CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Application Security

GitHub Enhances Security Capabilities With AI

GitHub adds AI-powered security features to help developers identify and address code vulnerabilities faster.

Microsoft-owned code hosting platform GitHub today announced the public preview of three AI-powered features in GitHub Advanced Security.

Available for GitHub Enterprise Cloud and Enterprise Server customers, Advanced Security provides a series of features to help maintain and improve the quality of code. Some of these features, such as Dependabot, are also available for public repositories.

In a push for proactive security, GitHub has released tens of new capabilities to Advanced Security over the past year, and is now adding AI into the mix, “to revolutionize how developers build secure applications from the get-go”.

In addition to code scanning, the platform now offers an ‘autofix’ capability, where AI-generated fixes will be delivered for CodeQL, JavaScript, and TypeScript alerts in developers’ pull requests, enabling them to address issues immediately.

“These are not just any fixes, but precise, actionable suggestions that will allow you to quickly understand what the vulnerability is and how to remediate it. You can instantly commit these fixes to your code, helping you resolve issues faster and preventing new vulnerabilities from creeping into your codebases,” GitHub says.

The platform is also leveraging the latest LLMs to identify leaked passwords with lower false positives. The capability is offered as part of secret scanning, currently in limited public beta.

GitHub’s secret scanning program has 180 partners and provides more than 225 patterns for scanning, and is now leveraging AI to make it easier for code maintainers to create custom patterns to detect secrets unique to their organizations.

“Through this form-based experience, all you have to do is answer a few simple questions to auto-generate custom patterns in the form of regular expressions. This new feature enables you to execute dry runs in real time to ensure proper scanning before saving the newly created pattern,” GitHub explains.

Advertisement. Scroll to continue reading.

Additionally, the platform has updated the security overview dashboard to provide security managers and administrators with access to an analysis of their security alerts and a better view of their security posture, based on risks, remediation, and prevention.

“We’re thrilled to harness the power of AI to improve the relevance of alerts, speed up remediation, and improve the administrative experience—with the ultimate goal of making your teams happier and more productive, and your code more secure,” GitHub says.

A spike in generative AI repositories

Also today, GitHub released a new iteration of its Octoverse report, revealing that an increasing number of developers are building open source generative AI projects, which have made it to “the top 10 most popular open source projects by contributor count in 2023”.

The number of generative AI projects on GitHub in the first half of 2023 more than doubled compared to the entire 2022, and developers have progressed from research to using pre-trained models and APIs to create generative AI-powered applications.

Building on top of foundation models, such as ChatGPT, developers leverage LLMs to create APIs, assistants, bots, mobile applications, and plugins, laying the groundwork for mainstream adoption.

“With almost all developers (92%) using or experimenting with AI coding tools, we expect open source developers to drive the next wave of AI innovation on GitHub,” the platform says.

The top 20 open source generative AI projects on GitHub are owned by individuals, but the platform expects organizations to start using pre-trained AI models too, as more developers become accustomed to them.

In terms of contributions to generative AI projects, GitHub has observed a 148% year-over-year growth, with the US, India, and Japan leading the trend, and Hong Kong, the UK, and Brazil following.

“As more and more developers gain familiarity with building generative AI-powered applications, we expect a growing talent pool to bolster businesses that seek to develop their own AI-powered products and services,” GitHub notes.

Today, the platform also announced the adoption of LLMs for GitHub Copilot, the AI developer tool that has more than one million paid users. In December, the tool’s users will have access to Copilot Chat, which leverages LLMs to help developers identify errors, debug code, and more.

“Copilot Chat will be generally available in December 2023 as part of your existing GitHub Copilot subscription, for organizations and individuals. This offering is also available at no cost to verified teachers, students, and maintainers of popular open source projects,” GitHub announced today.

Related: GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks

Related: GitHub Enterprise Server Gets New Security Capabilities

Related: IAM Credentials in Public GitHub Repositories Harvested in Minutes

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.