Quick answer: GitHub’s AI-powered security detections are now in public preview for pull requests on GitHub.com. The feature extends code scanning into languages and frameworks that CodeQL does not currently cover, including PHP, Shell/Bash, Terraform HCL, Dockerfiles, JSP and Blazor. Before enabling it, confirm that you have GitHub Advanced Security, a GitHub Copilot license, CodeQL default setup and available AI Credits. The findings are advisory: they appear in pull requests but do not block merges.
AI security detections readiness checklist
- Platform: the repository is hosted on GitHub.com; the preview is not described as a GitHub Enterprise Server feature.
- Licenses: the organization has GitHub Advanced Security and the relevant users have GitHub Copilot licenses.
- Enterprise policy: an enterprise owner explicitly allows AI-powered security detections. GitHub says the feature is not allowed at enterprise level by default.
- Organization opt-in: an organization administrator explicitly enables the feature. It is disabled by default.
- Repository prerequisite: CodeQL default setup is enabled on each pilot repository.
- Billing: an owner reviews the AI Credits pool and sets appropriate spending controls before broad rollout.
- Review process: developers know that AI-labeled findings need human validation and do not block merging.
- Pilot scope: start with repositories containing languages or frameworks where CodeQL has coverage gaps.
What GitHub released
GitHub announced on July 14, 2026 that code scanning can now surface AI-generated security findings directly on pull requests. The AI engine runs when a pull request is created and after new commits are pushed. Findings can appear on the Conversation and Files changed tabs, marked with an AI label so reviewers can distinguish them from CodeQL alerts.
| Question | Current public-preview behavior |
|---|---|
| Where does it run? | On pull requests in opted-in GitHub.com repositories. |
| What triggers it? | Pull request creation and each new commit. |
| Does it replace CodeQL? | No. It complements CodeQL and requires CodeQL default setup. |
| Where do findings appear? | On the pull request’s Conversation and Files changed tabs. |
| Can it block a merge? | No. GitHub describes the findings as advisory and informational. |
| Does it create backlog alerts? | No. GitHub says AI findings are available only on pull requests and do not appear as backlog alerts in the repository security view. |
| Does it need a build system? | No. The AI engine works with pull-request code and can use code search for repository context. |
| Can a team choose the model? | No model selection is required. |
Enablement order
- Check eligibility: confirm GitHub Advanced Security and GitHub Copilot licensing for the organization.
- Set a budget: review included AI Credits and decide whether additional paid usage should be allowed, capped or blocked.
- Allow at enterprise level: an enterprise owner must permit AI-powered security detections before organizations can opt in.
- Enable at organization level: an organization administrator opts in after the enterprise policy allows it.
- Confirm CodeQL default setup: the repository must use default setup. A custom CodeQL workflow alone is not the prerequisite GitHub lists for this preview.
- Select a small pilot: choose two to five active repositories with reviewed pull requests and useful coverage gaps.
- Open a normal test pull request: use a representative, non-production change rather than intentionally committing a real secret or exploitable vulnerability.
- Record results: track run volume, AI Credit use, actionable findings, false positives, suggested-fix quality and review time.
GitHub’s public documentation explains the policy hierarchy and prerequisites, but its current concept page does not provide a full click-by-click navigation path for every account type. Interface labels may also change during the preview.
Best repositories for the first pilot
The strongest candidates are active repositories where traditional CodeQL coverage is incomplete and pull requests already receive consistent human review.
| Candidate | Why it is useful | What to verify |
|---|---|---|
| Terraform or other HCL infrastructure | GitHub specifically lists Terraform configuration among expanded coverage areas. | Whether findings correctly identify exposed or unsafe resource configurations. |
| Shell/Bash automation | Shell scripts frequently sit outside the deepest static-analysis coverage. | Command construction, quoting and unsafe input handling. |
| Dockerfiles | Container build files are explicitly included in GitHub’s examples. | Risky defaults, permissions and exposed configuration. |
| PHP applications | GitHub lists PHP as an example of language coverage added by the AI engine. | Injection risks, unsafe commands and framework-specific false positives. |
| JSP or Blazor components | GitHub cites these as framework coverage gaps for Java and C#. | Whether findings add useful context beyond existing checks. |
Cost and billing check
During the public preview, each AI-security detection run consumes GitHub AI Credits and requires a Copilot license. GitHub’s billing documentation defines 1 AI Credit as $0.01 USD. Copilot Business and Enterprise licenses contribute monthly included credits to a pool at the billing-entity level; additional usage depends on the budgets and policies configured for the account.
Before enabling the preview widely, record these four numbers:
- the number of pilot repositories;
- the average number of pull-request creations and updates per month;
- AI Credits consumed by the pilot;
- the percentage of findings that reviewers judge actionable.
GitHub does not publish a fixed credit cost per AI-security scan on the announcement page. Do not estimate the bill by multiplying pull requests by an invented flat rate. Run a controlled pilot and use the account’s measured usage.
How to review an AI-labeled finding
- Confirm that the flagged code is part of the pull-request change and understand the surrounding data flow.
- Check whether the reported input, secret, command, query or resource is actually reachable in the deployed environment.
- Compare the finding with framework documentation and existing security controls.
- Review any Copilot Autofix suggestion instead of accepting it automatically.
- Run unit, integration and security tests after applying a proposed fix.
- Use the thumbs-up or thumbs-down control to provide quality feedback where available.
- Document recurring false positives and escalate patterns through the organization’s security process.
Important limitations
- Pull-request only: AI findings do not build a backlog in the repository’s security view.
- Advisory only: they do not stop a pull request from merging, so normal branch protection and review rules still matter.
- Public preview: behavior, availability and billing details may change.
- Human review required: an AI finding or suggested remediation can be incomplete or incorrect.
- No custom instruction influence: GitHub says the scanner does not use files such as
/.github/copilot-instructions.mdor/CLAUDE.md. - Not a CodeQL replacement: CodeQL remains the high-precision static-analysis layer for supported languages, while the AI engine broadens coverage.
Seven-day pilot scorecard
Use this simple decision sheet after a week or a representative batch of pull requests:
| Metric | Record | Decision question |
|---|---|---|
| AI detections triggered | Total runs/findings | Is there enough activity to evaluate the preview? |
| Actionable findings | Count and percentage | Did the feature find issues existing tools missed? |
| False or low-value findings | Count and percentage | Is review noise manageable? |
| Fixes accepted after testing | Count | Were remediations safe and useful? |
| Review time | Median minutes per finding | Does the security value justify the workflow cost? |
| AI Credits used | Measured account usage | Is projected monthly spend acceptable? |
If the pilot produces useful findings with acceptable noise and cost, expand in small groups. If it produces little value, keep CodeQL and other security controls in place and opt repositories out until the preview improves.
Frequently asked questions
Are GitHub AI security detections generally available?
No. GitHub describes the feature as a public preview on GitHub.com, and preview behavior is subject to change.
Do AI security detections replace CodeQL?
No. The AI engine complements CodeQL by covering additional languages and framework gaps. CodeQL default setup is still required for an eligible repository.
Can an AI finding block a pull request merge?
No. GitHub says these findings are informational and do not block merges. Use existing review, testing and branch-protection controls.
Which languages are covered?
GitHub says coverage includes, but is not limited to, PHP, Shell/Bash, Terraform HCL and Dockerfiles, plus framework gaps such as JSP for Java and Blazor for C#. The set may evolve as the preview changes.
Does the preview cost extra?
It requires GitHub Advanced Security and GitHub Copilot licenses, and detection runs consume the organization’s AI Credits. Whether usage creates an additional charge depends on the available pooled credits and configured spending policies.
Will the scanner follow copilot-instructions.md?
No. GitHub’s documentation says the AI security scanner uses specialized prompts and does not use custom instruction files such as /.github/copilot-instructions.md or /CLAUDE.md.