Burp AI, PortSwigger unveils AI-driven extensibility in Burp Suite Professional, revolutionizing the way security professionals approach application testing.
In its latest stride toward innovation, PortSwigger, the creator of the widely acclaimed Burp Suite, has announced the integration of artificial intelligence (AI) into its platform.
This new feature enables security testers to harness AI-powered extensions, opening up unprecedented possibilities for enhancing workflows, automating repetitive tasks, and uncovering deeper vulnerabilities in web applications.
Known for its dedication to pushing the boundaries of application security, PortSwigger has long been a leader in the field, with its Burp Suite Professional tool serving as a trusted companion for penetration testers worldwide.
The platform’s extensibility has been a hallmark feature, allowing users to customize their workflows with integrations and automation.
Now, with the introduction of AI-powered extensibility, PortSwigger is taking this customization to the next level. By leveraging AI through its purpose-built Montoya API, the company aims to empower security professionals with tools that were previously unimaginable using traditional code alone.
“We’re starting by bringing AI-powered extensions to Burp Suite Professional giving you even more ways to integrate AI into your security testing! The ability to build AI-powered extensions is now available in Early Adopter 2025.2.” PortSwigger announced on Linkedin.
AI-Powered Extensibility: A Game-Changer
The integration of AI into Burp Suite Professional offers several key benefits for security testers:
- Enhanced Efficiency: Automate tedious tasks and focus on complex problem-solving.
- Deeper Insights: Use AI to identify vulnerabilities that might otherwise go unnoticed.
- Custom Solutions: Develop tailored testing solutions using natural language prompts and AI-generated code.
The Montoya API serves as the backbone of this innovation. It allows seamless integration of AI capabilities into Burp Suite with minimal setup while ensuring that all interactions remain secure within PortSwigger’s trusted platform.
Importantly, none of the user’s data is used for external training purposes, addressing a common concern about AI tools.
Why Montoya API?
PortSwigger highlights that using its Montoya API offers distinct advantages over directly connecting to external AI providers:
- It is purpose-built for security professionals.
- It integrates seamlessly into Burp Suite with minimal configuration.
- Users can focus on building solutions rather than managing complex AI infrastructures.
- Extensions can be shared with over 80,000 testers via the BApp Store.
- A bundle of 10,000 free AI credits is included for all users of Burp Suite Professional to encourage experimentation without additional costs.
AI in Action: Hackvertor’s Transformation
Gareth Heyes has enhanced his popular Hackvertor extension with powerful AI features to showcase this new functionality’s potential. These include:
- Creating custom tags using natural language prompts to transform input data.
- Automatically generating code for custom tags in languages like JavaScript, Python, Java, and Groovy.
- Generating encoding/decoding tag pairs based on observed patterns in requests.
These updates demonstrate how seamlessly AI can be integrated into existing tools to simplify complex tasks and enhance functionality. Security testers can watch Heyes’ video demonstration to see these features in action and draw inspiration for their own extensions.
To encourage adoption and experimentation, PortSwigger is providing all users of Burp Suite Professional with 10,000 free AI credits.

This allows developers to build and deploy AI-powered extensions without incurring costs. Additionally, an example extension is available to demonstrate how to use the Montoya API for issuing requests to large language models (LLMs) and analyzing responses.
Developers are also encouraged to share their creations on the BApp Store, enabling thousands of security professionals worldwide to benefit from their innovations.
PortSwigger recognizes that integrating AI into security tools raises important concerns about trust and data privacy.
As a long-standing leader in application security, the company assures users that all interactions with its AI-powered features adhere to strict security standards. Data remains securely managed within PortSwigger’s infrastructure and is not used for external purposes.
For those seeking further technical details or assurances about data handling practices, comprehensive documentation is available.
With this bold step forward, PortSwigger is redefining what’s possible in application security testing. By combining the power of AI with Burp Suite’s trusted platform, security professionals now have access to tools that can supercharge their workflows and uncover vulnerabilities more effectively than ever before.
Upgrade Your Cybersecurity Skills With 150+ Practical Cybersecurity Courses Online - Enroll Here

