Welcome to AI pentesting - add on-demand AI assistance directly to your workflow with new, agentic Burp AI capabilities
September 24, 2025 -Whether you’re navigating a client pentest or chasing a bounty target, even the most experienced testers hit roadblocks, burn time on repetitive tasks, or just want a second opinion.
Portswigger's Burp AI is designed to sit alongside you, not above you, guiding and speeding up your work without taking control. Get ready to remove friction, accelerate analysis, and allow yourself to stay focused on the creative parts of testing with these brand new capabilities.
What is Burp AI?
Smarter, faster pentesting - without losing control.
With natural language prompts, you can ask Burp AI to explain tricky behavior, explore attack ideas, validate findings, or automate repetitive steps.
From “help me with this”, all the way to “conduct in-depth analysis”, prompting Burp AI helps you push through roadblocks - all while you stay in control. Imagine having an AI-powered security expert at your side at all times: one who reduces time-to-insight and time-to-impact, so you can focus on the creative, high-value parts of testing.
Burp AI feels more like a peer than a bot: suggesting next moves, checking your work, and helping you turn complex data into actionable insight. You stay in the driver’s seat; Burp AI speeds the route.
Where can I find Burp AI?
In addition to providing on-demand AI enhancements to various features in Burp (including AI powered extensibility, and AI recorded logins), you can now pair with Burp AI directly in Repeater.
That means no context switching and no juggling extra tools. Simply open Repeater and you’ll see Burp AI ready to help, right where you already work. It’s pentesting assistance embedded at the point of execution.
How can Burp AI help me?
Burp AI helps you cut through noise and focus on what really matters, finding and exploiting the vulnerabilities that make a difference. It gives you faster paths from idea to insight, whether that means suggesting payloads, refining attack angles, or providing an expert second opinion on tricky findings.
You can offload the tedious parts (repetitive validation, summarizing complex behavior, or drafting report text) while still keeping full control over each step. The result is more time for the high-value, puzzle-solving work that makes security testing rewarding.
And whether you’re working alone or leading a team, Burp AI helps scale impact without sacrificing quality. It reinforces good practice for less-experienced testers and keeps everything inside PortSwigger’s trusted boundary, so your data and process stay secure.
How can I optimize my workflow by using Burp AI in Repeater?
Spot leads to investigate
Burp AI can scan request and response data for anything unusual or potentially sensitive.
Instead of manually combing through, you can ask it to highlight interesting behavior worth digging into, or even let it begin probing the functionality itself.
Automate repetitive XSS tests
Testing for stored XSS, CSRF, or other classic issues can be slow and repetitive.
With Burp AI, you can simply prompt, "test whether this functionality is vulnerable to stored XSS", and it will generate and send payloads, then analyze responses - saving you the grind all while keeping you in control.
Bypass filters and input sanitization
Many vulnerabilities lurk behind filters or sanitization. Burp AI can try crafting payloads that evade defenses for cases like XSS, SQL injection, or template injection.
Just tell it what you’re testing, and it will attempt filter bypasses automatically
Demonstrate impact beyond a proof-of-concept
Once you’ve proven a bug with a harmless payload, Burp AI can help escalate the finding.
For example, prompting “this is vulnerable to XSS. Generate an exploit that shows real business impact" will build on your proof-of-concept to create a demonstration that’s more compelling for stakeholders.
Get started with Burp AI
Getting started with Burp AI is simple:
- Update to the latest version of Burp Suite Professional.
- If you’re new to Burp AI, enjoy 10,000 free AI credits on us.
Trust & Security
We understand that AI in security tools might spark some questions around data. For the last twenty years, we've taken the security and privacy of the 80,000+ Burp users and their data very seriously, and that won’t stop any time soon.
For a more technical breakdown of how we ensure security and reliability, read more about how your data is handled in our documentation.
We’re committed to building transparency and trust, ensuring that AI in Burp Suite meets the highest security standards.
Portswigger DAST and Burp Suite Professional solutions are available in UK through Simple IT Distribution LTD, Portswigger Partner in the UK.
About Simple IT Distribution LTD
Simple IT Distribution LTD is backed by 10 years of experience in Value Added IT Distribution. What sets us apart from the crowd is our customer-centric approach, the quality services (consulting, implementation, training, support), and the people behind them, which are experienced and certified proffessionals. We provide sales and technical advice and deliver the solutions that best meed our customers' diverse technology needs. Our partners are hand-picked from the top vendors, and we back up their solutions with certified professionals, to give you nothing but the best.
For more information, please visit www.simpleit-distribution.co.uk . |
