SIGNAL
Tracking the global AI frontier — labs · research · agents · policy
Frontier Signal
Create

Security validation for third-party coding agents

Security validation for third-party coding agents is now generally available. GitHub supports third-party coding agents (including Claude and OpenAI Codex) that work directly within your repositories to implement features, fix… The post Security validation for third-party coding agents appeared first on The GitHub Blog.

Security validation for third-party coding agents
Primary source github.blog ↗

Published June 9, 2026 · Category: AI Create

Overview

Security validation for third-party coding agents is now generally available. GitHub supports third-party coding agents (including Claude and OpenAI Codex) that work directly within your repositories to implement features, fix bugs, and improve test coverage. Now, code generated by these agents receives the same automatic security validation already available for GitHub Copilot cloud agent. Learn more by reading Risks and mitigations for GitHub Copilot cloud agent.

When a third-party coding agent creates code in your repository, GitHub now automatically analyzes it for potential security vulnerabilities using CodeQL, checks newly introduced dependencies against the GitHub Advisory Database, and uses GitHub secret scanning to detect sensitive information such as API keys and tokens. If the analysis finds any issues, the agent attempts to resolve them before finalizing the pull request.

Details

Since we released automatic code validation for Copilot cloud agent in October 2025, we’ve proactively prevented hundreds of potential security leaks and vulnerabilities. Extending this protection to third-party agents helps ensure that every line of agent-generated code undergoes the same security checks, regardless of which coding agent wrote it.

These security validations are on by default and follow your repository’s Copilot settings for which validation tools to use. If you’ve already enabled security validation for Copilot cloud agent, third-party agents will automatically receive the same protections. Security validation doesn’t require a GitHub Advanced Security license. See Configuring agent settings for more information.

The post Security validation for third-party coding agents appeared first on The GitHub Blog.

Source

Originally published at github.blog.

Related Articles

F
Frontier Signal Desk

Frontier Signal tracks the global AI frontier — labs, research, agents, creation tools and real-world practice — straight from primary sources. Tip the desk: editorial@news.tunx.ai

Email the desk →
From our network: explore the AI assistant platform behind this site. Visit tunx.ai →
Note: This story is aggregated and summarized from the primary source linked above; the original publisher retains all rights. Details may evolve after publication — always confirm against the source. Nothing here is professional, legal or investment advice.

Related Stories

More from Create →