OWASP ZAP AI Roadmap and Integration with AI Development Platforms

13 views
Skip to first unread message

gangambika guragol

unread,
Jul 8, 2026, 3:06:55 AM (4 days ago) Jul 8
to ZAP User Group

Hello,

We are currently using OWASP ZAP as part of our security testing process for our networking products and web applications.

As AI continues to transform software development and security operations, we are looking to make our application security testing workflow more AI-driven. We are seeing emerging AI-powered security capabilities (for example, Anthropic Mythos) and would like to understand how the OWASP ZAP project is approaching AI integration.

Specifically, we would appreciate your insights on the following:

• What AI capabilities are currently available in OWASP ZAP (or planned on the roadmap) to assist with vulnerability discovery, analysis, prioritization, and remediation?

• Are there plans to provide AI-assisted workflows that can help automate the complete testing lifecycle, from scan initiation through result analysis and reporting?

• Do you foresee integration with AI-powered development tools such as Cursor or other AI agents?

• Are there any plans to support Model Context Protocol (MCP) or similar interfaces that would allow AI assistants to securely interact with OWASP ZAP for tasks such as initiating scans, retrieving findings, analyzing results, and recommending remediation?

• Are there APIs, SDKs, or plugins that you recommend today for building AI-driven security automation around OWASP ZAP?

• What integrations are currently available or planned for:

  • CI/CD platforms

  • Ticketing systems such as Jira

Our goal is to automate as much of the security testing lifecycle as possible while integrating seamlessly with our AI-assisted development workflow.

We would appreciate any information you can share regarding your current capabilities and future roadmap in this area.

Thank you, and we look forward to your response.


Simon Bennetts

unread,
Jul 9, 2026, 11:12:15 AM (3 days ago) Jul 9
to ZAP User Group
Hiya,

Hopefully you are not using "OWASP ZAP" as ZAP left OWASP nearly 3 years ago :P
Its either just "ZAP" or "ZAP by Checkmarx".

Feedback appreciated regarding what else we could support.

We also have LLM integration, but that has not been released yet.
You can try it out bu building and installing the llm add-on: https://github.com/zaproxy/zap-extensions/tree/main/addOns/llm

Our automation options are listed on https://www.zaproxy.org/docs/automate/ although it looks like we should update to add the MCP server. I'll do that soon.

We do not have any specific CI/CD integrations, but it is easy to run ZAP from the commandline or via containers like Docker.

The bugtracker add-on https://www.zaproxy.org/docs/desktop/addons/bug-tracker/ provides bug tracker integration, but I dont think it currently supports Jira.

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages