PortSwigger, the creator of Burp Suite, announces that its Burp AI has been spotlighted in HackerOne's latest Hacker-Powered Security Report as one of the most widely adopted AI tools among security researchers. This recognition underscores a pivotal evolution in penetration testing, where AI augments human expertise to streamline workflows and uncover deeper vulnerabilities, drawing from insights shared by the global bug bounty community.
The HackerOne report, based on input from the pioneering bug bounty and researcher community, reveals AI's mainstream integration into security practices. With 67% of researchers leveraging AI and automation, the industry is shifting toward faster, more efficient testing. Burp AI stands out as a frontrunner, experiencing approximately 25% month-over-month adoption, reflecting its value in enhancing traditional workflows without overhauling them.
Researchers overwhelmingly endorse a collaborative approach: just 12% anticipate AI fully supplanting human roles. Instead, AI serves as a potent assistant, amplifying expertise to achieve greater depth in findings. This human-in-the-loop paradigm ensures reliability while harnessing AI's speed for routine elements.
Emerging vulnerability patterns further highlight AI's relevance. Insecure Direct Object References (IDOR) reports have increased 116% over the past five years, and Improper Access Control vulnerabilities by 66%, signaling heightened focus on authorization flaws. Meanwhile, Cross-Site Scripting (XSS) issues have stabilized, with bug bounty payouts trending downward, as automation handles these more effectively.
Burp AI, embedded within Burp Suite Professional, is tailored for this blended landscape, where AI elevates manual testing without diminishing human oversight. It allows pentesters to delegate repetitive activities—such as reconnaissance, payload experimentation, and proof-of-concept development—to an AI assistant that leverages Burp Suite's robust tools and contextual data.
This integration empowers testers to concentrate on high-value areas like broken access controls and business logic vulnerabilities, which demand nuanced insight. By extending automation to traditionally elusive issues, Burp AI minimizes false positives, enabling scalable scans that deliver actionable intelligence without overwhelming teams.
Dafydd Stuttard, CEO and founder of PortSwigger, said: “HackerOne’s latest data validates what we’ve seen first-hand: AI helps testers reclaim hours per engagement and reinvest that time in the work that needs human attention. And just like Burp Suite has become the most trusted tool in security testing, Burp AI is built with that same commitment to reliability and trust. This isn’t about replacing testers, it’s about amplifying them. Keeping the human in the loop provides essential safety guardrails around the huge productivity gains that AI offers.”
Organizations embracing Burp AI and similar AI-augmented strategies gain a competitive edge. Teams can produce deeper, more valuable vulnerability reports by reallocating time from mundane tasks to intricate challenges. Efficiency improves through reduced noise from false positives and accelerated reconnaissance, extending the reach of each testing cycle.
Moreover, adopting these tools positions companies ahead of adversaries and industry peers, mirroring the innovations already transforming researcher practices. For talent management, providing access to advanced, intuitive platforms like Burp AI enhances job satisfaction, helping attract and retain skilled professionals who seek impactful, rewarding work.
The report's insights affirm that AI is not disrupting pentesting but redefining it, with Burp AI exemplifying how targeted augmentation fosters innovation and trust in web application security.
PortSwigger is a global leader in web application security, serving over 17,000 customers in over 160 countries. Its flagship product, Burp Suite, is the world’s most widely used toolkit for web security testing. PortSwigger’s mission is to enable the world to secure the web, through cutting-edge software, research, and community initiatives.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.