quality_assurance · saas · workflow
How GitHub's agentic security principles make AI agents as secure as possible
Agentic AI products introduce three classes of security risk: data exfiltration when agents have internet access, ambiguity around impersonation and action attribution, and prompt injection by malicious users hiding directives from repository maintainers.
How it works
Common implementation structure
How this type of workflow is generally built, generalized across documented cases — not tied to any one vendor's stack. Click any stage to read what happens there. Specific products that implement these stages appear in “Tools commonly seen” below.
Stage 1 · User assigns issue to Copilot
The workflow starts when someone assigns the Copilot coding agent to an issue.
Tools used
Copilot coding agentGitHub IssuesGitHub ActionsCopilot ChatMCP
Outcome
GitHub built its hosted agents to maximize interpretability, minimize autonomy, and reduce anomalous behavior through a set of security rules covering context visibility, firewalling, access limitation, reversibility, action attribution, and authorized context gathering.
Grounding & classification
Source type: technical build writeup
19 fields verified against source quotes.
agentic workflowai agentcode generationcode diff prfailure mode describedhuman review describednamed customerproduction runtime claimedtools describedvendor confirmedworkflow describedsoftwaretechnical build writeupquality assuranceai draft human approval