Welcome to AI pentesting – add on-demand AI assistance directly to your workflow with new, agentic Burp AI capabilities | Blog

Whether you’re navigating a client pentest or chasing a bounty target, even the most experienced testers hit roadblocks, burn time on repetitive tasks, or just want a second opinion.

Burp AI is designed to sit alongside you, not above you, guiding and speeding up your work without taking control. Get ready to remove friction, accelerate analysis, and allow yourself to stay focused on the creative parts of testing with these brand new capabilities.

What is Burp AI?

Smarter, faster pentesting – without losing control.

With natural language prompts, you can ask Burp AI to explain tricky behavior, explore attack ideas, validate findings, or automate repetitive steps.

From “help me with this”, all the way to “conduct in-depth analysis”, prompting Burp AI helps you push through roadblocks – all while you stay in control. Imagine having an AI-powered security expert at your side at all times: one who reduces time-to-insight and time-to-impact, so you can focus on the creative, high-value parts of testing.

Burp AI feels more like a peer than a bot: suggesting next moves, checking your work, and helping you turn complex data into actionable insight. You stay in the driver’s seat; Burp AI speeds the route.

Where can I find Burp AI?

In addition to providing on-demand AI enhancements to various features in Burp (including AI powered extensibility, and AI recorded logins), you can now pair with Burp AI directly in Repeater.

That means no context switching and no juggling extra tools. Simply open Repeater and you’ll see Burp AI ready to help, right where you already work. It’s pentesting assistance embedded at the point of execution.

How can Burp AI help me?

Burp AI helps you cut through noise and focus on what really matters, finding and exploiting the vulnerabilities that make a difference. It gives you faster paths from idea to insight, whether that means suggesting payloads, refining attack angles, or providing an expert second opinion on tricky findings.

You can offload the tedious parts (repetitive validation, summarizing complex behavior, or drafting report text) while still keeping full control over each step. The result is more time for the high-value, puzzle-solving work that makes security testing rewarding.

And whether you’re working alone or leading a team, Burp AI helps scale impact without sacrificing quality. It reinforces good practice for less-experienced testers and keeps everything inside PortSwigger’s trusted boundary, so your data and process stay secure.

How can I optimize my workflow by using Burp AI in Repeater?

Spot leads to investigate

Burp AI can scan request and response data for anything unusual or potentially sensitive.

Instead of manually combing through, you can ask it to highlight interesting behavior worth digging into, or even let it begin probing the functionality itself.

Automate repetitive XSS tests

Testing for stored XSS, CSRF, or other classic issues can be slow and repetitive.

With Burp AI, you can simply prompt, “test whether this functionality is vulnerable to stored XSS”, and it will generate and send payloads, then analyze responses – saving you the grind all while keeping you in control.

Bypass filters and input sanitization

Many vulnerabilities lurk behind filters or sanitization. Burp AI can try crafting payloads that evade defenses for cases like XSS, SQL injection, or template injection.

Just tell it what you’re testing, and it will attempt filter bypasses automatically.

Demonstrate impact beyond a proof-of-concept

Once you’ve proven a bug with a harmless payload, Burp AI can help escalate the finding.

For example, prompting “this is vulnerable to XSS. Generate an exploit that shows real business impact” will build on your proof-of-concept to create a demonstration that’s more compelling for stakeholders.

Get started with Burp AI

Getting started with Burp AI is simple:

1. Update to the latest version of Burp Suite Professional.
2. If you’re new to Burp AI, enjoy 10,000 free AI credits on us.

Trust & Security

We understand that AI in security tools might spark some questions around data. For the last twenty years, we’ve taken the security and privacy of the 80,000+ Burp users and their data very seriously, and that won’t stop any time soon.

For a more technical breakdown of how we ensure security and reliability, read more about how your data is handled in our documentation.

We’re committed to building transparency and trust, ensuring that AI in Burp Suite meets the highest security standards.

Upcoming Burp AI events

We’re running a special Discord event series to celebrate the new Burp AI release in Burp Suite Professional, your on-demand AI partner for smarter, faster pentesting.

Come along to see the new update in action, hear directly from the team behind it, and learn how to supercharge your testing with AI from Burp AI users.

Here’s what’s coming up…

PortSwigger researcher Martin Doyhenard will also be debuting a brand new talk, “Don’t get hacked while you hack: detecting prompt injection in the wild”, on Burp AI and prompt injections at Eko Party’s Bug Bounty Village this October.

Join the conversation

We’d love to hear what you’re finding, breaking, and fixing with Burp AI.

Jump into the #burp-ai channel on the PortSwigger Discord to share feedback, tips, and requests with the team and the community.

Join the PortSwigger Discord.