Skip to main content
AI-enhanced authentication helps the Website Scanner finish logging in when the normal login step fails. It backs both the Automatic Login Form and Recorded methods: if the usual approach can’t get through on a complex or dynamic page, an AI agent takes over and completes the sign-in.

How it works

The Automatic Login Form and Recorded methods each run in two stages. The normal login runs first, and the AI agent only steps in if it fails.
1

The normal login runs

For Automatic Login Form, the scanner finds the login form with pattern-based selectors. For Recorded, it replays the steps you recorded. Both handle standard logins well.
2

AI fallback

If the normal login fails, an AI agent takes over. It reads the page, identifies the right elements, and completes the sign-in, even on complex pages with iframes, dynamic loading, or non-standard layouts.

What AI handles

The AI component handles scenarios that the normal login methods struggle with:

Dynamic forms

Login forms loaded via JavaScript or AJAX

Iframes

Login forms embedded in iframes

Non-standard layouts

Forms with unusual element structures or naming

Multi-step logins

Login flows spread across multiple screens

Reliability

AI-enhanced authentication raises login success rates on complex or dynamic pages, where selector matching or step replay would otherwise fail.

Using AI authentication

Enabling automatic login form

1

Configure your scan

In the Website Scanner, add your target URL and configure scan options.
2

Enable authentication

Toggle Authentication to enable authenticated scanning.
3

Select Automatic Login Form

Choose Automatic Login Form as the authentication method.
4

Enter credentials

Provide the Login URL, Username, and Password for the application.
5

Verify authentication

Use Check authentication to confirm the login works before starting the scan.
The Recorded method uses the same AI fallback, with no extra setup. See Recorded authentication to set it up.

Generated finding

When automatic authentication succeeds, the scan generates an informational finding:
Authentication complete: Automatic method.
Each authentication method generates its own confirmation message. For example, the Recorded method displays: “Authentication complete: Recorded method.”

When AI is used

The AI component activates only when needed:
  • Standard forms: Traditional detection handles most login forms without AI
  • Complex forms: AI activates automatically when traditional detection fails
  • Transparent operation: You don’t need to configure anything. The system chooses the best approach
The scan result shows the method you chose, for example “Authentication complete: Automatic method” or “Authentication complete: Recorded method”. It doesn’t indicate whether the AI fallback was used.

Other authentication methods

The AI fallback backs the Automatic Login Form and Recorded methods. The remaining methods work differently:
MethodHow it worksUses AI
Automatic Login FormDetects and fills login form automaticallyYes (as fallback)
RecordedReplays recorded login steps from Chrome DevToolsYes (as fallback)
CookieUses session cookies from an existing loginNo
HeaderSends custom authentication headersNo
For both Automatic Login Form and Recorded, the AI agent only runs if the normal login fails. Cookie and Header authentication never use AI.
For details on all authentication methods, see Authenticated scanning.

AI data handling

Your authentication credentials are handled securely:
  • Azure OpenAI models: The AI agent uses Azure-hosted OpenAI models within our controlled infrastructure
  • Secure processing: Credentials are processed within our isolated infrastructure
  • No external training: Your data is not used to train any AI models
  • No retention: Authentication data is not logged or retained after the scan completes
For complete details, see our AI Data Policy.