Product: BurpAI (Burp Suite AI Extension)
Version: 1.0
Release Date: March 23, 2026
Status: ACTIVE
BurpAI v1.0 is production-ready with no known critical vulnerabilities.
Overall Level: LOW
Secure:
- ✅ HTTPS-only API communication
- ✅ No hardcoded secrets
- ✅ Input validation
- ✅ Local-only data storage
- ✅ No RCE or file system access
User Responsibility:
⚠️ Chat history stored in plaintext (manage yourself)⚠️ API keys in home directory (keep secure)⚠️ AI-generated content (verify independently)
Mandatory:
- Secure API keys - treat like passwords
- Verify AI findings independently
- Use on trusted networks only
Recommended: 4. Keep Burp Suite and Java updated 5. Monitor API usage 6. Rotate keys monthly
- Use secure, managed systems
- Apply firewall rules
- Run with least privilege
- Keep audit logs
- Monitor resource usage
- Jython 2.7 uses older dependencies
- AI analysis depends on model quality
- API rate limits apply
- Chat history not encrypted locally
If compromised:
- Revoke/rotate API keys immediately
- Check API usage logs
- Report to maintainers
- Notify API provider
See SECURITY.md for vulnerability reporting and contacts.
Status: Production Ready ✅
Security Review: No critical vulnerabilities found
Last Updated: March 23, 2026