GitHub Copilot CLI adds experimental security review command
GitHub Copilot CLI now includes a new `/security-review` slash command for local code changes, shipping as an experimental public preview feature. This AI-driven command analyzes code to find high-confidence security vulnerabilities and offers actionable suggestions directly within the terminal. It complements existing GitHub security tools by providing a lightweight, on-demand scan focused on common vulnerability classes, accessible to engineers using Copilot CLI.
- →Copilot CLI offers experimental security review slash command
- →AI-driven security findings and suggestions
- →Complements existing GitHub security tools
- →How to enable and use the security review command
Features (2) ›
- Copilot CLI offers experimental security review slash command
A new `/security-review` slash command is available in GitHub Copilot CLI as an experimental feature in public preview. It allows users to analyze local code changes directly from the terminal for security vulnerabilities.
- AI-driven security findings and suggestions
The `/security-review` command identifies high-confidence security findings, scored by severity, and provides actionable suggestions for remediation. It is tuned to detect common vulnerability classes like injection flaws, cross-site scripting, and insecure data handling.
Notes (2) ›
- Complements existing GitHub security tools
This Copilot-driven scan is independent of GitHub code scanning, Dependabot, or secret scanning. It offers a lightweight, on-demand complement for reviewing changes before committing.
- How to enable and use the security review command
Users can enable the experimental feature by turning on experimental mode in Copilot CLI. The command can then be run in any project to scan current code changes.
https://github.blog/changelog/2026-06-10-dedicated-security-review-command-now-available-in-copilot-cli