GitHub Leverages AI to Secure Code Before Every Deployment
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
GitHub Strengthens Code Security with AI
GitHub, Microsoft's development platform, recently announced a major advancement in code security through artificial intelligence. In just 30 days, over 170,000 alerts were generated, with 80% validated by developers. This initiative aims to enhance pull requests with AI detection, targeting not only bugs but also security vulnerabilities.
The integration of these new security features is scheduled for early Q2 2026, coinciding with the recent announcements of Codex Security by OpenAI and Claude Code Security by Anthropic. This synchronization underscores the growing importance of AI in the field of cybersecurity.
A Hybrid Model for Extensive Coverage
Traditionally, GitHub relies on its static analysis engine, CodeQL, for the semantic analysis of classic programming languages like Java and Python. However, modern codebases now include a variety of elements such as Shell scripts, Dockerfiles, Terraform configurations, and PHP. These components often evade traditional static analyses.
To address these limitations, GitHub has developed a hybrid model that combines CodeQL with AI. This approach helps bridge the gaps in static rules and offers more comprehensive detection. The results of these analyses appear directly in pull requests, allowing developers to visualize potential vulnerabilities before merging their code.
During internal testing, the system processed over 170,000 alerts in one month, with an approval rate of over 80% from developers. The tool now covers various languages and configurations, including Shell/Bash, Dockerfiles, Terraform (HCL), and PHP. It is capable of detecting insecure SQL queries, weak cryptographic algorithms, and exposed infrastructure configurations. Copilot Autofix, a complementary feature, offers automatic fixes, having addressed over 460,000 alerts in 2025, reducing the average resolution time from 1.29 hours to 0.66 hours.
Fierce Competition for Code Security
GitHub's announcement comes amid intense competition among tech giants. OpenAI recently launched Codex Security, which analyzed 1.2 million commits in beta, identifying 792 critical vulnerabilities and 10,561 high-severity flaws in major projects such as Chromium, OpenSSL, and PHP. Anthropic, for its part, introduced Claude Code Security, which discovered 14 high-severity vulnerabilities in Firefox in just two weeks.
Unlike its competitors, GitHub integrates vulnerability detection directly into developers' daily workflows at the moment code is proposed. This proactive approach stands out from the ad-hoc audits conducted by Codex Security and Claude Code Security. GitHub's tool is available for free, with some limitations, for public repositories, while private repositories require a GitHub Advanced Security subscription.
Challenges and Prospects for Open Source Security
The rise of AI-based security tools raises questions about their effectiveness and impact. A recent report from DryRun Security revealed that AI coding agents introduce vulnerabilities in 87% of their pull requests, including access control issues. The same AIs that generate the code are also tasked with securing it, posing a significant challenge for the future of open source security.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.