GitHub expands AI bug detection, but recent outages hit Actions, API, and Git

bleepingcomputer.com · k_roy · 7 days ago · view on HN · news
quality 7/10 · good
0 net
Tags
cloud malware microsoft
GitHub adds AI-powered bug detection to expand security coverage Home News Security GitHub adds AI-powered bug detection to expand security coverage GitHub adds AI-powered bug detection to expand security coverage By Bill Toulas March 25, 2026 07:23 PM 0 GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks. The developer collaboration platform says that the move is meant to uncover security issues "in areas that are difficult to support with traditional static analysis alone." CodeQL will continue to provide deep semantic analysis for supported languages, while AI detections will provide broader coverage for Shell/Bash, Dockerfiles, Terraform, PHP, and other ecosystems. The new hybrid model is expected to enter public preview in early Q2 2026, possibly as soon as next month. Finding bugs before they bite GitHub Code Security is a set of application security tools integrated directly into GitHub repositories and workflows. It is available for free (with limitations) for all public repositories. However, paying users can access the full set of features for private/internal repositories as part of the GitHub Advanced Security (GHAS) add-on suite. It offers code scanning for known vulnerabilities, dependency scanning to pinpoint vulnerable open-source libraries, secrets scanning to uncover leaked credentials on public assets, and provides security alerts with Copilot-powered remediation suggestions. The security tools operate at the pull request level, with the platform selecting the appropriate tool (CodeQL or AI) for each case, so any issues are caught before merging the potentially problematic code. If any issues, such as weak cryptography, misconfigurations, or insecure SQL, are detected, those are presented directly in the pull request. GitHub’s internal testing showed that the system processed over 170,000 findings over 30 days, resulting in 80% positive developer feedback, and indicating that the flagged issues were valid. These results showed “strong coverage” of the target ecosystems that had not been sufficiently scrutinized before. GitHub also highlights the importance of Copilot Autofix, which suggests solutions for the problems detected through GitHub Code Security. Stats from 2025 comprising over 460,000 security alerts handled by Autofix show that resolution was reached in 0.66 hours on average, compared to 1.29 hours when Autofix wasn’t used. GitHub’s adoption of AI-powered vulnerability detection marks a broader shift where security is becoming AI-augmented and also natively embedded within the development workflow itself. Red Report 2026: Why Ransomware Encryption Dropped 38% Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight. Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded. Download The Report Related Articles: Bubble AI app builder abused to steal Microsoft account credentials OpenAI rolls out ChatGPT Library to store your personal files Musician admits to $10M streaming royalty fraud using AI bots Microsoft stops force-installing the Microsoft 365 Copilot app New font-rendering trick hides malicious commands from AI tools AI Artificial Intelligence Coding GitHub Security Security Scanner Vulnerability Scanner Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Previous Article Next Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Popular Stories Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens New KB5085516 emergency update fixes Microsoft account sign-in Microsoft Exchange Online service change causes email access issues Sponsor Posts Synthetic Identities, Proxies & Real Identities for Sale, is yours next? Cyber resilience without the complexity. Join Zero Networks to stop lateral movement fast. Overdue a password health-check? Audit your Active Directory for free AI is a data-breach time bomb: Read the new report Are your AI accounts being sold on the dark web? Check for free. Upcoming Webinar Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT
← Back to stories