Professional
Burp AI
-
Last updated: March 31, 2025
-
Read time: 3 Minutes
Burp Suite includes AI-powered features designed to enhance your security testing workflow. They enable you to uncover vulnerabilities more efficiently, understand complex web technologies, and streamline authentication setup.
Burp's AI features prioritize privacy and security, to keep your data safe and make sure you remain in full control of the testing process. None of the features run unless you explicitly activate them.
AI features in Burp
Burp offers the following AI-powered features:
Explore Issue
Explore Issue autonomously investigates vulnerabilities identified by Burp Scanner, saving you time and effort. It follows up on issues like a human pentester would - attempting exploits, identifying additional attack vectors, and summarizing findings so you can validate and demonstrate impact more efficiently.
More information
For more information on Explore Issue, see Exploring Issues with AI.
Explainer
Explainer enables you to quickly understand unfamiliar technologies without leaving Burp Suite. Highlight any part of a Repeater message and click a button to get an AI-generated explanation. Explainer provides instant insights into headers, cookies, JavaScript functions, and more, to help you quickly identify potential security implications without disrupting your workflow.
More information
For more information on Explainer, see Generating AI-powered explanations.
Broken access control false positive reduction
False positives in automated security testing can waste valuable time. Burp enhances Broken Access Control scan checks by intelligently filtering out false positives before they're reported, helping to free up your time to focus on real threats.
More information
For more information on BAC false positive reduction, see Configure AI scan enhancements.
AI-powered recorded logins
Configuring authentication for web apps can be time-consuming and error-prone. Burp can use AI to generate recorded login sequences automatically, saving time and eliminating the possibility of human error.
More information
For more information on AI-generated recorded login sequences, see Adding recorded login sequences.
AI-powered extensions
The Montoya API enables you to add advanced AI features into your Burp Suite extensions. Your extensions can now send prompts to an AI model, allowing for real-time input analysis and intelligent responses. There's no need for complex setup, such as managing API keys, as all AI interactions are handled within Burp Suite's secure AI infrastructure.
More information
For more information on creating AI extensions, see Creating AI extensions.
Security and privacy
We've designed Burp's AI features with security, privacy, and transparency in mind.:
Full user control - AI features only run when you choose, giving you full control over when and where they execute. You can also disable AI entirely if needed.
Data privacy - AI request data is processed securely through our trusted AI infrastructure. It is never used for model training or stored by our AI providers.
Industry-standard security - Burp AI complies with ISO 27001 standards and implements robust encryption, ensuring data is protected in transit and at rest.
More information
For more information on security and privacy in Burp's AI features, see AI security, privacy and data handling.
AI credits
AI credits give you access to Burp Suite's AI-powered features. Whenever you use an AI-powered tool or an extension that interacts with an AI model, credits are deducted from your balance. The amount of credits required by each feature varies depending on how many AI requests the feature needs to make and how complex those requests are.
You can buy AI credits from My Account on the PortSwigger site.
More information
For more information on AI credits, see AI credits.