Get started with GitHub Copilot coding agent >
These updates transform AI from a simple autocomplete tool into a sophisticated background agent that handles end-to-end tasks. By automating code review and security checks, it reduces manual toil and ensures higher quality PRs with significantly less human intervention.
You open an issue before lunch. By the time you’re back, there’s a pull request waiting.
That’s what GitHub Copilot coding agent is built for. It works in the background, fixing bugs, adding tests, cleaning up debt, and comes back with a pull request when it’s done. While you’re writing code in your editor with Copilot in real time, the coding agent is handling the work you’ve delegated.
A few recent updates make that handoff more useful. Here’s what shipped and how to start using it.
Visual learner? Watch the video above! ☝️
The Agents panel now includes a model picker.
Before, every background task ran on a single default model. You couldn’t pay for a more robust model to complete harder work or prioritize speed on routine tasks.
Now you can. Use a faster model for straightforward work like adding unit tests. Upgrade your model for a gnarly refactor or integration tests with real edge cases. If you’d rather not think about it, leave it on auto.
To get started:
Model selection is available for Copilot Pro and Pro+ users now, with support for Business and Enterprise coming soon.
Learn more about model selection with Copilot coding agent. 👉
The painful part of reviewing agent output has always been the cleanup. You open the diff and there it is: logic that technically works, but nobody would write it that way.
Copilot coding agent now reviews its own changes using Copilot code review before it opens the pull request. It gets feedback, iterates, and improves the patch. By the time you’re tagged for review, someone already went through it.
In one session, the agent caught that its own string concatenation was overly complex and fixed it before the pull request landed. That kind of thing used to be your problem.
To get started:
Review the pull request when prompted. Copilot requests your review only after it has iterated.
Learn more about Copilot code review + Copilot coding agent. 👉
Just like with human-generated code, AI-generated code can introduce real risks: vulnerable patterns, secrets accidentally committed, dependencies with known CVEs. The difference is it does it faster. And you really don’t want to find that in review.
Copilot coding agent now runs code scanning, secret scanning, and dependency vulnerability checks directly inside its workflow. If a dependency has a known issue, or something looks like a committed API key, it gets flagged before the pull request opens.
Code scanning is normally part of GitHub Advanced Security. With Copilot coding agent, you get it for free.
To get started:
Learn more about security scanning in Copilot coding agent. 👉
A short prompt leaves a lot to judgment. And that judgment isn’t always consistent with how your team actually works.
Custom agents let you codify it. Create a file under .github/agents/ and define a specific approach. A performance optimizer agent, for example, can be wired to benchmark first, make the change, then measure the difference before opening a pull request.
In a recent GitHub Checkout demo, that’s exactly what happened. The agent benchmarked a lookup, made a targeted fix, and came back with a 99% improvement on that one function. Small scope, real data, no guessing.
You can share custom agents across your org or enterprise too, so the same process applies everywhere teams are using the coding agent.
To get started:
.github/agents/ in your repo.Learn more about creating custom agents. 👉
Sometimes you start something in the cloud and want to finish it locally. Sometimes you’re deep in your terminal and want to hand something off without losing your flow. Either way, switching contexts used to mean starting the conversation over.
Now it doesn’t. Pull a cloud session into your terminal and you get the branch, the logs, and the full context. Or press & in the CLI to push work back to the cloud and keep going on your end.
To get started:
&) in the CLI to delegate work back to the cloud and keep going locally.Learn more about Copilot coding agent + CLI handoff. 👉
Copilot coding agent has come a long way. Model selection, self-review, security scanning, custom agents, CLI handoff—and that’s just what shipped recently. The team is actively working on private mode, planning before coding, and using the agent for things that don’t even need a pull request, like summarizing issues or generating reports. There’s a lot more coming. Stay tuned.
Share feedback on what ships next in GitHub Community discussions.
Get started with GitHub Copilot coding agent >
The post What’s new with GitHub Copilot coding agent appeared first on The GitHub Blog.
Continue reading on the original blog to support the author
Read full articleAs AI agents move from prototypes to production, they introduce new attack vectors like goal hijacking and tool misuse. This game provides hands-on experience in identifying and mitigating these risks, helping engineers bridge the gap between AI adoption and security readiness.
This update changes how developer data is handled for AI training. Engineers using individual tiers must decide whether to contribute their code patterns to improve Copilot's accuracy or opt out to maintain privacy, while enterprise users remain protected by default.
The Copilot SDK allows engineers to build custom AI tools for specific workflows. This server-side architecture pattern enables secure, scalable integration of LLMs into mobile and web apps, automating high-toil tasks like issue triage while protecting credentials.
This bridges security gaps in infrastructure-as-code and scripts that traditional static analysis misses. By integrating AI-driven detections and automated fixes into the PR workflow, engineers can resolve vulnerabilities faster and maintain high security standards without leaving their tools.