Why now?
Artificial intelligence is rapidly transforming industries, and security testing is no exception. At PortSwigger, we’ve always been driven by innovation, but we don’t chase trends for the sake of it. Instead, we focus on delivering real value to security professionals. AI represents a massive opportunity to enhance the way our users work, so we set out to meaningfully integrate it into Burp Suite.
For more details on how we’re approaching AI assistance and why we believe now is the time for the AppSec industry to challenge its natural hesitancy towards AI, check out the following blog post from Burp Suite creator and PortSwigger CEO, Dafydd Stuttard: Why it’s time for AppSec to embrace AI: How PortSwigger is leading the charge.
A Year in the Making
Our journey toward Burp AI didn’t start overnight. We laid the groundwork with extensive research, iterative development, and a strong focus on understanding how AI could truly benefit penetration testers.
- December 2023: We got a small team together to investigate how we could focus on AI-driven improvements, exploring how this technology could enhance security workflows.
- January 2024: Teams across PortSwigger tried internal AI weeks, dedicated research periods aimed at pushing forward new ideas. At the same time we started to focus on building AI infrastructure. This included:
- Developing systems to manage AI models effectively
- Establishing scalable credit-based infrastructure for AI usage
- Ensuring our AI solutions could integrate seamlessly into Burp Suite
- Throughout 2024: We continuously refined our AI-powered features, focusing on workflow enhancements, automation, and efficiency gains. Our aim was never to build gimmicks but to create tools that genuinely help security professionals do their jobs better and faster.
Taking Burp AI to Trial
In November 2024, we launched a private trial with 30 testers across multiple segments. This was a significant milestone—not just for our users but for us as well. We set out to validate key assumptions, including:
- Real Value: Were the AI-powered features we built genuinely helping users?
- Risk Perception: What concerns did users have about integrating AI into their workflow?
- Scalability: How could we optimize Burp AI for broader adoption while ensuring reliability?
The feedback was invaluable. We learned what worked, where improvements were needed, and how we could further refine our approach.
From Trial to Production
The transition from trial to production wasn’t just about finalizing features—it was about incorporating everything we had learned to ensure Burp AI met the high standards our users expect.
- December 2024 – January 2025: We took the feedback, iterated on our features, and made critical refinements before rolling out AI-powered capabilities more broadly.
- We focused on ensuring trust remains at the core of what we built. Security professionals rely on Burp Suite, and we had to ensure our AI-powered features reinforce that trust rather than undermined it.
- Data privacy was another key consideration, and we’ve documented our approach transparently.
- No gimmicks, real value: Our features needed to solve real problems, and early testers confirmed that what we built significantly improved efficiency.
- Ease of use matters: Time savings and simplicity were two of the most consistent themes in the feedback, reinforcing our commitment to intuitive design.
What’s Next?
We’re just getting started. We have already announced AI-Powered Extensibility, allowing security professionals to seamlessly integrate AI into their workflows using the Montoya API. This enables automation of tedious tasks, enhances security testing, and provides deeper insights into web application vulnerabilities.
Update 31 March 2025: We’ve now released a number of built-in AI-powered features. For details, see Welcome to the next generation of Burp Suite: elevate your testing with Burp AI.
By leveraging PortSwigger’s trusted platform, users can focus on developing innovative solutions without managing complex AI infrastructures. Additionally, Gareth Heyes’ Hackvertor & Shadow Repeater extensions demonstrates the power of AI-driven extensibility, offering new ways to create and apply transformations within Burp Suite.