GitHub Code Scanning adds AI security detections to PRs
GitHub Code Scanning now surfaces AI-powered security detections directly on pull requests, expanding vulnerability coverage to new languages and frameworks. This helps teams identify potential issues earlier in the development workflow before merging code. The feature is available in public preview for customers with GitHub Code Security, requires a GitHub Copilot license, and uses AI credits.
- →AI security detections integrated into pull requests
- →Expanded language and framework support
- →Public preview availability and prerequisites
Features (1) ›
- AI security detections integrated into pull requests
GitHub Code Scanning now displays AI-powered security detections on pull requests, offering broader vulnerability coverage for languages and frameworks not supported by CodeQL. These alerts are labeled with 'AI' and appear directly in PRs for review before code merges.
Enhancements (1) ›
- Expanded language and framework support
AI-powered detections extend code scanning capabilities to languages and frameworks beyond CodeQL's native analysis, reducing blind spots in codebase security. Findings are surfaced as the AI detection engine returns them, without requiring a full analysis.
Notes (1) ›
- Public preview availability and prerequisites
This feature is in public preview on github.com for customers with GitHub Code Security. It requires enterprise-level allowance, organization-level enablement, and CodeQL default setup on repositories. A GitHub Copilot license is also required during the preview, and usage consumes AI credits.
https://github.blog/changelog/2026-07-14-code-scanning-shows-ai-security-detections-on-pull-requests
Related releases
- GitHub REST API now supports managing secret scanning custom patterns GitHub Changelog ·
- Dependabot adds default cooldown for version updates GitHub Changelog ·
- GitHub Agentic Autofix for Code Scanning Alerts in Public Preview GitHub Changelog ·
- GitHub Copilot app adds security reviews in public preview GitHub Changelog ·
- GitHub Code Quality license estimate in public preview GitHub Changelog ·
- GitHub Settings: Separate SSO and Organizations pages GitHub Changelog ·