Burp AI introduces a number of AI-powered capabilities designed to accelerate your workflow, reduce human error, and help you focus on the tasks that require your human expertise and intuition.
Explainer: Instant AI-powered insights
No more context-switching - get AI-powered, security-focused insights, directly in Burp Repeater.Bridge knowledge gaps
Quickly research unfamiliar HTTP headers, cookies, and other data and their potential security implications.Quickly decipher code
Ask Burp AI to explain client-side JavaScript to you, so you can quickly understand what the code is doing, and whether it warrants deeper manual investigation, without having to decipher it line-by-line.Reduce context-switching
Eliminate the need to switch between Burp and external information sources to look things up.
Explore issue: Automated vulnerability analysis
Performing follow-up analysis on issues identified by scan to validate them and demonstrate impact can be tedious and time-consuming. Let Burp AI investigate scanner-identified issues just like a pentester would.Cover more ground
By outsourcing some of the issue analysis to AI, you can choose to focus your time and effort where you feel it's most valuable.Demonstrate and escalate impact
Burp AI attempts to leverage the vulnerability to exfiltrate sensitive data, reach additional attack surface, and identify escalation paths, automatically generating PoCs on your behalf.Stay in control
Burp AI provides step-by-step insights into what it's attempting at each stage, along with an executive summary of the findings so far. You can intervene at any point, whether it's to take over manually or simply because you feel the issue has been explored sufficiently.
Free Burp AI credits - start experimenting today!
Experiment with AI-powered features at no additional cost. Simply update Burp Suite Professional to 2025.2 to receive 10,000 free AI credits.UPDATE TO LATEST VERSIONAI-powered false positive reduction
Sifting through false positives can be a huge drain on already stretched AppSec teams. By leveraging Burp AI to perform advanced analysis, Burp Scanner is able to intelligently filter out false positives before they're reported. Note that this feature is currently only available for the Broken Access Control scan check.Automate testing for broken access controls
Testing for access control vulnerabilities is repetitive and tedious, but has traditionally proved challenging to automate reliably. Using AI-powered false positive reduction, Burp Scanner can now detect broken access controls with significantly more accuracy.Less noise, more signal
Spend less time chasing dead ends and focus on investigating real vulnerabilities.Validation before reporting
Burp AI helps validate access control issues before they're reported, ensuring you don't get distracted by an overwhelming to-do list of irrelevant findings.
AI-generated login sequences
Manually recording login sequences to handle complex
authentication flows is powerful, but can be time-consuming and
error prone. Burp AI can now generate recorded login sequences for
you. All you need to provide is a valid username and password, and
it handles the rest.Simplified scan setup
Instantly generate recorded login sequences instead of manually navigating login flows in the browser.Reliable authenticated scanning
Avoid common pitfalls of manual recording, such as missed interactions or unrecognized input methods, ensuring successful authentication during scans. Ensure Burp Suite can reliably access and scan authenticated areas, reducing blind spots in your security assessments.
AI-powered extensions
With new updates to the Montoya API, you can integrate AI-powered functionality to build smarter, more powerful extensions.Take advantage of your free bundle of AI credits and start experimenting today.
Burp AI FAQs
Is Burp AI replacing pentesters?
No. Burp AI enhances efficiency but does not replace
human expertise.
Will AI leak my sensitive data?
No. Your data stays within PortSwigger’s secure AI
platform and is never stored by the AI service provider
or used for model training purposes.
Can I disable AI?
Yes. AI features can be fully disabled from Burp Suite’s
settings.
Can I use Burp AI offline?
Not currently, but we may explore local model options
based on demand.
Join the official PortSwigger Community
Chat with Burp developers and researchers
Connect with the people behind Burp Suite, ask questions, share insights and get advice from experts.Exclusive events
Gain access to members-only events, including live demos, deep dives and Q&A sessions with our developers and security researchers.Feature previews and much more
Be the first to see what's coming next - get sneak peeks of upcoming features, new tools and other exciting updates exclusive to the PortSwigger Discord.
