Skip to content

Web AI Pentest Scan

The AI Pentest scan enables you to describe exactly what you want to test and analyzes your description to uncover everything from critical logic flaws to subtle edge-case vulnerabilities that traditional scanners often miss. It delivers validated, developer-ready findings so your teams can quickly understand and fix security issues in targeted areas.

To create a Web AI Pentest scan:

  1. Click the "Hamburger" menu icon. Hamburger Menu Icon

  2. Click on "Scanning". Scanning Menu

  3. Navigate to the scan page by clicking "New Scan". New Scan Menu Item

  4. Enter a name for your scan in the "Title" field. This field is optional. Select Store

  5. Select either "Web App" or "Web API". Select Source

  6. Specify the target URLs / domains. Click "Continue". Specify the target

  7. Optionally provide SBOM or lock files for extended dependency detection. Click "Continue". Provide SBOM or Lock files

  8. Select "Web AI Pentest" as the scan type. At this point, you can create the scan by clicking "Submit" or you can choose to provide specific instructions for the AI to focus on particular areas of the web application. To do this, click on "Continue". Select Scan Plan

  9. Prompts allow you to guide the AI on what to test. You can select from existing prompts or create your own by clicking on "+ Prompt". After selecting or adding the desired prompts, click on "Continue". Select or Add Prompts

  10. You can configure advanced settings like the Queries Per Second (QPS), Proxy, and Filter URL regex (allows you to exclude specific URLs from being scanned). Configure advanced settings

  11. Select or add new test credentials to enable the AI to perform authenticated testing. After selecting or adding the desired credentials, click on "Submit". Test Credentials

  12. Click on "Show" to see the scan. Submit Scan

This tutorial demonstrated how to create a Web AI Pentest scan for Web Apps and APIs.