Upgrade to Pro — share decks privately, control downloads, hide ads and more …

apidays New York 2025 - AI in Application Secur...

apidays New York 2025 - AI in Application Security by Katie Warren (Portswigger)

AI in Application Security: The journey to Burp AI
Katie Warren, Product Manager for AI and Innovation at Portswigger

apidays New York 2025
API Management for Surfing the Next Innovation Waves: GenAI and Open Banking
May 14 & 15, 2025

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

Avatar for apidays

apidays

May 24, 2025
Tweet

More Decks by apidays

Other Decks in Programming

Transcript

  1. Why AI, Why Now? • Apps are more complex →

    testing is harder • Attackers are using AI → defenders must too 🛡 AI is already transforming AppSec • Enhancing triage, fuzzing, log analysis, enrichment • Improving signal-to-noise ratio • Boosting tester focus and speed ⚠ But attackers are using AI too • AI-crafted phishing & malware mutation • AI fuzzing to find and exploit vulnerabilities • Jailbreaks + prompt injection against AI tools • Hackerbots scale faster than defenders
  2. Why AI? Why now? But attackers are using AI too

    Prompt Injection & AI-specifi c attacks
  3. Why AI? Why now? AI is already transforming AppSec -

    Google’s Big Sleep - L -driven u zers
  4. The Journey Begins Dec 2023: AI-focused R&D begins November 2024:

    Trial December-February: Iterate and productionize March 2025: LAUNCH April-September 2024: Build AI tooling in Burp Suite
  5. Case Study - Semantic Crawling Big wins We taught AI

    to crawl like a human a. b. We unlocked even more new ideas
  6. The Journey Begins Dec 2023: AI-focused R&D begins April-September 2024:

    Build AI tooling in Burp November 2024: Trial December-February: Iterate and productionize March 2025: LAUNCH
  7. The Journey Begins Dec 2023: AI-focused R&D begins November 2024:

    Trial December-February: Iterate and productionize March 2025: LAUNCH April-September 2024: Build AI tooling in Burp
  8. Real-World Validation: Nov 2024 Feedback “To be honest, I am

    a little bit disappointed. I was expecting something different.” “To be honest with you, like I told you in the beginning, I’m not AI at all” “after five minutes it was all done, I was so impressed. Like, that's really good.”
  9. The Journey Begins Dec 2023: AI-focused R&D begins December-February: Iterate

    and productionize March 2025: LAUNCH April-September 2024: Build AI tooling in Burp November 2024: Trial
  10. The Journey Begins Dec 2023: AI-focused R&D begins March 2025:

    LAUNCH April-September 2024: Build AI tooling in Burp November 2024: Trial December-February: Iterate and productionize
  11. What I’ve Learned Innovation in engineering is never easy AI

    is awkward. Validate early and often Find actual value Me
  12. Join us on: Discord - https://discord.com/invite/portswigg er Katie_swigpm LinkedIn 1.

    AI is changing the security landscape 2. Real innovation means be disruptive, but solace real problems 3. Trust, not hype Key Takeaways Thank You