GitHub Ships AI-Powered Security Detections as Hybrid Model Alongside CodeQL
GitHub Blog·high signal
GitHub announced AI-powered security detections that complement CodeQL by surfacing vulnerabilities in areas traditional static analysis cannot reach. The system automatically analyzes PRs and chooses between CodeQL or AI detection per change, creating a hybrid security model. Copilot Autofix integration has already fixed 460,000+ security alerts with 0.66-hour average resolution. Public preview is planned for early Q2 2026.