> ## Documentation Index
> Fetch the complete documentation index at: https://pentest-tools.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# AI-enhanced authentication

> How AI completes logins for the Website Scanner when the normal login method fails

AI-enhanced authentication helps the [Website Scanner](/tools/website-scanner) finish logging in when the normal login step fails. It backs both the **Automatic Login Form** and **Recorded** methods: if the usual approach can't get through on a complex or dynamic page, an AI agent takes over and completes the sign-in.

## How it works

The **Automatic Login Form** and **Recorded** methods each run in two stages. The normal login runs first, and the AI agent only steps in if it fails.

<Steps>
  <Step title="The normal login runs">
    For Automatic Login Form, the scanner finds the login form with pattern-based selectors. For Recorded, it replays the steps you recorded. Both handle standard logins well.
  </Step>

  <Step title="AI fallback">
    If the normal login fails, an AI agent takes over. It reads the page, identifies the right elements, and completes the sign-in, even on complex pages with iframes, dynamic loading, or non-standard layouts.
  </Step>
</Steps>

## What AI handles

The AI component handles scenarios that the normal login methods struggle with:

<CardGroup cols={2}>
  <Card title="Dynamic forms" icon="rotate">
    Login forms loaded via JavaScript or AJAX
  </Card>

  <Card title="Iframes" icon="window-restore">
    Login forms embedded in iframes
  </Card>

  <Card title="Non-standard layouts" icon="table-cells">
    Forms with unusual element structures or naming
  </Card>

  <Card title="Multi-step logins" icon="list-ol">
    Login flows spread across multiple screens
  </Card>
</CardGroup>

## Reliability

AI-enhanced authentication raises login success rates on complex or dynamic pages, where selector matching or step replay would otherwise fail.

## Using AI authentication

### Enabling automatic login form

<Steps>
  <Step title="Configure your scan">
    In the Website Scanner, add your target URL and configure scan options.
  </Step>

  <Step title="Enable authentication">
    Toggle **Authentication** to enable authenticated scanning.
  </Step>

  <Step title="Select Automatic Login Form">
    Choose **Automatic Login Form** as the authentication method.
  </Step>

  <Step title="Enter credentials">
    Provide the **Login URL**, **Username**, and **Password** for the application.
  </Step>

  <Step title="Verify authentication">
    Use **Check authentication** to confirm the login works before starting the scan.
  </Step>
</Steps>

<Note>
  The Recorded method uses the same AI fallback, with no extra setup. See [Recorded authentication](/core/scans/authenticated-scanning#recorded-authentication) to set it up.
</Note>

### Generated finding

When automatic authentication succeeds, the scan generates an informational finding:

> **Authentication complete: Automatic method.**

<Note>
  Each authentication method generates its own confirmation message. For example, the Recorded method displays: "Authentication complete: Recorded method."
</Note>

## When AI is used

The AI component activates only when needed:

* **Standard forms**: Traditional detection handles most login forms without AI
* **Complex forms**: AI activates automatically when traditional detection fails
* **Transparent operation**: You don't need to configure anything. The system chooses the best approach

<Note>
  The scan result shows the method you chose, for example "Authentication complete: Automatic method" or "Authentication complete: Recorded method". It doesn't indicate whether the AI fallback was used.
</Note>

## Other authentication methods

The AI fallback backs the **Automatic Login Form** and **Recorded** methods. The remaining methods work differently:

| Method                   | How it works                                      | Uses AI           |
| ------------------------ | ------------------------------------------------- | ----------------- |
| **Automatic Login Form** | Detects and fills login form automatically        | Yes (as fallback) |
| **Recorded**             | Replays recorded login steps from Chrome DevTools | Yes (as fallback) |
| **Cookie**               | Uses session cookies from an existing login       | No                |
| **Header**               | Sends custom authentication headers               | No                |

<Note>
  For both Automatic Login Form and Recorded, the AI agent only runs if the normal login fails. Cookie and Header authentication never use AI.
</Note>

For details on all authentication methods, see [Authenticated scanning](/core/scans/authenticated-scanning).

## AI data handling

Your authentication credentials are handled securely:

* **Azure OpenAI models**: The AI agent uses Azure-hosted OpenAI models within our controlled infrastructure
* **Secure processing**: Credentials are processed within our isolated infrastructure
* **No external training**: Your data is not used to train any AI models
* **No retention**: Authentication data is not logged or retained after the scan completes

For complete details, see our [AI Data Policy](/account-billing/security/where-to-find-policies#ai-data-policy).

## Related topics

* [Authenticated scanning](/core/scans/authenticated-scanning)
* [Website Scanner](/tools/website-scanner)
* [AI Data Policy](/account-billing/security/where-to-find-policies#ai-data-policy)
