Burp AI Emerges as a Leader in HackerOne’s Latest Security Report, Highlighting AI’s Growing Role in Pentesting
In a landmark recognition, PortSwigger’s Burp AI has been named one of the most widely used AI tools among security researchers in HackerOne’s latest Hacker-Powered Security Report. This acknowledgment underscores a significant evolution in the field of penetration testing (pentesting), where artificial intelligence is increasingly becoming an integral part of the process. With 67% of security researchers already leveraging AI in their workflows, the report signals a transformative shift: pentesting is no longer solely reliant on human expertise but is now augmented by AI-powered tools like Burp AI.
As a leading provider of application security software and the creator of the widely trusted Burp Suite, PortSwigger is at the forefront of this transformation. The findings from HackerOne’s report reflect not only the growing adoption of AI in security testing but also Burp AI’s pivotal role in shaping the future of the industry.
HackerOne’s Key Findings: AI Adoption Goes Mainstream
The insights gathered from HackerOne’s global community of security researchers and bug bounty hunters reveal several key trends:
- AI Adoption is Mainstream: A staggering 67% of researchers are already using AI and automation to accelerate their testing workflows. This widespread adoption demonstrates that AI is no longer an experimental tool but a core component of modern security testing.
- Burp AI Leads the Pack: Among AI-enhanced tools, Burp AI stands out as one of the most widely adopted, with its user base growing at an impressive rate of approximately 25% month over month. This rapid adoption highlights its effectiveness and ease of integration into existing workflows.
- Human-in-the-Loop Model Prevails: Despite the rise of AI, only 12% of researchers believe that AI will replace humans entirely. Instead, the majority view AI as a powerful assistant that enhances human capabilities, enabling testers to focus on high-impact tasks while automating repetitive ones.
- Authorization Vulnerabilities Take Center Stage: The report notes a significant increase in vulnerabilities related to authorization, with Insecure Direct Object References (IDOR) reports growing by 116% over the past five years and Improper Access Control rising by 66%. Meanwhile, older vulnerabilities like Cross-Site Scripting (XSS) have plateaued, with declining payouts reflecting their reduced prevalence.
The Hybrid Future of Security Testing
The data from HackerOne suggests that the future of web security lies in a hybrid model that combines the strengths of AI-assisted automation with the expertise of manual testers. While AI excels at identifying common issues like reflected XSS, the most impactful findings often stem from complex flaws such as broken access controls and business logic vulnerabilities—areas where human intuition and experience remain irreplaceable.
Burp AI is purpose-built for this hybrid future. Seamlessly integrated into Burp Suite Professional, it empowers manual testers to maximize their impact by outsourcing repetitive tasks and augmenting their skills with advanced AI-driven tools. Key features include:
- Streamlining Repetitive Tasks: Burp AI allows testers to delegate time-consuming activities like reconnaissance, payload experimentation, and proof-of-concept scaffolding to an AI assistant. This enables testers to focus on the nuanced aspects of security testing that require human attention.
- Enhancing Human Expertise: By complementing testers’ expertise with cutting-edge AI tools, Burp AI helps them achieve deeper insights and uncover more critical vulnerabilities without overwhelming them with false positives.
- Scaling Automation: Burp AI extends automation to traditionally challenging areas like broken access controls, enabling scanning at scale while maintaining accuracy and minimizing noise.
- Maintaining Human Control: Burp AI ensures that testers remain in control, offering transparent, secure, and human-driven assistance whenever needed. This approach respects the tried-and-true workflows that testers have honed over years while optimizing their efficiency.
A Vision for Amplifying Testers, Not Replacing Them
Dafydd Stuttard, CEO and founder of PortSwigger, emphasized the importance of keeping humans at the center of AI-augmented workflows. “HackerOne’s latest data validates what we’ve seen firsthand: AI helps testers reclaim hours per engagement and reinvest that time in the work that truly needs human attention,” said Stuttard. “Just as Burp Suite has become the most trusted tool in security testing, Burp AI is built with the same commitment to reliability and trust. This isn’t about replacing testers—it’s about amplifying them. Keeping the human in the loop provides essential safety guardrails around the huge productivity gains that AI offers.”
Why This Matters for Organizations
For organizations adopting Burp AI and embracing AI-augmented workflows, the benefits are clear:
- Deeper, Higher-Value Findings: By automating repetitive tasks, testers can dedicate more time to uncovering complex vulnerabilities that require human insight, delivering higher-value results.
- Improved Efficiency: AI reduces the noise of false positives and accelerates reconnaissance, allowing testers to make the most of their limited time and resources.
- Staying Ahead of Threats: Using tools like Burp AI ensures organizations stay ahead of attackers and peers, leveraging the same technologies that are shaping the industry.
- Attracting Top Talent: Providing testers with cutting-edge tools makes their work more impactful and rewarding, helping organizations attract and retain top cybersecurity talent.
About PortSwigger
PortSwigger is a global leader in web application security, serving over 17,000 customers in over 160 countries. Its flagship product, Burp Suite, is the world’s most widely used toolkit for web security testing. PortSwigger’s mission is to enable the world to secure the web, through cutting-edge software, research, and community initiatives.
