June ‘26 enterprise roundup

June 9, 2026

Events

While GitHub hosts our own marquee events like Universe and Galaxy each year, you will also find GitHub participating in other industry events. Here is the latest news about upcoming conferences and webinars.

📅 GitHub Universe 2026 - October 28–29 / San Francisco, CA, In-person & virtual. GitHub’s flagship developer event uniting humans, agents, and the world’s code to build what’s next.
📢 & 📺 GitHub Universe is back — All Together Now, in the Agentic Era (1:38) - GitHub Universe 2026 returns to Fort Mason Center in San Francisco on October 28–29, bringing together builders, security practitioners, and technical leaders for two days focused on navigating the shift from AI-powered code generation to fully agentic workflows. Registration is now open with Super Early Bird pricing through July 8; new this year are Ship & Tell lightning talks and deeper hands-on workshops, making this the essential in-person event for enterprise teams evaluating where AI-assisted development goes next.
📅 GitHub at Microsoft Build 2026 – Microsoft Build was in San Francisco and online June 2-3, 2026. GitHub was front and center at the event with presence across all session types, expert meet up spaces, and event activations. Go deep on real code, real systems, and real workflows with the teams building and scaling AI. GitHub was there to show how developers can build, collaborate, and ship with AI more effectively. Whether you’re looking to expand your networking reach, hear from the experts or do some hands on building, we have you covered! I have included several recorded sessions in this roundup, look for “📅 & 📺”. Use this link to explore all recorded GitHub sessions from Build.
📅 Copilot in action: Best practices and use cases for teams - June 24, 9:009:45 AM PDT This interactive session breaks down how top teams are using Copilot today. You’ll leave with actionable best practices and implementation guidance you can take back to your org, including recommended settings, rollout patterns, and guardrails used by high-performing teams, plus a closer look at Copilot Code Review. We’ll also set aside time for live discussion and Q&A—bring your questions.
📅 From Azure DevOps to GitHub: Unlock Agentic AI with Enterprise Live Migration - With coding agents, AI-assisted code review, auto-fix, and advanced security capabilities available exclusively on GitHub, the question for Azure DevOps teams is no longer if they should migrate, but how fast they can get there. In this webinar, we'll introduce Enterprise Live Migration (ELM), GitHub's new capability enabling near-zero downtime migrations from Azure DevOps to GitHub Enterprise Cloud.
📅 GitHub Roadmap Webinar, Q2 2026 - Join GitHub's Chief Product Officer on June 18, 2026 for a Q2 2026 roadmap session exploring the latest innovations shaping the future of software development from GitHub. In this session, we’ll share recent product updates and new platform capabilities designed to help developers and teams work alongside AI across planning, coding, review, security, and delivery workflows.
📅 Upcoming GitHub events, webinars & developer conferences - Skim through all upcoming events including webinars and regional events.

GitHub Platform

The team at GitHub is incredibly passionate about our work. We read every email, social post, support ticket, and we take it all to heart. We are committed to improving availability, increasing resilience, scaling for the future of software development, and communicating more transparently along the way.

GitHub for Azure DevOps Customers

For Azure DevOps customers, these resources explain why moving repositories to GitHub is becoming the practical path to AI-powered software delivery: your teams can unlock Copilot coding agents, AI-assisted code review, Advanced Security, and agentic workflows while continuing to use Azure Boards, Azure Pipelines, and Azure Test Plans—i.e. the investments you’ve made in customizing Azure DevOps to meet your organizations specific needs. If you lead developer productivity, platform strategy, or modernization efforts, this is the roadmap for adopting GitHub incrementally—learning from Microsoft’s own migration, preserving operational continuity, and positioning your SDLC for the next wave of AI-driven engineering.

📢 How Microsoft is migrating repositories to GitHub - Azure DevOps Blog – Microsoft’s own migration of thousands of repositories reveals a pivotal shift: in the AI era, where your code lives directly impacts how much value you can unlock from tools like Copilot and agentic workflows. This post shows how Microsoft is moving to GitHub at scale—without halting development—by combining modern migration tooling with a hybrid model that preserves critical Azure DevOps workflows. If you’re responsible for developer productivity or platform strategy, this is a blueprint for how to incrementally modernize your SDLC and operationalize AI across thousands of repos—with real lessons from Microsoft’s internal transformation.
📅 & 📺 Azure DevOps meets GitHub, the path to AI powered SDLC - Microsoft Build 2026 (44:25) - Azure DevOps and GitHub are better together—and the integration keeps getting smarter. In this demo-heavy session, you’ll see how hybrid patterns that connect GitHub with Azure Boards and Azure Pipelines enable Agentic DevOps. See the all of the newest AI-powered capabilities in Azure DevOps. Plus, hear how Microsoft's engineering teams adopted this approach and what they gained. For more related resources see https://aka.ms/build26/BRK202
📢 Azure DevOps and GitHub: Journeying into the AI Era - Azure DevOps Blog – AI is becoming the driving force behind how software gets built—and this post explains why organizations are increasingly shifting source control to GitHub to unlock agentic, AI-powered workflows across the entire SDLC, while still leveraging Azure DevOps where it matters. It outlines a pragmatic, enterprise-ready path (including hybrid models and large-scale migration strategies) that lets teams adopt AI capabilities faster without disrupting existing pipelines. If you're responsible for developer productivity or platform strategy, this is your roadmap for staying competitive as AI reshapes modern DevOps.
📢 Copilot Code Reviews for Azure Repos - Bring AI-powered code reviews directly into your existing Azure Repos workflows—without requiring a full migration to GitHub. This limited preview of Copilot Code Reviews surfaces actionable feedback directly in pull requests, helping teams catch issues earlier, accelerate reviews, and improve code quality with minimal friction. For enterprise teams balancing modernization with operational constraints, this is a critical bridge to adopt AI-driven development practices today while staying on your current platform.
📢 Enterprise Live Migrations: Moving from Azure DevOps Repo to GitHub with minimal disruption – Enterprise Live Migrations introduces a new way to move repositories from Azure DevOps to GitHub without the multi-day outages and development freezes that typically slow enterprise migrations—using continuous sync so teams can keep shipping code throughout the transition. For organizations under pressure to adopt GitHub’s latest AI-powered development capabilities, this approach significantly reduces risk, downtime, and coordination complexity, enabling a controlled cutover in under 30 minutes instead of days. If you’re leading large-scale platform modernization or GitHub adoption, this is a practical blueprint for executing migrations at enterprise scale without disrupting critical workloads or developer productivity.

General Platform Updates

🚢 Issue fields are now in public preview for all organizations - Enterprise teams can replace sprawling label systems with org-level typed metadata fields (priority, effort, and custom single-select, text, number, and date fields) that automatically appear on every issue across every repository—queryable via REST and GraphQL APIs, filterable in project views, and automatable via webhooks and GitHub Actions—with over 1,000 organizations already in the preview since March.
🚢 Timestamp fields in GitHub Projects - GitHub Projects now includes native Created, Updated, and Closed timestamp fields that can be added to any project view, enabling teams to sort and filter by lifecycle state without custom fields—making "recently completed" and "stale work" views trivial to build for large-scale engineering project management.
🚢 Disable commit comments on the user level - Developers can now set a personal default for commit comment behavior across all their repositories at once, with individual repository overrides still respected—eliminating the need to configure each repository separately when enforcing consistent commit comment policies across a large portfolio.
🚢 GitHub App installation tokens: Per-request override header - Teams building GitHub App integrations on GitHub Enterprise Cloud can now force either the new stateless JWT-format token (~520 characters) or the classic opaque token on a per-request basis via the X-GitHub-Stateless-S2S-Token header—enabling proactive compatibility validation before the rollout reaches your app, and a temporary opt-out path if you need more time to update token handling in database columns, regex validators, or authentication middleware.
🚢 GitHub Changelog - GitHub Platform - Skim through all of the recent GitHub Platform related changes.

Enterprise Management & Governance

We have been listening to our enterprise customers for years. We are excited to share product updates and new guidance to assist those who manage GitHub for hundreds if not thousands of stakeholders. This month's updates demonstrate how we are acting on your feedback to address the issues in multiple areas you face managing GitHub Enterprise at scale not only with new features and capabilities but, with new guidance to properly manage it all in your world.

General

📐 Governance Administration Essentials - UPDATE: This comprehensive Well-Architected guide walks enterprise and organization owners through every foundational governance decision for GitHub Enterprise Cloud in a single learning flow—covering structural components (enterprise account, organizations, repositories, and teams as distinct control planes), identity provider integration, repository ruleset design, and audit log operations, with opinionated, prescriptive guidance on the architectural trade-offs at each layer. If you're setting up GHEC for the first time or auditing an existing deployment for gaps, this is the single reference that surfaces the patterns and policy decisions that prevent governance debt from accumulating as your organization scales.
📄 Security configuration statuses - If you’re responsible for scaling security across hundreds or thousands of repositories, understanding configuration statuses is essential to knowing whether your policies are actually being applied, enforced, or silently drifting. This page gives you a precise operational model for detecting gaps, conflicts, and failures—so you can quickly identify where governance breaks down and take corrective action. It equips you to move from assumed compliance to verifiable, auditable security posture across your organization.
🚢 Enterprise Teams is now generally available - Define a team once at the enterprise account level and it automatically propagates across every organization—including IdP-driven membership via SCIM for EMU—so platform teams, SRE groups, and security reviewers no longer need to be recreated and reconciled in each org; GA limits of 2,500 teams per enterprise and 5,000 members per team, with @mention support, PR reviewer requests across orgs, ruleset bypass actor assignment, and full audit log coverage.
📚 What is a DevOps engineer? - A DevOps engineer is the pivotal role that breaks down silos between development and operations—driving faster, more reliable software delivery by unifying people, processes, and tooling across the entire SDLC. For enterprise teams, understanding this role is key to unlocking automation, scalability, and AI‑powered workflows that accelerate innovation while improving quality, security, and collaboration at scale.
🚢 Repository rulesets: user bypass and branch renaming - Two frequently requested governance improvements ship together: admins can now grant bypass access to individual users or service accounts directly without creating dedicated teams, and repository admins can independently rename protected branches (such as migrating from master to main) as long as the new name stays within all existing ruleset scopes.
🚢 New Enterprise Installation API now in public preview - GitHub App developers building enterprise integrations can now retrieve enterprise installation IDs directly via a dedicated API endpoint—matching the existing organization, repository, and user installation APIs—eliminating the need to paginate through all installations to obtain the correct token for enterprise-scoped operations.
🚢 Hard budget limits now available for GitHub Advanced Security - Enterprise admins can now enforce hard license caps on GHAS that block new license assignments once the limit is reached—preventing accidental overspending during IdP-driven provisioning events like group sync—with real-time dollar cost estimates per license count and continued 75%/90%/100% threshold email alerts alongside the hard cap.

GitHub Copilot – Usage Based Billing

🚢 Updates to GitHub Copilot billing and plans - As of June 1, usage-based billing is live for all Copilot plans; enterprise admins now have generally available user-level budget controls to cap per-user AI credit spend, Copilot code review consumes GitHub Actions minutes in addition to AI credits, and a new default Actions runner setting lets org admins apply a runner configuration across all repositories without per-repo setup.
📅 Agent Quality & Token Optimization (57:28) - (On Demand Webinar) With GitHub's shift to Usage Based Billing, token management is top of mind for many customers, and teams start asking how they can optimize their token usage. But token cost is only the surface problem, the real challenge is agent quality. Because if your agent misses, your token strategy has already failed. In this session, we'll dig into the dynamics of tokens and quality, understand the foundations of how LLMs, Harnesses and the context window affect agent behavior, and top it off by diving into the controls you can employ to improve agent quality, optimize token usage and reduce your spend.
🚢 April reports now available to prepare for usage-based billing - Copilot Business and Enterprise admins can now download April usage reports to see exactly how real activity maps to the new AI credit units taking effect June 1—enabling you to identify top consumers, surface-level spending patterns, and model preferences before the billing switch happens. Key caveats: 0x-model usage from April 1–24 is excluded (roughly 2% of activity at scale), and duplicate entries may appear for April 24–30 due to a data backfill gap, so treat totals as directional estimates.
📢 & 📺 Improving token efficiency in GitHub Agentic Workflows - As agentic workflows automatically trigger on every pull request, token costs can silently compound into significant API spend; this post reveals how GitHub's own team discovered that unused MCP tool registrations were the most common culprit, adding 10–15 KB of schema overhead to every request. Using two daily AI-powered optimization workflows—an Auditor and an Optimizer—they achieved up to 60% token reduction in some workflows, offering enterprise teams a practical, replicable approach to containing agentic AI costs without sacrificing automation benefits.

GitHub Copilot & AI

📄 Adopting GitHub Copilot in your enterprise - This guidance shows how to confidently adopt AI-powered development at enterprise scale while maintaining the governance, compliance, and control your organization requires. It equips leaders with the frameworks and guardrails needed to balance rapid innovation—such as agentic workflows—with responsible oversight of code, data, and security. Understanding this is critical to unlocking Copilot’s full productivity gains without introducing unmanaged risk or fragmentation across your development environment.
🗣️ GitHub Copilot support for data security, privacy, and legal protection · community · Discussion #196578 - This discussion surfaces the most critical unanswered questions enterprise teams must address before adopting GitHub Copilot at scale—covering data security, privacy controls, and legal liability exposure around AI‑generated code. It highlights the gaps in clearly understood guarantees (e.g., training data handling, IP risk, compliance alignment) that can directly impact governance, risk posture, and regulatory compliance. If you’re responsible for enabling AI in the SDLC, this is a concise checklist of the exact assurances and documentation your organization should validate before rollout.
📅 & 📺 Future of Developer Productivity: Microsoft’s EngThrive Framework in Practice - Microsoft Build 2026 (47:45) - AI is transforming how we write code, but the teams shipping fastest go beyond tools—they systematically remove bottlenecks in the development process. This session gives you a practical framework to measure and improve developer productivity in the AI era, based on Microsoft’s EngThrive model of Speed, Ease, and Quality. See how to apply each dimension through case studies, including a team that reduced developer toil by 25%. You’ll leave with clear metrics to track, dashboards to build, and actions that work for teams of any size.
🚢 Target Copilot models to organizations with model rules - Enterprise owners can now create targeted model rules to allow specific Copilot models for selected organizations rather than applying a single enterprise-wide setting, enabling fine-grained AI governance where different teams or business units access only the models appropriate to their workflows. A refreshed default model availability interface also makes it easier to set each model to Enabled (auto-on for all orgs) or Optional (org-level opt-in) from a single configuration page.
🚢 Copilot Memory supports user preferences for Business and Enterprise - Copilot Memory—which captures user-level preferences like communication style, tool stack, and git conventions—is now in public preview for Business and Enterprise users, with admin controls including a policy toggle, bulk export for auditing, bulk delete, and billing-entity data isolation to meet enterprise governance and compliance requirements.
📄 About enterprise-managed plugin standards for Copilot CLI - Centralized control over Copilot CLI plugins enables enterprise teams to enforce consistent tooling, reduce onboarding friction, and eliminate misconfiguration risks across developers. By defining policies in a version-controlled repository, you gain auditable governance and ensure every engineer starts with the right plugins and marketplaces automatically. This capability is key to scaling AI-powered development safely, consistently, and efficiently across your organization. See also the related changelog: 🚢 Enterprise managed plugins in GitHub Copilot CLI are now in public preview.
🚢 Enterprise-managed plugins in VS Code in public preview - The enterprise plugin governance framework introduced for Copilot CLI now extends to VS Code 1.122—a single settings.json in your .github-private repository drives automatic plugin installation, custom agent and skill distribution, hooks, and MCP configurations for all licensed users across both clients simultaneously, unifying the control plane for enterprise AI tooling across the two most common developer environments.
🚢 Copilot Memory has more controls for deletion, scope, and the Copilot CLI - Repository admins can now disable Copilot Memory at the repository level from existing feature controls in repository settings, while new /memory CLI commands let developers toggle memory on or off and check its status from the terminal with the setting persisting across sessions. A refreshed store_memory permission prompt also explicitly distinguishes user-level preferences from repository-level facts—giving enterprise teams precise control over what AI context persists and at what scope, which is critical for organizations with sensitive codebases or strict data governance requirements.
🚢 Copilot code review comment types now in usage metrics API - Enterprise and organization admins can now break down Copilot code review suggestions by comment type (e.g., security, bug_risk) in the usage metrics API—showing both how many suggestions Copilot posted and how many developers actually applied—giving leaders the data to measure where AI-assisted review delivers the most impact across their pull request workflows.
🚢 Audit repository Copilot cloud agent configuration via the REST API - Enterprise and organization administrators can now programmatically retrieve a repository's full Copilot cloud agent configuration via a new REST API in public preview, enabling governance teams to build automated compliance checks and audit pipelines that verify agent settings at scale without requiring manual inspection of each repository in the GitHub UI.
🚢 Team-level Copilot usage metrics now available via API - Enterprise and organization administrators can now join the new user-teams report to the per-user usage report via API to produce team-level Copilot adoption metrics—covering completions, chat, Copilot CLI, code review, and cloud agent activity broken down by language, IDE, feature, and model—enabling data-driven decisions about where to focus enablement investment and which teams are driving or lagging on AI adoption. Teams with fewer than five Copilot-seated members are excluded from the team report, and members in multiple teams will have activity counted in each team's aggregate.
🚢 Copilot usage metrics reports now use GitHub-owned download URLs - Enterprise firewall and proxy allowlists must be updated to include copilot-reports.github.com (GHEC) or copilot-reports.SUBDOMAIN.ghe.com (GHE.com) before the legacy *.b01.azurefd.net Azure Front Door domain is deprecated—ensuring Copilot usage metrics API integrations and automation scripts are not disrupted by infrastructure changes.
🚢 Copilot usage metrics API adds cohorts for AI adoption - The Copilot usage metrics API now classifies each engaged user into one of four AI adoption phases—code-first, agent-first, or multi-agent—over a rolling 28-day window, giving enterprise admins actionable cohort data to track workforce AI maturity, target enablement programs, and measure progression from basic completions into agentic workflows.
🚢 Budget and usage management APIs now generally available - Enterprise and organization admins can now programmatically manage the full budget lifecycle—create, update, and delete budgets with alert thresholds via API—plus a new Usage Summary API that queries aggregate or filtered AI credit consumption by org, repo, cost center, product, or SKU at year/month/day granularity, enabling automated governance workflows, chargeback reporting pipelines, and real-time spend visibility without manual UI access.
🚢 API access to billing usage reports now generally available - Enterprise administrators can now programmatically request and download billing usage reports in CSV format via REST API, bringing the same detailed reporting previously available only in the UI into automation pipelines, financial dashboards, and reporting tools without manual intervention.

GitHub Enterprise Server

📄 GitHub Enterprise Server on Azure Local is now in public preview - If your organization requires sovereign deployments or operates in regulated environments, Azure Local is Microsoft's distributed infrastructure solution that enables this. Supporting regulated deployments, you can now host GitHub Enterprise Server on Azure Local.
📢 Investigation update: GitHub Enterprise Server signing key rotation - GitHub has confirmed a real-world supply chain attack that led to unauthorized access of internal repositories—triggering immediate security actions including signing key rotation that requires urgent action from GitHub Enterprise Server admins. If you run GHES, failing to rotate keys will block future updates and leave you exposed to evolving threats, making this both a security and operational continuity concern. This post details exactly what happened, what GitHub has (and hasn’t) confirmed about customer impact, and why security response speed, verification practices, and update hygiene matter more than ever in an AI-amplified threat landscape.
🚢 Enterprise Live Migrations is now in public preview - ELM eliminates the extended code freezes that make migrating large, active repositories from GHES to GHEC with data residency so difficult: it continuously syncs data while developers keep working, reducing cutover time from days to minutes and enabling purpose-built handling of massive monorepos with around-the-clock activity.
🚢 GitHub Enterprise Server 3.21 release candidate is available - The GHES 3.21 RC delivers organization custom properties (GA), Projects hierarchy view (GA), REST API version 2026-03-10 with breaking changes, configurable multiple data disks for improved storage scalability, and enterprise governance improvements for secret scanning—download the RC now to validate your upgrade path and provide feedback before the GA release.

Developer Skills

General developer expertise based on our own experience and the collective experience of our customers and partners. It's time to start diving into how AI is going to work alongside you to make you a better, more productive developer, not replace you. This month we have a set of articles to help you better understand AI at its core and how it works.

🗣️ Welcome to GitHub Learn! - GitHub Learn is the consolidated hub for developer education on GitHub, bringing together self-paced courses, hands-on GitHub Skills exercises, and official certifications—including GitHub Foundations, Copilot, Actions, Advanced Security, and Administration—into a single destination. Whether you're building a developer onboarding program or helping engineers validate their expertise with recognized credentials, this community space is where to ask questions, share learning strategies, and stay current on new courses and certification program updates.
📢 & 📺 GitHub for Beginners: Getting started with Git and GitHub in VS Code (9:03) - This step-by-step guide covers using VS Code's built-in Source Control panel to initialize repositories, create and switch branches, track file changes with gutter indicators, view diffs side-by-side, and push commits to GitHub—all without leaving the editor. For enterprise teams standardizing on VS Code, it's a practical onboarding reference that helps new developers become productive with Git and GitHub workflows immediately.
📢 & 📺 GitHub for Beginners: Answers to some common questions (12:05) - A practical, no‑fluff guide to the GitHub concepts that most often slow teams down—authentication, branching strategies, pull requests, and conflict resolution—this post distills the answers developers repeatedly search for into clear, actionable patterns. For enterprise teams, mastering these fundamentals directly impacts security posture, collaboration efficiency, and code quality—making it essential reading if you want to reduce friction across your development lifecycle and scale best practices consistently.
📚 What is DevOps? - This foundational guide covers the DevOps methodology—its origins, the three core principles of cross-team collaboration, automation, and CI/CD, and the full eight-phase lifecycle from plan through monitor—along with the key benefits of faster delivery, improved reliability, enhanced security, and business agility. For enterprise leaders making the case for DevOps investment or helping teams understand how GitHub fits into their development workflow, this is a clear, authoritative reference that speaks to both technical and business audiences.
📚 What is a DevOps engineer? - This resource defines the full scope of a DevOps engineer's responsibilities—bridging development and operations teams, managing infrastructure and automation, implementing CI/CD pipelines, and overseeing quality assurance and monitoring—with clarity on how the role varies across organizations and what distinguishes it from adjacent positions. For engineering leaders defining hiring criteria, structuring team roles, or explaining DevOps accountability to stakeholders, this is a practical reference for aligning expectations and building a shared understanding of the role.
📚 What is a CLI? - Command-line interfaces remain foundational to modern computing despite the prevalence of GUIs—they power CI/CD pipelines, cloud operations, scripting, and API integration at scale across every enterprise engineering environment. For development leaders building onboarding programs or evaluating tooling strategy, this clear primer helps both new and experienced developers understand why CLIs are indispensable in automation-first engineering workflows.
📚 What is an SDK? - This article breaks down what a software development kit contains—libraries, APIs, compilers, debuggers, testing tools, and deployment utilities—and explains how SDKs accelerate development by providing pre-validated components that reduce boilerplate, lower bug rates, and ensure consistent platform integration across teams. For enterprise developers evaluating third-party integrations or building internal SDKs for shared platform capabilities, this guide clarifies the trade-offs that distinguish SDKs from raw APIs and makes the case for standardized tooling.

AI & ML - GitHub Copilot

Recent advancements and feature updates for GitHub Copilot, with a particular focus on the GitHub Copilot cloud agent, GitHub Copilot CLI and the GitHub Copilot SDK.

📢 & 📺 GitHub Copilot app: The agent-native desktop experience (2 videos) - At Microsoft Build 2026, GitHub introduced new tools, updates, and surfaces so agents can work the way you already work:
- Copilot app: A control center for agent-native development - The GitHub Copilot app acts as a centralized control plane for managing multiple AI agents, making their work visible, auditable, and steerable in real time. For enterprise teams, this is your path to safely scaling AI-driven development without losing control over quality, security, or delivery outcomes. Also, the GitHub Copilot app brings a lower barrier to entry for non-technical team members to supercharge their SDLC workflows with the agentic power of GitHub Copilot. For example, leverage the GitHub Copilot cloud agent to improve User Stories and Bugs in your planning and tracking tool via the related MCP servers or, turn GitHub Security Campaigns into User Stories so that you can track security vulnerability remediation along with the rest of your work.
- Code review that scales with agentic output - As AI agents dramatically increase the volume of generated pull requests, traditional code review becomes a bottleneck—GitHub is rethinking review to scale with that reality. Copilot’s agentic code review introduces customizable, policy-aware automation that filters noise, enforces standards, and focuses human attention where it matters most. For enterprise teams, this is critical to maintaining code quality, security, and governance as AI-driven development accelerates beyond what manual processes can keep up with. And if you’re working on Azure DevOps, you can now use Copilot code review natively. 
- Additional new capabilities including Agent Merge (autonomous CI monitoring, reviewer tracking, and auto-merge), cloud and local sandboxes, and agentic browsing make it practical to direct dozens of concurrent agents without losing track of what's running or where human judgment is needed. The GitHub Copilot SDK is now generally available, Copilot CLI has a redesigned TUI in /experimental mode with tabbed access to pull requests, issues, and gists from the terminal. Voice mode uses on-device speech-to-text, so audio never leaves your machine. /every schedules recurring prompts and background tasks.
- Check out the full GitHub blog post from Microsoft Build for all of the updates.
📚 Gartner® Magic Quadrant™ for Enterprise AI Coding Agents - For the third consecutive year, Gartner has positioned GitHub as a Leader in the Magic Quadrant™ for Enterprise AI Coding Agents, this time ranked highest in Ability to Execute among all 12 evaluated vendors. With GitHub Copilot now serving 140,000 organizations—nearly triple year-over-year—and Gartner projecting that agentic AI workflows will improve engineering productivity by 30–50% by 2028. For engineering leaders building the business case for Copilot investment or benchmarking against competing platforms, this is the third-party analysis that grounds the strategic conversation in structured evaluation criteria. See the related blog post: 📢 GitHub recognized as a Leader in the Gartner® Magic Quadrant™ for Enterprise AI Coding Agents for the third year in a row 
- Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner and Magic Quadrant are trademarks of Gartner, Inc., and/or its affiliates. Gartner, Magic Quadrant for Enterprise AI Coding Agents, Philip Walsh, Keith Holloway, Matt Brasier, Nitish Tyagi, Neha Agarwal, 20 May 2026.
📚 AI infrastructure design - Teams rolling out Copilot should invest in a deliberate "AI infrastructure" layer—instructions files for code generation standards, agent skills for repeatable lower-level tasks, custom agents for complex multi-step orchestration, and MCP servers for tooling context—applying the same rigor they'd bring to CI/CD pipelines or reusable workflow libraries. It provides a clear decision framework for when to use each tool, with practical examples that help engineering leaders move from ad-hoc Copilot adoption to a governed, scalable AI-assisted development practice.
🚢 Cloud and local sandboxes for GitHub Copilot now in public preview - Enterprise and security teams can now govern exactly where and how Copilot executes tool calls and shell commands: local sandboxes (built on Microsoft MXC) restrict Copilot's filesystem, network, and system access on the developer's machine with policies centrally enforced via Microsoft Intune, while cloud sandboxes launch fully isolated, ephemeral Linux environments on GitHub—both inheriting your existing Copilot org policies with no additional setup required.
🚢 Larger context windows and configurable reasoning levels for GitHub Copilot - One-million-token context windows and configurable reasoning levels are now available in VS Code, Copilot CLI, and the GitHub Copilot app, enabling enterprise developers to work across large codebases and complex multi-file projects without losing context—though enterprise administrators should be aware that extended context and higher reasoning levels consume more AI credits per interaction than the defaults.
🚢 Shape Copilot code review around your team - Copilot code review now ships two enterprise-targeted capabilities in public preview: agent skills and MCP server connections that pull team-specific context (issue trackers, documentation, incident tools) into every review—breaking the bottleneck of senior engineers manually enforcing consistency—plus a new Medium analysis tier that routes complex pull requests to a higher-reasoning model while Low remains cost-efficient for straightforward changes, with admins setting the tier per repository to match code complexity with AI budget.
🚢 Copilot Chat brings richer context to pull requests - Copilot Chat is now generally available for all license holders directly in the pull request diff view on github.com—with code and conversation side-by-side, automatic pull request context injection, and improved performance delivering faster, higher-quality answers—so reviewers can ask questions about specific lines, generate PR summaries, and get inline feedback without toggling away from the diff.
📺 How to extend Copilot code review with MCP and custom skills | demo (3:33) - Most AI code reviewers only look at the diff, leaving them only with your internal systems and guidelines. You can now extend GitHub Copilot code review using Model Context Protocol (MCP) and custom agent skills to include your team's specific context. By connecting external documentation and defining review checklists in your repository, every pull request gets a highly tailored review pass. Watch how Copilot surfaces actionable findings based on your exact engineering standards.
📅 & 📺 Why your AI code doesn’t ship: Closing the gap to production - Microsoft Build 2026 (48:55) - AI isn't just autocompleting your code anymore — it's writing plans, shipping PRs, fixing pipelines, and patching prod. In this demo-heavy session, we'll show AI agents working across the entire dev lifecycle: planning, coding, CI/CD, and live operations. You'll see how to move faster, keep agents on a leash, and build systems that fix themselves.
🚢 Ask questions in context with Copilot on web - Copilot chat on github.com now opens as a side panel on the current page—automatically attaching the pull request, issue, or other GitHub artifact you're viewing as context—so developers get fast, in-context answers without navigating away, with the option to escalate to full immersive chat or kick off an agent session directly from the panel.
📺 GitHub Copilot: Your AI Companion for Every Workflow (28:09) - Explore the world of GitHub Copilot and how it fits into every part of the developer workflow. See how Copilot integrates with the CLI, VS Code, Visual Studio, and other popular code editors to help you move faster from idea to implementation. We’ll take a whirlwind tour of the end-to-end dev experience, from writing and understanding code to debugging, reviewing, and shipping with confidence. Whether you’re new to Copilot or looking to level up, this session will show how AI can become your everyday coding companion.
📚 AI Coding Tools | For Beginner & Expert Coders - AI coding tools are rapidly reshaping how software gets built—enabling developers to generate, review, and optimize code in real time using natural language and context. For enterprise teams, this means faster onboarding, automated testing, better code quality, and significant productivity gains—all while raising important considerations around accuracy, security, and governance that leaders can’t ignore. If you’re driving developer productivity or scaling modern engineering practices, understanding how to effectively adopt and govern these AI capabilities is quickly becoming a competitive necessity—not just an optimization.

GitHub Copilot cloud agent

🥼 Agents are power tools - This GitHub Next post offers a clarifying mental model for engineering leaders deciding how to govern AI agents in production: agents are power tools, agentic workflows are machine tools (guided, repeatable, and governed), and agentic human processes are production lines (sequenced handoffs between automated and supervised steps). The shift from anthropomorphizing agents to treating them as force multipliers helps teams optimize for safety, precision, and throughput—directly applicable to anyone designing or setting governance guardrails around enterprise agentic workflows.
📅 & 📺 Claude Is in Copilot. Here's What That Actually Means - Microsoft Build 2026 (12:15) - Claude runs as a coding agent inside GitHub Copilot in VS Code. But what does that actually look like at the code level? How is context assembled? What tools does Claude have access to? What happens when you pick Claude in the model picker versus letting Copilot run? Tyler Leonhardt goes inside the integration so you know exactly what you are working with.
🚢 Extend GitHub with agent apps - GitHub Marketplace now hosts partner AI agents—from Amplitude, Bright Security, PagerDuty, Endor Labs, and others—that install like any GitHub App and integrate directly into your workflows via issue assignment, PR @-mention, or the Agents UI prompt, giving enterprise teams instant access to specialized AI capabilities from ecosystem partners without building custom integrations.
📢 Validating agentic behavior when "correct" isn't deterministic - Traditional CI testing breaks down for autonomous agents because the same task can be accomplished via multiple valid execution paths, causing correct agent runs to be flagged as failures when timing or rendering varies slightly. This post introduces a "Trust Layer" validation model based on dominatory analysis that focuses on essential outcomes rather than rigid step sequences, giving teams a lightweight, CI-ready framework for validating agentic workflows without the false negatives that halt production pipelines.
📢 Agent pull requests are everywhere. Here's how to review them. - With more than one in five code reviews on GitHub now involving an agent and a January 2026 study finding that agent-generated code introduces more redundancy and technical debt than human-written code—yet reviewers feel more confident approving it—the stakes for getting AI PR review right have never been higher. This practical guide outlines the most dangerous failure modes to check for: CI gaming (removed tests, weakened thresholds), code reuse blindness (duplicated utilities the agent didn't know existed), and hallucinated correctness (code that compiles and passes tests but produces wrong results).
🥼 Agency is the new resilience - This GitHub Next post reframes agents' nondeterminism as a feature rather than a liability: agents adapt to changing environments—unavailable APIs, moved files, changed schemas—the same way retry logic and circuit breakers handle network unreliability in distributed systems. The author maps familiar resilience patterns to their agentic equivalents (modified resubmission, resource rediscovery, error reclassification) and identifies concrete system design practices—like detailed error messages and stable resource identifiers—that help agents exercise their built-in resilience more effectively.
🥼 Agent Functions - GitHub Next's Agent Functions proposal structures agentic work around reusable, typed functions stored in a shared registry and executed in locked-down microVMs with minimal capabilities—replacing the current pattern of agents generating throwaway nonce code on every run. For enterprise teams building agentic automation at scale, the model directly addresses runaway token costs from overprivileged tool loading, prompt injection risk from untrusted execution contexts, and the inability to share and benchmark agentic task implementations across projects.
📚 What are multi-agent systems? - As multi-agent architectures become the standard approach for complex enterprise AI workflows, this foundational GitHub Resources article explains the full perceive-reason-act-communicate-coordinate lifecycle, key design patterns, and a practical decision matrix mapping real-world scenarios (large context, parallel work, multiple decision checkpoints, high failure impact) to single- vs. multi-agent tradeoffs. Teams evaluating or designing agentic systems for enterprise use will find this an essential reference for making deliberate, defensible architectural choices before committing to an implementation framework.
🚢 Schedule and automate tasks with Copilot cloud agent - Copilot cloud agent's new automations feature lets teams eliminate repetitive manual work by scheduling the agent to run on a time interval or in response to repository events—such as triaging new issues, fixing failing tests nightly, or preparing weekly release notes—with full control over the tools the agent can use and the model it runs on.
🚢 Easily apply Copilot code review feedback with Copilot cloud agent - The renamed Fix with Copilot button now opens a pre-handoff dialog where developers can choose whether changes apply directly to the current PR or a new branch, select the implementation model, and add custom instructions—while the new Fix batch with Copilot button lets teams hand off multiple Copilot code review comments to the cloud agent at once for efficient bulk remediation.
🚢 Copilot code review comment experience improvements - Copilot code review comments now carry High/Medium/Low severity labels and automatically group duplicate suggestions, so pull request reviewers can immediately focus on the most critical feedback and avoid processing repetitive noise—particularly valuable on large enterprise pull requests where Copilot may generate many suggestions across the same codebase patterns.
🚢 More flexible secrets and variables for Copilot cloud agent - Enterprise and organization administrators can now configure Copilot cloud agent secrets and variables at the organization level and share them across any or all repositories—making it practical to roll out shared resources like internal package registry tokens or common MCP server configurations at scale, without duplicating configuration in every individual repository's Actions settings.
🚢 Start Copilot cloud agent tasks via the REST API - The new Agent Tasks REST API (public preview) lets Copilot Business and Enterprise teams programmatically trigger cloud agent sessions—enabling large-scale refactors across many repositories from a single script, internal developer portal integrations, or automated weekly release note preparation—with progress tracking available through the same API.
🚢 Agent tasks REST API now available for Copilot Pro, Pro+, and Max - Copilot Pro, Pro+, and Max users can now programmatically start and track Copilot cloud agent tasks via a public preview REST API, enabling automation scenarios such as fan-out refactors across many repositories from a single script, one-click repository bootstrapping from internal developer portals, and automated weekly release note preparation—with progress trackable through the same API using standard PAT or OAuth authentication.

GitHub Copilot CLI

📅 & 📺 From CLI to PR: Automating the path to merged code - Microsoft Build 2026 - Everyone talks about agents, but the real challenge is applying them to daily sprints. Moving beyond chat, we'll show how GitHub Copilot functions as an agentic partner in your workflow by live-coding a full cycle—from planning in the terminal to delegating work to the cloud and automating PR reviews. No high-level abstractions here. Just technical mechanics: context management, advanced features with Copilot CLI, and the patterns that make agentic workflows actually stick.
🚢 Copilot CLI: Improved UI, rubber duck, prompt scheduling, and voice input - This Microsoft Build 2026 update delivers four production-ready capabilities: rubber duck (a built-in critic agent that proactively challenges the main agent's plans and implementations), /every and /after prompt scheduling (for recurring or deferred CLI tasks without requiring your machine to stay awake), on-device voice input via hold-to-dictate (local speech-to-text with no audio leaving your machine), and an experimental redesigned terminal interface with tabbed views for Issues, PRs, and Gists—plus accessibility color modes and screen reader support.
🚢 Rubber Duck in GitHub Copilot CLI now supports more models - GPT-session users can now access a Claude-powered Rubber Duck critic for cross-family architectural and bug reviews, while Claude-session users gain the stronger GPT-5.5 as their second-opinion model, ensuring all Copilot CLI users benefit from diverse model perspectives regardless of which orchestrator they've selected.
🚢 Gain insights across your agent sessions with /chronicle - The /chronicle command now spans a developer's full session history across Copilot cloud agent, code review, the Copilot app, VS Code, and JetBrains—enabling standup summaries, personalized usage tips, custom instruction generation, and cross-device session continuity via local session sync to GitHub (requires admin enablement for Business and Enterprise users).
📢 & 📺 Dungeons & Desktops: Building a procedurally generated roguelike with GitHub Copilot CLI (1:24) - This hands-on walkthrough demonstrates a practical "describe-delegate-review" workflow using Copilot CLI's /delegate command, which hands tasks off to the cloud agent asynchronously so the developer can do something else while it works—then reviews the resulting pull request. The project also illustrates how Copilot-generated sub-agents can handle specialized tasks like documentation generation, showing how enterprise teams can compose richer CLI-driven automation by chaining agents together.
📢 Take your local GitHub sessions anywhere (1:01) - Developers running long-horizon Copilot CLI or VS Code sessions can now monitor and steer those sessions in real time from their phone or any browser using the new /remote on command—enabling the full workflow from planning to merge without losing context when stepping away from the workstation. Note for Copilot Business and Enterprise admins: remote control must be explicitly enabled via CLI policies before users can access this feature. See also the related changelog: 🚢 Remote control for Copilot CLI sessions now generally available on mobile, web, and VS Code.
📺 Step away from your desk with Copilot remote sessions (2:37) - You can now continue your Copilot CLI, VS Code, and JetBrains sessions from anywhere. With the new remote control feature, simply type /remote on to access your agent via your phone or web browser. We made it easy to approve tool calls, review diffs, and queue messages right from the GitHub mobile app. Best of all, it works securely with any source control setup. Try it out today and take your coding workflow on the go.
📚 What is a CLI? - Command-line interfaces remain foundational to modern computing despite the prevalence of GUIs—they power CI/CD pipelines, cloud operations, scripting, and API integration at scale across every enterprise engineering environment. For development leaders building onboarding programs or evaluating tooling strategy, this clear primer helps both new and experienced developers understand why CLIs are indispensable in automation-first engineering workflows.

GitHub Copilot app

The GitHub app is the only desktop experience for agent-driven development built natively on the GitHub Copilot CLI. Available for customers on paid GitHub Copilot plans for macOS, Windows, and Linux.

🚢 GitHub Copilot app is now available in technical preview - The GitHub Copilot app brings a dedicated desktop experience for agentic development that starts directly from GitHub issues, PRs, or prompts—with per-session branch isolation, an integrated terminal and browser for local validation, and Agent Merge to automatically address review comments, fix CI failures, and merge once conditions are met; Copilot Business and Enterprise admins must enable Copilot CLI in policy settings and enable previews before users can access it.
🚢 Expanded technical preview availability for the GitHub Copilot app - The Copilot app technical preview is now open to all Copilot Pro, Pro+, Business, and Enterprise subscribers, and this release introduces canvases—structured, interactive work surfaces where agents update plans, pull requests, and terminal state in real time while developers inspect, steer, and verify work directly on the same surface without scrolling through chat transcripts.
📅 & 📺 Late to agentic coding? Don’t panic, build - Microsoft Build 2026 (26:24) - Feeling behind on agentic coding? You’re not. In this demo-heavy session, we’ll show how to go from idea to shipped. You’ll see practical patterns for planning tasks, delegating implementation, reviewing AI-generated PRs, and shipping with guardrails. No hype - just real workflows you can apply with your team right away.

GitHub Copilot SDK

🚢 Copilot SDK is now generally available - The GitHub Copilot SDK reaches GA in six languages (Node.js/TypeScript, Python, Go, .NET, Rust, and Java—the last two new at GA), giving enterprise engineering teams a stable, production-ready API to embed Copilot's agentic runtime—including planning, tool invocation, file editing, streaming, and multi-turn sessions—directly into internal tools, CI/CD assistants, and customer-facing AI features without building custom orchestration layers.
📅 & 📺 Your agent, anywhere: MultiClient, MultiDevice with GitHub Copilot SDK - Microsoft Build 2026 (38:16) - Agents are powerful on your machine, but what happens when you need them everywhere else? In this session, we'll show how GitHub Copilot SDK lets you build an agent, embed it in an app, and take it with you across devices and into the cloud. You'll see how to go from a local agent to one you can access on your phone, move between machines, and run across multiple clients. If you've been working with agents locally and wondering what the next step looks like, this is it.
📚 What is an SDK? - This article breaks down what a software development kit contains—libraries, APIs, compilers, debuggers, testing tools, and deployment utilities—and explains how SDKs accelerate development by providing pre-validated components that reduce boilerplate, lower bug rates, and ensure consistent platform integration across teams. For enterprise developers evaluating third-party integrations or building internal SDKs for shared platform capabilities, this guide clarifies the trade-offs that distinguish SDKs from raw APIs and makes the case for standardized tooling.

GitHub Copilot Agentic Workflows

📅 & 📺 Rethinking CI: Actions, AI Agents, and the End of Commit-Fail-Commit - Microsoft Build 2026 - Your pipelines automate the predictable. But what about triaging issues, reviewing PRs, responding to incidents, and coordinating across tools? See what's new in GitHub Actions and how it's becoming the execution layer for AI agents across your dev lifecycle. We'll cover agent-triggered workflows, MCP server integration, and automated handoffs that keep humans in the loop — plus how to finally break the 'commit - see CI fail - commit again' loop.
📅 & 📺 GitHub Agentic Workflows: Automation That Actually Reads the Room - Microsoft Build 2026 - GitHub Agentic Workflows let your repo improve itself. With a simple markdown file and one command, GitHub Actions launches an AI agent to triage issues, fix CI failures, update docs, and improve tests, with no complex YAML required. See a live demo from minimal workflow file to a safe, sandboxed pipeline that delivers a ready‑to‑review PR. Your repo on autopilot, with you in control.
📢 & 📺 Improving token efficiency in GitHub Agentic Workflows - As agentic workflows automatically trigger on every pull request, token costs can silently compound into significant API spend; this post reveals how GitHub's own team discovered that unused MCP tool registrations were the most common culprit, adding 10–15 KB of schema overhead to every request. Using two daily AI-powered optimization workflows—an Auditor and an Optimizer—they achieved up to 60% token reduction in some workflows, offering enterprise teams a practical, replicable approach to containing agentic AI costs without sacrificing automation benefits.
🥼 Canary: a harm gate for agentic systems - GitHub Next's Canary introduces a principled trust boundary for agentic workflows by routing untrusted inputs through a constrained "gate" model before they reach a more capable downstream agent—addressing a real attack vector where adversarial text embedded in package diffs, issue comments, or other artifacts can override an agent's instructions. For enterprise teams building or governing agentic automation at scale, Canary offers a composable, policy-driven pattern for failing closed on uncertain inputs without blocking legitimate workflows.
🥼 Understanding Repositories as Human/Agent Knowledge Factories - GitHub Next principal researcher Don Syme argues that maintaining team velocity in an era of AI-generated code requires post-hoc automated cleanup—letting agentic processes continuously repair quality issues rather than front-loading every review with additional human checkpoints. Enterprise engineering leaders designing governance policies for AI-assisted development will find this a practical framing for structuring their human-agent handoff workflows to maximize throughput while preserving code quality.
🥼 The Impact of Automated Repository Maintenance Assistance - A GitHub Next study deploying a proactive AI repository agent across 13 open source projects resulted in 578 issues closed, an 8x median increase in issue closure velocity, and a 10x increase in PR merge velocity—transforming largely dormant repositories into actively maintained ones, with the single most important success factor being how quickly human maintainers chose to act on agent suggestions. Enterprise engineering leaders evaluating AI-assisted project maintenance at scale will find the report's quantitative methodology and identified human-in-the-loop dynamics directly applicable to internal projects suffering from backlog accumulation and slow triage cycles.
🥼 Control what your agentic workflows see with integrity filtering - GitHub Agentic Workflows now include integrity filtering, a configurable trust-hierarchy mechanism that limits what content an agent can view based on the author's relationship to the repository and whether content has been maintainer-vetted—protecting agentic workflows from prompt injection attacks and low-quality external contributions that could misdirect an agent. By setting a single min-integrity field in workflow front matter (from merged down to unapproved), enterprise teams can precisely align risk tolerance with each workflow's purpose, ensuring code review agents only process trusted content while triage agents can still read community input.
🥼 Agentics Beyond Code - This GitHub Next post introduces an open-source collection of 16 ready-to-use GitHub Agentic Workflows designed for the non-engineering roles—product managers, compliance teams, and leadership—that govern and operate software delivery, each scoped to a specific bounded artifact (readiness report, decision log, compliance status) with explicit trust boundaries restricting what the agent can read and write. Enterprise teams looking to extend agentic workflows beyond their engineering organization will find concrete, forkable starting points covering intake triage, weekly status rollups, adversarial PM critique, strategy alignment checks, and compliance posture tracking—all built on the same GitHub Agentic Workflows platform already available in their repos.

IDE Related GitHub Copilot Updates

📺 What's New in VS Code: Remote, Permissions & BYOK (27:12) - Explore the latest VS Code features for remote session management, permissions, and secure AI adoption with bring-your-own-key and bring-your-own-model options. We’ll show how these capabilities help teams manage access, customize their development environment, and confidently adopt new AI-powered workflows. You’ll also get a look at the new agents experience for managing multiple sessions across workspaces, clients, and cloud-connected development environments.
🚢 Auto model selection now routes based on your task in VS Code - Copilot Auto mode in VS Code now dynamically selects the optimal model per task by evaluating reasoning complexity, code generation needs, and tool orchestration requirements in real time—with full transparency via hover-to-see-model, a 10% premium request discount when Auto is active, and admin model policies honored—no setup required beyond selecting Auto in the model picker.
🚢 GitHub Copilot in Visual Studio Code, May releases - Releases v1.120–v1.123 deliver two enterprise cost-management capabilities worth immediate attention: real token usage visibility in the context window for bring-your-own-key models (helping teams forecast AI credit consumption accurately) and configurable reasoning effort directly from the model picker (letting developers trade quality, latency, and cost per session). The update also ships the Agents window to Stable as a preview, air-gapped BYOK support, and remote agent sessions over SSH or Dev Tunnels.
🚢 GitHub Copilot in Visual Studio – May update - Visual Studio 2026's May update introduces three agentic productivity improvements: the Plan agent (read-only codebase exploration that drafts detailed implementation plans as markdown files before any code is written), a Skills panel that surfaces all workspace and user-profile agent skills in one browsable view, and a multi-file summary diff that lets developers accept, undo, or navigate changes at the all-files, per-file, or per-chunk level after Copilot edits multiple files.
🚢 GitHub Copilot in Visual Studio Code: April releases - Covering VS Code releases v1.116 through v1.119, this update adds enterprise-relevant capabilities including bring-your-own-model-key support for Copilot Business and Enterprise, new admin group policies to control which domains agents can reach, and smarter prompt caching with deferred tool loading that reduces token consumption without changing agent behavior.
📺 Boost Productivity with Copilot in Visual Studio (25:09) - Explore Visual Studio 2026 and the advanced enterprise features designed to help C# and C++ developers build, debug, and modernize applications with confidence. This session will dive into powerful profiling and diagnostics tools, enhanced debugging workflows, and practical ways to identify performance bottlenecks across complex codebases. We’ll also look at how Visual Studio supports app modernization efforts, from improving legacy applications to preparing projects for modern cloud-connected and AI-assisted development. Whether you’re maintaining mission-critical enterprise software or evolving existing apps for the future, you’ll see how Visual Studio 2026 helps teams ship better code faster.
🚢 Introducing Copilot CLI agent and unified sessions view in GitHub Copilot for JetBrains IDEs - JetBrains IDE users can now delegate long-running tasks to a locally running Copilot CLI agent (public preview) with worktree or workspace isolation, track all agent sessions from a unified view showing live status and elapsed time, and benefit from native GHES sign-in support; Copilot Business and Enterprise admins must enable the Editor preview features policy before users can access the CLI agent.
🚢 Introducing Copilot CLI and agentic capabilities enhancements in JetBrains IDEs - JetBrains IDE users now get Copilot CLI sessions with an agent picker (Agent/Ask/Plan modes and custom agents), new slash commands (/remote, /compact, /chronicle), a public preview Agent Debug Log panel for troubleshooting custom and sub-agent workflows, and cloud agent sessions visible in the unified sessions view—Copilot Business and Enterprise admins must enable the Editor preview features policy before users can access these capabilities.
🚢 GitHub Copilot for Eclipse is open source - Enterprise Eclipse users can now inspect exactly how GitHub Copilot integrates with the IDE—including chat, code completions, Next Edit Suggestions, agent mode, BYOK, and MCP integration—by browsing the MIT-licensed plugin repository on GitHub, enabling greater transparency and inviting community contributions to AI-powered Eclipse development workflows.
🚢 GitHub Copilot in Eclipse: BYOK, skills, and chat updates - Enterprise Eclipse users can now bring their own model keys (BYOK for Copilot Business and Enterprise), define reusable skills and prompt files under .github/skills/ and .github/prompts/, and monitor context window consumption via a new token usage indicator—alongside improved ABAP support and selectable thinking effort for supported reasoning models.

GitHub Copilot - New Models

🚢 MAI-Code-1-Flash is now available for GitHub Copilot - Microsoft's first purpose-built coding model for Copilot is rolling out gradually in VS Code for Free, Pro, Pro+, and Max plans—designed specifically for GitHub Copilot and delivering best-in-class quality at the small-tier size, with more purpose-built models from Microsoft to follow.
🚢 Auto model selection now routes based on your task in VS Code - Copilot Auto mode in VS Code now dynamically selects the optimal model per task by evaluating reasoning complexity, code generation needs, and tool orchestration requirements in real time—with full transparency via hover-to-see-model, a 10% premium request discount when Auto is active, and admin model policies honored—no setup required beyond selecting Auto in the model picker.
📺 How Copilot auto mode selects the best AI model | GitHub Checkout (11:55) - We explore the new auto mode for GitHub Copilot. Instead of manually testing different models, auto mode intelligently routes your prompt to the best available model based on reasoning needs and real-time capacity. We walk through a demo in the CLI and VS Code to show how it saves time and optimizes performance. Let us know what you think of this feature in the comments!
🚢 Copilot cloud agent supports auto model selection - Selecting Auto in the Copilot cloud agent model picker applies a 10% credit discount and eliminates weekly rate limit exposure by dynamically routing tasks to the best-performing available model—making it the recommended default for teams managing AI usage costs under usage-based billing.
🚢 Copilot cloud agent: fast, cost-efficient models for simple tasks - Claude Haiku 4.5 and GPT-5.4-mini are now available as 0.33x multiplier model options for Copilot cloud agent tasks, giving teams a cost-effective choice for straightforward code changes under usage-based billing while preserving higher-capability models for complex work.
🚢 Claude Opus 4.8 is generally available for GitHub Copilot - Available to Copilot Pro+, Business, and Enterprise subscribers across VS Code, JetBrains, the Copilot app, cloud agent, and more, Claude Opus 4.8 delivers a step forward in code understanding and large-codebase navigation—launching with a 15× premium request multiplier until usage-based billing takes effect.
🚢 GPT-5.3-Codex is now the base model for Copilot Business and Enterprise - GPT-5.3-Codex is now the default base model for all Copilot Business and Copilot Enterprise organizations, replacing GPT-4.1—and as GitHub's first long-term support (LTS) model guaranteed available for 12 months (through February 4, 2027), it gives enterprise security and compliance teams the stability needed to complete internal AI safety reviews without disruptive model churn. GPT-4.1 remains force-enabled at 0x cost until it deprecates alongside usage-based billing on June 1, 2026.
🚢 Gemini 3.5 Flash is generally available for GitHub Copilot - Copilot Business and Enterprise administrators must enable the Gemini 3.5 Flash policy in settings before users can access Google's latest Flash-tier model—delivering near-Pro coding quality at Flash speed with strong tool use and high cache efficiency optimized for fast, iterative agentic workflows; note that the current 14x premium request multiplier is tentative and subject to change.
🚢 Updates to available models in Copilot on web - Gemini models and several others (GPT-5.2 Codex, GPT-5.4 nano) have been removed from Copilot Chat on github.com to improve response reliability and consistency—enterprise teams with policies, workflows, or user training tied to specific web-chat models should review the current model picker or the documented supported models list to confirm which models remain available.
🚢 Gemini models in Copilot CLI, cloud agent, and the Copilot app - Gemini 3.1 Pro (Preview) and Gemini 3.5 Flash are now available in Copilot CLI, cloud agent, the Copilot app, and the Copilot SDK—Copilot Business and Enterprise administrators must opt in by enabling the relevant Gemini model policy in Copilot settings before users can access either model across these surfaces.

Additional GitHub Copilot Updates

📚 What are AI coding tools? - This comprehensive guide explains how AI coding assistants use LLMs and NLP to generate, review, and optimize code—covering how they work, how developers across skill levels use them in practice, and the real questions around accuracy, security, and ethics that enterprise teams must address. As organizations onboard developers to AI-augmented workflows, this is a clear, authoritative foundation for internal training programs and a useful reference for stakeholders evaluating the ROI of AI coding tools at scale.
🚢 Semantic issue search in Copilot Chat - Copilot Chat on the web can now search GitHub Issues using natural language intent rather than exact-match keywords, surfacing semantically related results for faster planning, triaging, and discovery—available on all Copilot plans with no additional configuration needed.
🚢 Copilot Spaces API now generally available - Enterprises managing multiple Copilot Spaces can now create, read, update, delete, and configure collaborators and resources programmatically—eliminating manual UI workflows and making it practical to govern context at scale across large engineering organizations.
🚢 GitHub Changelog - Copilot - Skim through all of the recent Copilot changes.

Security

Application security with GitHub, ensuring the code that lives in GitHub and the dependencies that go into the solutions you build are secure and do not contain any secrets.

📚 Bolster security for AI-driven development | GitHub Ebook - AI-driven development is dramatically increasing code output—but also expanding your organization’s security risk faster than traditional approaches can handle. This guide shows how leading teams close the gap between vulnerabilities found and fixed by embedding security earlier, leveraging tools like GitHub Advanced Security, and scaling “secure by design” practices without slowing delivery. If you’re responsible for developer productivity or platform security, this is a practical blueprint for reducing security debt while keeping pace with modern, AI-accelerated software delivery.
📄 Protecting against security threats - This guidance distills the highest‑impact actions you can take to proactively reduce enterprise risk on GitHub—before vulnerabilities turn into incidents that disrupt delivery or compromise your supply chain. It shows how to operationalize security at scale across identity, code, dependencies, and workflows so your teams can ship faster without increasing exposure. If you’re responsible for platform engineering, DevSecOps, or developer productivity, this is the playbook for turning security from reactive overhead into a consistent, automated advantage.

Code Security

📄 Using incremental analysis with the CodeQL CLI - Gain up to 10x faster security scanning in your CI/CD pipelines by analyzing only what actually changed in a pull request, instead of repeatedly scanning entire codebases. Incremental analysis helps you deliver faster feedback to developers while maintaining high-quality security insights, making it practical to scale CodeQL across large engineering organizations. If you’re optimizing developer productivity and pipeline efficiency, this approach can significantly reduce compute costs and cycle time without sacrificing meaningful results.
📄 Security configuration statuses - If you’re responsible for scaling security across hundreds or thousands of repositories, understanding configuration statuses is essential to knowing whether your policies are actually being applied, enforced, or silently drifting. This page gives you a precise operational model for detecting gaps, conflicts, and failures—so you can quickly identify where governance breaks down and take corrective action. It equips you to move from assumed compliance to verifiable, auditable security posture across your organization.
🚢 Code-to-cloud risk visibility with Microsoft Defender for Cloud is now generally available - By correlating container images deployed in your cloud environments back to their source GitHub repositories, this generally available integration lets security and development teams share a single source of truth for runtime risk—enabling GitHub Advanced Security alert lists and security campaigns to filter by deployment status and runtime exposure (e.g., runtime-risk:internet-exposed, runtime-risk:sensitive-data) to prioritize remediation of the vulnerabilities that are actually running in production.
🚢 CodeQL 2.25.6 adds Swift 6.3.2 support and improves C# coverage - Enterprise security teams get broader language coverage and improved detection accuracy: Swift 6.3.2 support, complete C# 14 and .NET 10 coverage (including data flow models for the .NET 10 runtime), Apache Avro source/sink models for Java/Kotlin, and scanf_s flow sources for C/C++. GitHub Actions analysis sees three query improvements—untrusted-checkout alerts now surface at the checkout point, SHA-256 hashes are recognized as properly pinned references to reduce false positives, and more Bash regex patterns are understood as safe value validators. Sensitive data heuristics for JavaScript/TypeScript, Python, Swift, and Rust are also improved, helping queries like js/clear-text-logging and swift/cleartext-logging find more real issues with fewer false positives.
🚢 CodeQL 2.25.5 improves query accuracy for GitHub Actions - CodeQL 2.25.5 reduces false positives in C/C++ and Java/Kotlin scans while extending GitHub Actions analysis to composite action files—helping security teams invest remediation effort in real vulnerabilities rather than noise.
🚢 CodeQL 2.25.4 adds Swift 6.3.1 support, improvements to C# and Java, and more - Enterprise security teams relying on CodeQL for code scanning get expanded coverage: Swift 6.3.1 support, improved ASP.NET taint analysis and C# 14 compound assignment handling, Vercel serverless function vulnerability detection for JavaScript/TypeScript, and cross-language data flow barrier extensions that let organizations suppress false positives in custom configurations without modifying the underlying queries directly.
🚢 CodeQL 2.25.3 adds Swift 6.3 support - Enterprise security teams get expanded coverage and improved detection accuracy: new Swift 6.3 support, five C/C++ queries promoted to the default code scanning suite, enhanced Woodstox StAX sink detection for Java XXE queries, and false-positive reductions across C#, Python, and GitHub Actions analyzers—with the update automatically deployed to github.com and included in the GHES 3.22 release.

Secret Protection

📄 Secure your secrets at scale with GitHub - Leaked credentials expose your organization to data breaches. GitHub Secret Protection detects and prevents secret leaks automatically. Use our structured, data-driven approach to quickly quantify your organization’s secret exposure, build a compelling business case, and validate security investments before scaling. It shows how to reduce breach risk by embedding automated detection and prevention directly into developer workflows—without slowing delivery. By following these five phases, you can prove measurable ROI, improve remediation speed, and operationalize secrets security across the enterprise.
🚢 Secret scanning with GitHub MCP server is now generally available - MCP-compatible AI coding environments like Copilot CLI and VS Code can now scan for exposed credentials before they reach the repository, with scans honoring your existing push protection customization for consistent detection and bypass behavior—available for repositories with GitHub Secret Protection enabled. - If your organization isn’t systematically detecting and preventing exposed credentials, you’re likely carrying unseen breach risk and avoidable remediation cost. This guide shows a proven, phased adoption path—from quantifying real secret exposure to piloting and scaling automated protection—so you can build a defensible business case, validate impact with metrics, and roll out controls that reduce risk without slowing developers.
🚢 Filter secret scanning approval requests by sort order and bypass status - Organizations managing high volumes of secret scanning push protection bypass and alert dismissal requests can now sort those lists (by newest, oldest, recently updated, or least recently updated) directly in the UI, while a new is_bypassed REST API parameter closes the gap between UI filtering capabilities and programmatic access—available at the repo, org, and enterprise level.

Supply Chain Security

🚢 Staged publishing and new install-time controls for npm - Staged publishing is now generally available in npm 11.15.0, requiring a human maintainer with 2FA to explicitly approve any package before it becomes installable—adding a critical human-in-the-loop gate to CI/CD pipelines that prevents unauthorized or tampered package releases, including those originating from non-interactive OIDC-based workflows.
🚢 Dependency scanning with GitHub MCP server is in public preview - Teams using MCP-compatible AI coding agents can now prompt a dependency vulnerability scan against the GitHub Advisory Database before committing, receiving structured results with affected packages, severity, and recommended fixed versions—available in public preview for repositories with Dependabot alerts enabled.
🚢 Cross-org Dependabot access for internal repositories - Enterprise administrators can now enable Dependabot across all internal repositories from a single Advanced Security Policies setting, removing the previous limitation that blocked automatic dependency updates for internal packages hosted in a different organization than the consuming project—a common gap in large multi-org enterprises that will come to GHES 3.22.
🚢 Expanded OIDC support for Dependabot and code scanning - Organization administrators can now configure OIDC-based authentication for Cloudsmith and Google Artifact Registry in addition to the previously supported AWS CodeArtifact, Azure DevOps Artifacts, and JFrog Artifactory—enabling short-lived, dynamically obtained credentials for all five registries so Dependabot and code scanning can access private dependencies without storing long-lived secrets.

Additional Security Updates

📢 Investigating unauthorized access to GitHub's internal repositories - GitHub's CISO confirmed that a poisoned third-party VS Code extension compromised an employee device on May 18, 2026, resulting in exfiltration of an estimated ~3,800 GitHub-internal repositories—with no evidence of customer enterprise, organization, or repository data being affected, though some internal repos may contain excerpts of support interactions. Enterprise security teams should use this as a prompt to review VS Code extension policies and software supply chain controls; GitHub has rotated critical credentials and will publish a full post-mortem once the investigation is complete.
📢 Investigation update: GitHub Enterprise Server signing key rotation - GitHub has confirmed a real-world supply chain attack that led to unauthorized access of internal repositories—triggering immediate security actions including signing key rotation that requires urgent action from GitHub Enterprise Server admins. If you run GHES, failing to rotate keys will block future updates and leave you exposed to evolving threats, making this both a security and operational continuity concern. This post details exactly what happened, what GitHub has (and hasn’t) confirmed about customer impact, and why security response speed, verification practices, and update hygiene matter more than ever in an AI-amplified threat landscape.
📢 Raising the bar: Quality, shared responsibility, and the future of GitHub's bug bounty program - GitHub is tightening bug bounty standards in response to a surge in low-quality, AI-generated reports that lack working proof of concept or demonstrated security impact—a shift that signals how AI tooling is changing the economics of vulnerability research and raising the bar for all security teams managing external programs. The post also introduces an in-platform reward option for low-severity findings and clarifies how GitHub uses AI in its own security programs, giving enterprise security leaders a useful benchmark for where the responsible disclosure landscape is heading.
🚢 GitHub Changelog - Security - Skim through all of the recent security related changes.

GitHub Code Quality

GitHub Code Quality is now available in public preview! It turns every pull request into an opportunity to improve. With in-context findings, one-click Copilot fixes, and reliability and maintainability scores, you spend less time chasing nits and more time building. Check out the documentation to learn more.

🚢 Code coverage on pull requests is now in public preview - Pull requests now display an aggregate code coverage percentage directly in the review experience, giving reviewers an instant signal on test completeness without leaving GitHub or switching to a separate coverage tool. Teams can upload Cobertura reports from existing CI workflows using the upload-code-coverage action, and the feature is free during the preview period for GitHub Enterprise Cloud and Team.
🚢 GitHub Code Quality: Repository Enablement API - Two new REST API endpoints let you programmatically enable, configure, and query GitHub Code Quality on individual repositories—supporting C#, Go, Java/Kotlin, JavaScript/TypeScript, Python, and Ruby—making it practical to automate Code Quality onboarding across large repository portfolios without manual UI configuration for each one.

CI/CD

Continuous Integration & Continuous Deployment with GitHub Actions. If you are involved in managing and authoring GitHub Actions workflows you'll want to dive into these updates to see how were are addressing enterprise needs in the areas of scalability, debugging, security and bringing AI to GitHub Actions with Agentic Workflows and the GitHub Copilot CLI.

🚢 One-click fixes for failing Actions with Copilot cloud agent - Copilot Business and Enterprise subscribers can now click Fix with Copilot directly on a failed Actions workflow run log to hand off investigation and remediation to Copilot cloud agent—which pushes a fix to the branch and tags the developer for review—freeing teams from manually debugging routine CI failures; organization admins must enable Copilot cloud agent in settings before users can access this feature.
🚢 GitHub Actions concurrency groups now allow larger queues - By adding queue: max to a concurrency group's YAML block, teams can now queue up to 100 pending workflow runs instead of the previous limit of one—enabling fully ordered, sequential execution of deployment or environment-sensitive jobs without losing run history to automatic cancellation.
📚 What is CI/CD? - CI/CD is the backbone of modern software delivery—automating builds, testing, and deployments so teams can ship faster, with higher quality and less risk. It’s not just a technical practice; it’s a proven driver of business performance, enabling dramatically higher deployment frequency and faster lead times while improving reliability. For any enterprise team scaling developer productivity, mastering CI/CD is essential to unlocking speed, resilience, and continuous innovation.
📚 What is a DevOps pipeline? A complete guide - A well-designed DevOps pipeline is the fastest path from idea to production—combining automation, CI/CD, and continuous testing to help teams deliver high‑quality software at speed while reducing risk and manual effort. But beyond tooling, it’s the foundation for scaling developer productivity and collaboration across the SDLC—enabling continuous improvement, faster feedback loops, and more reliable releases. If you’re leading or building modern software systems, understanding how pipelines work is critical to unlocking both velocity and quality at enterprise scale.
🚢 GitHub Actions: Upcoming image migrations - Enterprise CI/CD teams need to act before June 8: windows-latest and windows-2025 runners will automatically migrate to Visual Studio 2026 over one week starting June 8, and macos-latest will start migrating to macOS 26 on June 15 over 30 days—review your workflow runs-on: targets now and test against windows-2025-vs2026 if you need to validate compatibility before the cutover.
🚢 GitHub Changelog - Actions - Skim through all of the recent security related changes.

Engineering

An inside look at how we’re building the home for all developers. Resources based on our internal experiences.

📢 Building GitHub's next chapter in accessibility - GitHub's five-year internal accessibility program has shifted to an outward-facing strategy, and the results illustrate what it looks like to embed accessibility as an engineering fundamental at scale: a redesigned pull request files-changed page optimized for screen readers and keyboard navigation (now default for all users since January 2026), enhanced contrast controls for logged-out visitors, and Copilot CLI shipping with accessibility built in from day one. Enterprise teams building developer tooling or planning their own accessibility programs will find a practical playbook here, including GitHub's approach to engineering scorecard accountability, design system foundations, and contributing to an open source accessibility best practices guide.
📢 Building a general-purpose accessibility agent—and what we learned in the process - GitHub's internal accessibility agent has reviewed over 3,500 pull requests at a 68% resolution rate—automatically catching and remediating WCAG violations in front-end code before they reach production—demonstrating that AI agents can enforce compliance standards at engineering scale without blocking developer velocity. The post is a candid retrospective on architecture, mindset, and lessons learned that teams building their own compliance-focused or quality-gate agents will find directly transferable.
📢 From latency to instant: Modernizing GitHub Issues navigation performance - GitHub's Issues team moved the majority of navigations from over 1 second to under 200ms by replacing server-round-trips with a client-side IndexedDB cache, a preheating strategy, and a service worker for hard navigations—without a full rewrite of the application. The architectural patterns described—background revalidation, cache preheating keyed on user behavior, and service worker request interception—are directly applicable to any enterprise team building or modernizing data-intensive web apps where perceived performance is a product quality concern.

Legend

This legend represents the icons used above and links each icon to its corresponding resource page. These are the primary sources we review each month when compiling the Monthly Enterprise Roundup. Note that not every resource will appear in every edition.

📅 Events 
📢 GitHub Blog
📺 GitHub on YouTube 
🚢 The GitHub Changelog 
🛡️ GitHub Copilot Trust Center
📚 GitHub Resources 
📄 GitHub Docs
📐 GitHub Well-Architected
🗣️ GitHub public feedback & discussions
🙋‍♂️ Training, e.g. GitHub Skills, GitHub Copilot for Beginners
💡 Executive Insights
🥼 GitHub Next
🌐 Third Party Web Site, e.g. LinkedIn

That’s it for the June '26 edition of the MER. Follow GitHub Enterprise on LinkedIn to see when the next round of key updates become available. We want to hear from you! Did you find this curated list of updates from GitHub helpful? Do you have suggestions on how we can provide the information that is going to be the most useful and timely for your role? Provide your feedback in the GitHub Community: June ‘26 enterprise roundup.

Author

Dave BurnisonSenior Developer Advocate

Provide feedback

Saved searches

Use saved searches to filter your results more quickly