~ / directory / burpsuite
BU
Mixed · AI Red Teaming · reviewed 2026-04

BurpSuite

Web vulnerability scanner — the standard for testing the web layer of AI applications.

Visit portswigger.net/burp
01

What it does

PortSwigger's industry-standard web application security testing platform. Provides intercepting proxy, vulnerability scanner, and extensible testing framework for web applications.

02

Security relevance

AI applications are web applications. Every LLM-powered product has an HTTP layer that can be tested with traditional AppSec tools. BurpSuite is essential for testing the web surface of AI applications — API endpoints, authentication, session management, and the interaction layer between users and LLM backends.

03

When to use it

Use alongside AI-specific tools to test the full attack surface of LLM-powered applications. The AI-specific red teaming tools test the model layer; BurpSuite tests everything around it. Most AI security assessments should include both.

04

OWASP coverage

Risks addressed — mapped to both OWASP Top 10 standards. 1 in LLM, 1 in Agentic.

LLM Top 10 · 2025 · 1/10 covered
01
02
03
04
05
06
07
08
09
10
LLM02 · Sensitive Information Disclosure
Agentic Top 10 · 2026 · 1/10 covered
01
02
03
04
05
06
07
08
09
10
ASI05 · Unexpected Code Execution
05

The raw record

What Yuntona stores. Single source of truth — fork it on GitHub.

name: BurpSuite
slug: burpsuite
type: Mixed
category: AI Red Teaming
url: https://portswigger.net/burp

reviewed:   2026-04
added:      2026-04
updated:    2026-04

risks:
  llm:  [LLM02]
  asi:  [ASI05]

complexity:    Guided Setup
pricing:       —
audience:      Red Team
lifecycle:     [develop]

tags: [AppSec, Scanner, Web Sec]