It is an understatement to say agents have become a popular way of working with code. GitHub has adopted agent-based code creation and editing for many of its initiatives, including piloting an agent to help with our commitment to accessibility. GitHub is currently piloting an experimental general-purpose accessibility agent to achieve two main goals: Providing engineers with reliable, just-in-time answers to accessibility questions in the GitHub Copilot CLI and the Copilot VS Code integration.…

The best GitHub Copilot workflows don’t happen one–thing–at–a time. You might have an agent refactoring a module in VS Code, another debugging tests in the CLI, and a third scaffolding a new feature in the background. Managing all of that used to only be possible from your desk. The moment you stepped away from your laptop, you lost visibility into every session you had running. Now, developers can take their GitHub Copilot agent anywhere, with remote control for GitHub Copilot CLI sessions, no…

May 26, 2026: GitHub recently detected a cyber-attack and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. It’s important to note that this investigation is still ongoing, and we will continue to provide details as appropriate. Given the reality of threat actors and the advent of AI technologies, we need to do all we can to protect our customers. Considering the repositories that have been attac…

Five years ago, we stood up GitHub’s accessibility program. What began as a small team addressing accessibility debt has grown into a company-wide discipline, woven into our engineering fundamentals, our design system, our AI tools, and our culture. The five-year milestone prompted us to step back and ask a fundamental question: where do we go from here? The answer is our strategy for accessibility, which we published earlier this year. The strategy marks a pivotal moment for our program. For t…

Pick any game engine, and you are maybe a third of the way to having the tools you need to ship a game. But there are also elements that live outside the engine: the asset pipelines your artists depend on, the level editors your designers build in, the audio tools your sound team cleans up with, to name a few. Open source has tools for those workflows and more. Most of these open source projects exist because someone decided their team’s biggest pain point was worth fixing for everyone. The 10 …

Generating code has never been easier. The bottleneck has shifted to shipping software: reviewing it, securing it, governing it, and deploying it. According to Gartner, “By 2028, asynchronous AI coding agent workflows will improve software engineering team productivity by 30% to 50%, surpassing the 0% to 20% gains from AI code assistants in 2025.” We believe realizing those gains requires agentic capabilities across every stage of the SDLC—not just code generation, but the review, security, and…

Welcome back to GitHub for Beginners. We’ve covered a lot this season, so make sure to check out our other episodes. Our most recent one was all about open source, what it is and how to contribute to the community. This time, we’re going to take a look at VS Code, a free popular source code editor provided by Microsoft. It has a fair amount of functionality built in that integrates with GitHub, which is what we’ll be taking a look at today. Using GitHub in VS Code reduces context switching, str…

Sometimes the best ideas come to you while you’re out with friends, floating in the pool, or setting up that beach picnic—lightning hits, and you realize you have the perfect solve for that pesky bug that’s been keeping you up at night. We’ve been there too. That’s what inspired us to create the new ESC collection. It’s not a manifesto to put down tools and chill at the beach (though that sounds nice too), it’s the recognition that occasionally we have to escape the confines of a desk for the p…

While the agentic shift has made development faster, it’s also led to disjointed workflows, more context switching, and too much time spent reviewing agent-generated code. If agents are going to be a durable part of how software gets built, they need a real place in the developer workflow. Yet most developer tools were not designed for directing multiple agents in parallel. Context scatters across windows. You lose track of what’s running. Code lands in pull requests without a clear trail of wh…

If you’ve been following all the AI agent conversations and wondering what’s useful versus what’s just noise, you’re not alone. There are ideas everywhere. What’s challenging is finding the time and a practical path from cool demos to workflows that make your day easier. GitHub Universe bridges that gap. Universe is our flagship event for developers and the teams who support them—builders, maintainers, security practitioners, technical leaders, and partners—coming together for two days of learn…

This is issue 1 of a new series called Coding Agent Horror Stories where we examine critical security failures in the AI coding agent ecosystem and how Docker Sandboxes provide enterprise-grade protection against these threats. AI coding agents are everywhere. According to Anthropic’s 2026 Agentic Coding Trends Report, developers are now using AI in roughly 60% of their work. The report describes a shift from single agents to coordinated teams of agents, with tasks that took hours or days getti…

Gordon understands your environment, proposes fixes, and takes action across your entire Docker workflow. Now generally available. Image 1: Gordon in Docker Desktop Why Gordon Exists  Developers are more productive than ever. AI coding assistants are writing code, merging PRs and cutting review cycles. But the moment something breaks in a container, or a teammate hands you a service and says “ship it,” you’re on your own.  Containers don’t break the way they’re supposed to. Build cache invalida…

Earlier this year I mass-migrated my blog to Astro using Claude Code. 146 posts. 6,024 images. Canonical URLs, JSON-LD markup, sitemap generation, the whole stack. I’d spent hours writing a skills file to teach the agent about my blog’s architecture, how deployment worked, what not to touch. And it worked. Claude Code rewrote components, fixed trailing-slash mismatches across hundreds of pages, added BreadcrumbList structured data to hundreds of routes. Lighthouse scores hit 97 on performance. …

CVE-2026-31431 is a Linux kernel vulnerability that was recently disclosed. This CVE does not compromise Docker infrastructure. That said, Docker Engine’s default profiles prior to v29.4.3 allowed containers to create AF_ALG sockets, which is the syscall surface the exploit uses. You are not exposed if you are running Docker Engine v29.4.3 or later, OR a patched host kernel. If either of those is missing, you have exposure on that host, and you should read the rest of this post. As of writing, …

This is Part 2 of our AI Coding Agent Horror Stories series, an in-depth look at real-world security incidents exposing the vulnerabilities in AI coding agents, and how Docker Sandboxes deliver workspace-scoped isolation that contains the worst failures at the execution layer. In part 1 of this series, we mapped six categories of AI coding agent failures and the architectural reason they keep happening: the agent runs as you, on your filesystem, with your credentials, and nothing sits between t…

If you’re already familiar with sandboxing as an isolation technique, sandbox security is the next layer: the policies, controls, and enforcement mechanisms that make sure those isolation boundaries actually hold under real-world pressure. According to our State of Agentic AI report, 40% of respondents cite security as the top challenge in scaling agentic AI, and 43% point to increased security exposure from orchestration sprawl. As agents execute code, call APIs, and interact with live infrast…

In our State of Agentic AI report, 45% of organizations said they struggle to ensure the tools their agents use are secure and enterprise-ready. That number reflects a broader reality: AI agents are moving into production faster than the security practices around them are maturing. The challenge is not that organizations lack security awareness. It’s that agents behave fundamentally differently from the applications security teams are used to protecting. An agent decides on its own which tools …

Software supply chain attacks have accelerated faster than most security teams anticipated. Sonatype’s 2026 State of the Software Supply Chain report identified more than 454,000 new malicious packages published to open source repositories in 2025, bringing the cumulative total to over 1.2 million since 2019. The blast radius keeps expanding as organizations consume more open source software, ship more container-based workloads, and distribute software through increasingly complex pipelines. So…

When security teams scan their container environments for the first time, they often discover hundreds of known vulnerabilities, and almost none of them trace back to application code. The overwhelming majority come from packages that shipped with the base image: shells, compilers, debug utilities, and libraries the application never calls. In a software supply chain built on containers, the base image is the foundation. If that foundation ships with unnecessary components, every workload built…

AI agents are moving fast. According to our State of Agentic AI report, 60% of organizations already have AI agents in production, yet 40% cite security and compliance as the number-one barrier to scaling them further. And that gap between adoption and oversight is exactly where AI governance lives. As AI takes on higher-stakes decisions and agents begin operating with greater autonomy, the organizations that lack clear guardrails face mounting exposure to regulatory penalties, security vulnera…