Sunday, May 25, 2025
HomeCyber Security NewsBurp Suite Professional / Community 2025.2 Released With New Built-in AI Integration

Burp Suite Professional / Community 2025.2 Released With New Built-in AI Integration

Published on

SIEM as a Service

Follow Us on Google News

PortSwigger has announced the release of Burp Suite Professional and Community Edition 2025.2, introducing significant updates that include AI integration into the Montoya API, enhancing the capabilities for building smarter, AI-powered extensions.

Bug Fixes and Browser Updates:

A notable bug fix corrects the display of source IP addresses for DNS requests over IPv6 in the Burp Collaborator.

Additionally, the browser component of Burp Suite has been updated to Chromium 133.0.6943.54 for Windows and Mac, and 133.0.6943.53 for Linux, ensuring compatibility and security with the latest web technologies.

- Advertisement - Google News

This update marks a significant leap in integrating AI into security testing, promising more intelligent and efficient tools for both professional and community users of Burp Suite.

AI Integration in Montoya API:

The latest version of Burp Suite now features built-in AI support within the Montoya API, allowing extensions to interact securely with a large language model (LLM) via PortSwigger’s custom AI platform.

This integration facilitates advanced automation and data analysis without the need for external API keys or complex setups.

Users can now leverage AI to perform tasks like generating custom transformation tags or creating code in various programming languages directly within Burp Suite extensions.

Burp Suite introduces AI credits, a straightforward payment mechanism for AI interactions to fuel these new AI-driven features. Each user starts with 10,000 free credits, equivalent to $5 in AI requests.

An example of this in action is the AI-enhanced Hackvertor extension, where AI can generate or modify tags based on natural language inputs or observed traffic patterns.

Alongside these technological enhancements, PortSwigger has updated its data processing agreement to encompass the new AI service provisions.

Upon updating to this version of Burp Suite, users must accept the new End User License Agreement (EULA).

Bambda Library:

A new Bambda library has been added, providing a centralized place to store, manage, and reuse Bambdas across various Burp tools.

Users can import Bambdas from shared sources or the dedicated GitHub repository, enhancing the customization and efficiency of security testing workflows.

To simplify the process of developing extensions, a ready-to-use starter project is now available directly within Burp Suite. This project includes pre-configured files to kickstart development, making it easier for developers to begin coding immediately.

API Updates and Quality of Life Improvements:

The Montoya API has been updated to support better management of project file IDs and parameter retrieval.

Furthermore, general usability has been improved with features like persistent settings in Intruder, a new session handling action for request modifications, and options to streamline extension reloading.

Upgrade Your Cybersecurity Skills With 150+ Practical Cybersecurity Courses Online - Enroll Here

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...