Andrzej Matykiewicz |
07 October 2025 at 13:17 UTC
The latest Hacker-Powered Security Report from HackerOne makes one thing clear: AI-assisted pentesting isn’t a future trend; it’s today’s reality.
In HackerOne’s 2025 report, 70% of surveyed researchers say they now use AI tools in their workflow, yet only 12% believe AI could replace humans entirely. The data points to a shift that’s already underway: automation is changing how we test, but it’s human ingenuity that still drives meaningful impact.
But what does the latest data mean for you, and why is Burp AI the fastest, safest way to bring human-in-the-loop AI into your daily testing?
Key takeaways
- AI use is now mainstream. Adoption has crossed the chasm: 70% of those surveyed use AI during testing, and bug bounty programs with AI in scope jumped 270% year-over-year.
- “Hackbots” are here, but limited. Autonomous agents are finding and submitting real, valid reports, but their strengths skew toward surface-level issues that can more easily be fingerprinted, such as reflected XSS and SQL injection; strong validation and human oversight remain critical.
- Human + AI beats either alone. Only 12% think AI could replace researchers, in part due to it missing business-logic flaws or failing to chain exploits effectively. As noted in the report, “the winning strategy is hybrid: agents and automation for scale, human ingenuity for impact.“
Put simply, AI raises the baseline; humans raise the ceiling.
AI-assisted pentesting is the new normal
Across the community, AI is taking the grind out of pentesting. From summarizing data to iterating payloads and scaffolding PoCs, offloading repetitive work lets testers spend more time on the creative, high-impact parts; the kind of testing that still demands human expertise and intuition.
It’s a direction that aligns perfectly with PortSwigger’s vision for AI that augments, not replaces, expert pentesters. As Burp Suite creator and PortSwigger CEO, Dafydd Stuttard, puts it:
“This isn’t a revolution that eliminates pentesters, it’s an evolution that empowers you to work smarter, faster, and with greater precision.“
Burp AI: Leading the human x AI wave
HackerOne’s report highlights Burp AI as one of the most widely adopted AI tools in pentesting workflows today. Built directly into Burp Suite Professional, Burp AI combines human control with deep AI integration. And it’s growing fast, showing around 25% month-over-month growth and the largest reported share among AI-enhanced tools in use.
Pentesters are turning to Burp AI to reclaim hours, cut through noise, and keep the human firmly in the loop.
Humans steer; AI accelerates
Our philosophy is simple: keep the human in the driver’s seat.
Burp AI is built for tester control. It lives inside Burp Suite Professional, so it follows your workflow, not the other way round. You choose when to invoke it, what context to share, and how to validate the output.
One early adopter, pentester and bug bounty hunter, Cristi Vlad, summed it up well:
“It actually feels like a collaboration. It gives me the headspace to think laterally, helping me think outside my normal methodology. It brings things to my attention that I might have missed otherwise.“
In one case, Burp AI helped him connect two seemingly separate issues into a critical account takeover; the kind of complex, multi-step find that proves why the human x AI model works best.
The takeaway
AI-assisted pentesting isn’t just coming; it’s here. The latest data shows that AI is now a standard part of the testing toolkit, but human insight remains the deciding factor.
Burp AI brings that partnership directly into the tools testers already trust, combining automation with human control, built for privacy, transparency, and precision from the ground up.
Upgrade to the latest version of Burp Suite Professional, and experience Burp AI for yourself. All Burp Suite Professional users get 10,000 free AI credits, so now is the perfect time to start.
More info
