Skip to main content

AI Pentest Features in Intruder: Overview

Written by Joe Haigh

Intruder uses AI across the platform to help you cut through noise and focus on what's genuinely exploitable — from enhanced issue risk data to Greg AI, the in-portal assistant that answers questions about your results. The most hands-on place you'll meet it is in penetration testing. When you start a new pentest, Intruder offers two AI-powered options, and this article explains what each one does and when to reach for it.

The two AI pentesting options

When you go to the Pentests tab and start a new pentest, the New Pentest window presents two choices:

  • Triage & investigation — a fast, AI-powered validation of vulnerabilities Intruder has already detected.

  • AI pentest — an in-depth, from-scratch penetration test of a whole web application, delivered as a report you can use for compliance.

They solve different problems: one confirms and prioritizes the issues you already have, the other tests an entire application the way a penetration tester would. You can use both.

Triage & investigation

Triage & investigation is a fast, AI-powered pentest of vulnerabilities Intruder has already detected — injection issues, client-side attacks, sensitive data exposure, and more. Instead of testing a whole application, it takes the issues on your account and has an AI agent confirm which are real, clear out false positives, and surface hidden impact, usually in minutes.

You pick the detected issues you want checked and select Run pentest. This is the feature that uses your AI pentest credits — a monthly allowance included with your plan — with one credit spent per issue validated. If an issue can't be validated, its credit is returned.

Results appear in the portal against the relevant issues, so you can see straight away what's confirmed and worth acting on. It's the right choice when you want to triage a scan result quickly and prioritize remediation.

💡 Tip: Use Triage & investigation to answer "which of these findings actually matter?" It's fast, credit-based, and built for cutting a long issue list down to the real risks.

For the full walkthrough, see AI Issue Triage & Investigation.

AI pentest

An AI pentest — an AI Full Pentest — is an in-depth penetration test of a whole web application, run by an AI agent. It's code-assisted: the agent reviews your source code and tests the live app to prove what's genuinely exploitable, then produces a detailed PDF report with each finding mapped to the exact file and line. The report is built for compliance and can stand in for, or supplement, a traditional manual pentest report.

Unlike Triage & investigation, an AI pentest doesn't use your AI pentest credits — it's a one-off payment per pentest — and it needs a connectable GitHub or GitLab repository, since reviewing your code is part of the test.

🆕 Note: AI pentest (AI Full Pentest) is a new capability, currently in early access and being rolled out to selected accounts. If you don't see it, you'll find a "Coming soon" option where you can register interest.

For the full walkthrough, see How to run an AI Full Pentest.

Which should I use?

Both are AI-powered, but they answer different questions. Use this table to choose.

Triage & investigation

AI pentest (AI Full Pentest)

What it does

Validates vulnerabilities Intruder already detected

Tests a whole web application from scratch

Starting point

Your detected issues (occurrences)

A target URL plus your source code

Source code

Not needed

Required (GitHub or GitLab)

Speed

Fast — usually minutes

In-depth — a full test run

Cost

Uses your monthly AI pentest credits (one per issue)

One-off payment per pentest

Output

Confirmed results in the portal

Downloadable PDF report for compliance

Best for

Triaging a scan, cutting false positives, prioritizing

Audit-ready pentest evidence for a specific app

🎫 Plan availability: Triage & investigation uses AI pentest credits, which are included on plans that carry a monthly credit allowance. AI pentest (AI Full Pentest) is in early access and rolled out to selected accounts.

FAQ

What's the difference between the two options?

Triage & investigation validates issues you already have — fast, credit-based, results in the portal. An AI pentest tests an entire web application from scratch, needs source code access, is paid as a one-off, and produces a compliance-ready PDF report.

Do they use the same credits?

No. Triage & investigation spends your monthly AI pentest credits (one per issue validated). An AI Full Pentest is billed separately as a one-off payment and doesn't touch your credits.

Which one gives me a report for auditors?

The AI pentest (AI Full Pentest). It produces a downloadable PDF report designed to satisfy compliance frameworks such as SOC 2, ISO 27001, and PCI DSS. Triage & investigation shows its results in the portal rather than as a standalone report.

Can I run Triage & investigation if I have no detected issues?

No — it works on vulnerabilities Intruder has already found, so you need detected issues to validate. If you want to test an application that hasn't been scanned, or test more thoroughly, use an AI pentest.

Can I use both?

Yes. They're complementary: use Triage & investigation to keep on top of day-to-day scan results, and an AI pentest when you need a deep, audit-ready test of a specific app.

Did this answer your question?