How GitHub's agentic security principles make AI agents as secure as possible
Agentic AI products introduce three classes of security risk: data exfiltration when agents have internet access, ambiguity around impersonation and action attribution, and prompt injection by malicious users hiding directives from repository maintainers.
GitHub built its hosted agents to maximize interpretability, minimize autonomy, and reduce anomalous behavior through a set of security rules covering context visibility, firewalling, access limitation, reversibility, action attribution, and authorized context gathering.
Frequently asked questions
What did this team achieve with this AI workflow?
GitHub built its hosted agents to maximize interpretability, minimize autonomy, and reduce anomalous behavior through a set of security rules covering context visibility, firewalling, access limitation, reversibility,…
What tools did this team use?
Copilot coding agent, GitHub Issues, GitHub Actions, Copilot Chat, MCP.
How is this quality assurance AI workflow structured?
User assigns issue to Copilot → Context visibility enforcement → Firewall limits external access → Sensitive information restricted → Agent creates pull request → Human validates and triggers CI → Action attribution recorded.