Professional

Burp AI

  • Last updated: March 31, 2025

  • Read time: 3 Minutes

Burp Suite includes AI-powered features designed to enhance your security testing workflow. They enable you to uncover vulnerabilities more efficiently, understand complex web technologies, and streamline authentication setup.

Burp's AI features prioritize privacy and security, to keep your data safe and make sure you remain in full control of the testing process. None of the features run unless you explicitly activate them.

AI features in Burp

Burp offers the following AI-powered features:

Explore Issue

Explore Issue autonomously investigates vulnerabilities identified by Burp Scanner, saving you time and effort. It follows up on issues like a human pentester would - attempting exploits, identifying additional attack vectors, and summarizing findings so you can validate and demonstrate impact more efficiently.

More information

For more information on Explore Issue, see Exploring Issues with AI.

Explainer

Explainer enables you to quickly understand unfamiliar technologies without leaving Burp Suite. Highlight any part of a Repeater message and click a button to get an AI-generated explanation. Explainer provides instant insights into headers, cookies, JavaScript functions, and more, to help you quickly identify potential security implications without disrupting your workflow.

More information

For more information on Explainer, see Generating AI-powered explanations.

Broken access control false positive reduction

False positives in automated security testing can waste valuable time. Burp enhances Broken Access Control scan checks by intelligently filtering out false positives before they're reported, helping to free up your time to focus on real threats.

More information

For more information on BAC false positive reduction, see Configure AI scan enhancements.

AI-powered recorded logins

Configuring authentication for web apps can be time-consuming and error-prone. Burp can use AI to generate recorded login sequences automatically, saving time and eliminating the possibility of human error.

More information

For more information on AI-generated recorded login sequences, see Adding recorded login sequences.

AI-powered extensions

The Montoya API enables you to add advanced AI features into your Burp Suite extensions. Your extensions can now send prompts to an AI model, allowing for real-time input analysis and intelligent responses. There's no need for complex setup, such as managing API keys, as all AI interactions are handled within Burp Suite's secure AI infrastructure.

More information

For more information on creating AI extensions, see Creating AI extensions.

Security and privacy

We've designed Burp's AI features with security, privacy, and transparency in mind.:

  • Full user control - AI features only run when you choose, giving you full control over when and where they execute. You can also disable AI entirely if needed.

  • Data privacy - AI request data is processed securely through our trusted AI infrastructure. It is never used for model training or stored by our AI providers.

  • Industry-standard security - Burp AI complies with ISO 27001 standards and implements robust encryption, ensuring data is protected in transit and at rest.

More information

For more information on security and privacy in Burp's AI features, see AI security, privacy and data handling.

AI credits

AI credits give you access to Burp Suite's AI-powered features. Whenever you use an AI-powered tool or an extension that interacts with an AI model, credits are deducted from your balance. The amount of credits required by each feature varies depending on how many AI requests the feature needs to make and how complex those requests are.

You can buy AI credits from My Account on the PortSwigger site.

More information

For more information on AI credits, see AI credits.

Was this article helpful?