Hello,
We are currently using OWASP ZAP as part of our security testing process for our networking products and web applications.
As AI continues to transform software development and security operations, we are looking to make our application security testing workflow more AI-driven. We are seeing emerging AI-powered security capabilities (for example, Anthropic Mythos) and would like to understand how the OWASP ZAP project is approaching AI integration.
Specifically, we would appreciate your insights on the following:
• What AI capabilities are currently available in OWASP ZAP (or planned on the roadmap) to assist with vulnerability discovery, analysis, prioritization, and remediation?
• Are there plans to provide AI-assisted workflows that can help automate the complete testing lifecycle, from scan initiation through result analysis and reporting?
• Do you foresee integration with AI-powered development tools such as Cursor or other AI agents?
• Are there any plans to support Model Context Protocol (MCP) or similar interfaces that would allow AI assistants to securely interact with OWASP ZAP for tasks such as initiating scans, retrieving findings, analyzing results, and recommending remediation?
• Are there APIs, SDKs, or plugins that you recommend today for building AI-driven security automation around OWASP ZAP?
• What integrations are currently available or planned for:
CI/CD platforms
Ticketing systems such as Jira
Our goal is to automate as much of the security testing lifecycle as possible while integrating seamlessly with our AI-assisted development workflow.
We would appreciate any information you can share regarding your current capabilities and future roadmap in this area.
Thank you, and we look forward to your response.