Skip to main content

AI Pentesting

Use Intruder's AI pentesting agents to actively test your vulnerabilities using the same methods employed by human pentesters, and get recommendations grounded in real-world risk and context.

Written by Frankie Cade

πŸ“Œ Prerequisites:

  • An active Intruder account on a Cloud, Pro, or Enterprise plan

  • At least one unused pentesting credit

Overview

AI issue pentesting lets you investigate vulnerabilities directly from the Issues page, without risking damage to your target or waiting for a manual engagement. The agent interacts directly with the target, sending requests, analyzing responses, and probing for exposed data to build a clear picture of each issue's real-world exploitability.

For each investigation, the agent produces a summary, detailed findings, and a full transcript of every step it took, including the exact requests sent, responses received, and the reasoning behind each conclusion. This gives your developers and security teams the context they need to prioritize and fix issues fast.

Run an Issue Pentest

1) Log in to Intruder and navigate to the Issues or Pentests page:

2) Select 'New pentest' in the page header:

Issues page:


​Pentests page:

3) Click the 'Triage & investigation' pane:

4) Select the issues and/or occurrences you'd like to test:

5) Click 'Run pentest':

6) From the Issues page, click 'Show pentest progress' to view your pentest's progress:

Alternatively, from the Pentests page, click the pentest in progress:

7) Once the pentest completes, select any result to view its summary, detailed report, and full agent transcript:

Credits

Each occurrence investigation uses one credit. Credits are allocated monthly based on your plan:

Plan

Monthly Credits

Enterprise

50

Pro

10

Cloud

5

FAQ

1) What types of assets can be pentested (e.g., servers, websites, containers)?

  • Any target that has a hostname/IP address that is exposed to the internet.

2) How does this pentest differ from a standard vulnerability scanner?

  • Standard vulnerability scanners are deterministic & rule-based. They're useful, but sometimes inaccurate because they can't consider things in context. Our AI Pentesting feature uses an AI agent that can.
    ​
    Additionally, AI Pentesting is for triaging specific findings from your vulnerability scans. It doesn't pentest the entire target for new vulnerabilities.

3) Does it include things like input fuzzing or attempts at XSS? If so, is it recommended to run these tests in an environment?

  • Yes, and no data is altered or destroyed during the AI Pentesting process.

4) Are there any additional resources on how this AI Pentesting works?

5) I used all my credits. How can I get more credits?

  • Please reach out to our support team via chat or email to discuss your options.

Related Articles
Intruder for Managed Service Providers (MSP)
Automated penetration testing
Issues page explained
Vulnerability Disclosure Program
GregAI: Your AI Assistant in Intruder
Did this answer your question?