AI-Assisted Application Security: Building an Autonomous AppSec Agent with Gemini, Cline and Burp Suite

Stop manually copy-pasting between your SAST reports, Burp Suite, and ChatGPT. Here is the step-by-step guide to turning Visual Studio Code into a human-in-the-loop penetration testing command center.

The days of treating Large Language Models (LLMs) as glorified chatbots are over. Our task today is giving AI the ability to get a sast finding, read your codebase to contextualize the vulnerability, formulate an attack hypothesis, and actually fire the exploit payloads, all while keeping you firmly in the driver's seat.

If you are constantly switching contexts between your IDE, your terminal, and your proxy tools, you are losing valuable time. The industry is shifting away from isolated tools and moving toward autonomous, AI-driven workflows.

Today, we are bridging the gap between concept and execution. By combining Cline (an autonomous AI agent for VS Code) with the Model Context Protocol (MCP), we can transform your code editor into a centralized AppSec engine.

Here is the step-by-step guide to setting up a technically accurate, highly effective AI AppSec workflow directly inside Visual Studio Code.

The Architecture

Before we build, let's define our toolkit:

1. Visual Studio Code: Our operational base and single pane of glass.
2. Cline: An open-source, agentic AI extension for VS Code. Unlike standard autocomplete tools, Cline can read your local file system, execute terminal commands, and interact with external APIs.
3. Model Context Protocol (MCP): The open standard that allows AI models to securely connect to external tools. We will use it to wire Cline directly into our dynamic testing environment.
4. Burp Suite: The industry-standard web proxy, armed with PortSwigger's official MCP server extension.

Phase 1: The Setup

Step 1: Install Cline

Cline acts as the hands and eyes of our operation.

1. Open Visual Studio Code.
2. Go to the Extensions tab (Ctrl+Shift+X or Cmd+Shift+X).
3. Search for Cline and click Install.
4. Once installed, you will see a new robot icon in your sidebar. Click it to open the Cline interface.

Step 2: Empower the "Brain"

Cline needs a reasoning engine to process vulnerabilities.

1. In the Cline sidebar, click the settings gear.
2. Select your preferred API Provider. (Note: you can get an API key from Gemini here).
3. Securely paste in your API key in Cline.

Phase 2: The Burp Suite MCP Integration

Static analysis (SAST) tells us where a bug is, but dynamic testing (DAST) proves it. To allow Cline to dynamically test applications, we need to connect it to Burp Suite using the Model Context Protocol.

Step 3: Install the MCP Server in Burp Suite

PortSwigger provides an official MCP server extension that exposes Burp's internal engine (like proxy history and request generation) to AI clients.

1. Open Burp Suite and navigate to the Extensions -> Installed tab.
2. Click the Add button.
3. Under Extension Details, set the Extension type to Java.
4. Click Select file… and select the Burp MCP Server .jar file (available via the BApp store or PortSwigger's releases).
5. Click Next. Burp will load the extension.
6. A new MCP tab will appear in Burp Suite's top navigation menu. Navigate to it and check the Enabled box to turn the server on. By default, it binds to http://127.0.0.1:9876.

p.s If you need more help with setting this up, check here

Step 4: Wire Burp to Cline

Because Burp Suite is a constantly running desktop application, we connect our AI agent to it using Server-Sent Events (SSE).

1. Open VS Code and open the Cline sidebar.
2. Click the Settings icon and navigate to your MCP Servers configuration file. This will open cline_mcp_settings.json.
3. Add the Burp Suite SSE configuration, pointing it to your local Burp MCP instance:

JSON

{
  "mcpServers": {
    "burp": {
      "url": "http://127.0.0.1:9876/sse",
      "disabled": false,
      "autoApprove": []
    }
  }
}

Save the file. Within seconds, Cline will successfully handshake with Burp Suite. If you click the "Tools" icon in Cline, you will suddenly see an arsenal of new AppSec capabilities populated directly from your proxy, including get_proxy_http_history_regex and send_http1_request.

Phase 3: The Target Environment

Before we unleash our autonomous agent, we need a battleground. To test this workflow safely, we must use a deliberately vulnerable application and generate the static analysis baseline that our AI will use for context.

⚠️ Critical Security Disclaimer: Never run automated pentesting agents against infrastructure, applications, or APIs without explicit, written authorization. AI agents execute payloads rapidly and can cause unintended denial-of-service or data corruption. Always use safe, isolated, and legally cleared environments like VulnBank for testing.

Step 5: Provisioning the Target and Generating the SAST Baseline

To properly demonstrate the SAST-to-DAST pipeline, we need an application's raw source code, a static analysis report, and a live instance routed through Burp Suite. For this guide, we will use VulnBank, an intentionally vulnerable modern banking application designed specifically for benchmarking AppSec tools and AI agents.

1. Clone the Target Codebase: Open your terminal and pull down the VulnBank repository into your workspace so Cline can read the source files.

git clone https://github.com/Commando-X/vuln-bank.git
cd vuln-ban

2. Generate the SAST Report: We need to give Cline a roadmap of where the vulnerabilities live. We will use Semgrep, a fast, open-source static analysis tool, to scan the codebase and output the results in SARIF (Static Analysis Results Interchange Format) — the industry standard format that LLMs can easily parse.

If you don't have Semgrep installed, install it via pip (pip install semgrep), and run the scan:

semgrep scan --config auto --sarif -o results.sarif

You now have a results.sarif file sitting in your directory. This is the first half of the AI's brain.

3. Set Up the Live Target: Next, we need the dynamic environment. You have two choices with VulnBank:

• Option A (Local Container): Spin it up safely on your own machine using Docker
• docker-compose up --build
• (The vulnerable API will run locally on http://localhost:5000).
• Option B (Live Cloud Target): You can also test against the live instance hosted at vulnbank.org, which explicitly authorizes security engineers to practice and benchmark their AI agents.

4. Populate the Burp Suite Proxy History: Because Burp Suite only knows about the HTTP traffic it sees, we need to generate some baseline traffic for the MCP server to fetch.

• Ensure your browser or API testing tool (like Postman or curl) is configured to proxy traffic through Burp Suite (127.0.0.1:8080).
• Navigate to your running VulnBank instance (either localhost:5000 or vulnbank.org) and click around. Register an account, try to transfer some funds, or send a few sample API requests to endpoints like /api/v1/login.

Now, your Burp Suite HTTP history is populated with the correct baseline headers, session cookies, and routing information.

With the codebase loaded, the SARIF report generated, and the live application traffic captured in Burp, the stage is set. Let's move to the execution phase.

Phase 4: The Agentic Pentest Workflow

Your IDE is now officially a weaponized, AI-driven penetration testing terminal. Here is how you execute an end-to-end triage workflow.

Step 6: Contextualizing the Codebase (Ingesting SAST)

Instead of manually hunting for sinks and sources, we point the agent directly at a SAST report or source code.

• Your Prompt to Cline:

"Please follow these steps sequentially: Review: Explain the findings in results.sarif.

Review the vulnerable codepath, the vulnerable endpoints, and what the code is doing wrong.

Contextualize: Query the Burp Suite MCP server to fetch recent HTTP history and find the live requests that correspond to the vulnerable endpoints you just identified.

Dynamic Exploitation: Using the context from the source code, craft a specialized exploit payload. Use the Burp MCP to send this modified HTTP request to the target to validate if the vulnerability is dynamically exploitable. Report: Provide a final summary of whether the static finding was proven to be exploitable in the running environment."

• The Action: Cline autonomously reads the SARIF file, navigates your workspace, reads the vulnerable Python file, and outputs a technical breakdown of the flaw. Though the Static analysis result tells us there is a vulnerability, Burp Suite speaks in HTTP so Cline executes the JSON-RPC command over the SSE stream to Burp Suite. It parses your proxy history and loads the exact baseline HTTP request into its context window. Cline, then formulates the payload (e.g., URL-encoding ' OR 1=1--), constructs the raw HTTP/1.1 request, and prepares to inject the payload into the baseline request.

Step 7: The Human-in-the-Loop (HITL) Gatekeeper

This is the most critical step. Agentic AI operates rapidly, and firing automated payloads at infrastructure requires strict oversight.

Before Cline executes the send_http1_request tool, it will pause and prompt you for explicit approval. You will see exactly what host, port, and raw HTTP string the AI is about to send over the wire.

• You click: Approve.

Cline fires the payload through Burp Suite, reads the HTTP response streaming back through the MCP server, and evaluates the outcome. It will confidently report back whether the application returned a vulnerability indicator, threw an internal error, or blocked the request via a Web Application Firewall (WAF).

The Future is Human-in-the-Loop

The goal of AI in Application Security is not to replace the penetration tester; it is to eliminate the friction between discovery and exploitation.

By wiring Cline and utilizing the Model Context Protocol, the tedious mechanics of context-switching disappear. You no longer have to translate SAST findings into DAST payloads manually. The entire workflow, from static code review to payload generation to dynamic execution happens in one unified pane of glass.

You define the strategy. The AI executes the tactics.

Call to Action: Have you experimented with MCP servers in your pentesting workflows yet? Drop your favorite local integrations in the comments below!

(Technical Note: Always ensure you have explicit authorization to test any infrastructure or codebase. AI agents execute commands rapidly; always utilize the Human-in-the-Loop approval features within Cline to review payloads before they hit the target.)