GitHub Enterprise owners and credential managers can now trigger bulk revocation of SSO authorizations and deletion of tokens and SSH keys for all users or a specific user. Individual enterprise members can self-service revoke or delete all their own credentials in a single action from the Settings > Credentials view.
GitHub Copilot Free and Student plans now use auto model selection as the default and only experience, removing manual model choice. The "(Preview)" label is also being retired from Microsoft-released models.
Manage multiple working directories of the same repository with Git worktree support, and resolve merge conflicts with Copilot. Users can now stop an ongoing Copilot commit message request.
Secret scanning now includes extended metadata for detected Replicate API tokens, providing richer context about leaked credentials.
Two new read-only REST endpoints let you retrieve Code Quality CodeQL findings at the repository level: one for individual findings by number, one for listing with filtering and pagination. Available in public preview on github.com only.
Dependabot now reads private GitHub Packages registries using a GITHUB_TOKEN with packages:read scope, reusing existing Manage Actions access grants and removing the need for a personal access token.
The redesigned tabbed interface lets you browse issues, pull requests, and gists inside the terminal without leaving your session. Tool configuration for MCP, skills, plugins, and settings moves to guided in-session commands, and a new theme system with accessibility support ships.
Dependabot no longer supports Python 3.9, which reached end-of-life. Users on Python 3.9 risk not receiving dependency update pull requests and should upgrade to a supported release.
The GitHub Copilot app now supports bring your own key (BYOK), letting you run agent sessions against providers including OpenAI, Azure OpenAI, Anthropic, LM Studio, Ollama, and any OpenAI-compatible endpoint. Add a provider in Settings → Model Providers with your endpoint and API key; keys are stored in the local OS keychain.
Organization and enterprise agents from GitHub are now available in JetBrains IDEs, Claude as agent provider enters public preview, and Copilot CLI sessions support queued and steerable messages. Cloud agent is now generally available, plus model picker enhancements, per-turn AI credits indicator, and multiple UI freeze fixes.
The Copilot usage metrics API now reports an ai_credits_used field per user per day in the user-level reports. The field is available in both single-day and 28-day reports at the enterprise and organization levels.
Opus 4.6 (fast) will be deprecated across all GitHub Copilot experiences on June 29th, 2026. The suggested alternative is Opus 4.8 (fast); Enterprise admins should enable access through model policies.
MAI-Code-1-Flash, Microsoft's small coding model, is now available in Copilot CLI, the GitHub Copilot app, Copilot Chat on GitHub, Visual Studio, GitHub Mobile, JetBrains IDEs, Eclipse, and Xcode. Available across Copilot Free through Max plans, with gradual rollout beginning.
Copilot code review now reads AGENTS.md from the repository root to shape review feedback according to local conventions. The Request button is now directly available in the reviewer picker for draft pull requests, and Copilot review timeline events on the Conversation tab are collapsed to reduce noise.
Issue creation now checks for potential duplicates against existing issues in the repository, showing up to three suggestions inline. The GitHub MCP server can read and write issue fields, letting agents create fully triaged issues with priority, area, and dates set automatically.
Searching pull requests with author:@me or author:[username] now returns both human-authored and Copilot cloud agent-authored PRs, including in default views like the "Created by me" list. The change applies to github.com and GitHub Mobile, with REST and GraphQL API support coming July 16.
Quickly jump between repositories without leaving the current page via a new repository switcher dialog in the global navigation breadcrumb.
Custom images for GitHub-hosted runners can now be built on top of other custom images, enabling layered image workflows. Conditional logic around the snapshot keyword gives more control over when new image versions are generated.
Actions/checkout v7 now refuses to fetch fork PR code in pull_request_target and workflow_run workflows, preventing the most common pwn request pattern. An explicit opt-out is available for workflows that require elevated trust.