GitHub shipped /security-review — a dedicated slash command for GitHub Copilot CLI — on Wednesday, putting AI-driven vulnerability scanning inside the terminal for the first time as an experimental feature in public preview. The command scans a developer's current code changes, returns severity-ranked findings for a focused set of high-impact vulnerability classes, and delivers fix suggestions without requiring the developer to leave the command line. It runs independently of GitHub's existing hosted security tools — GitHub Code Scanning, Dependabot, and secret scanning — and works in air-gapped environments, making it accessible to teams that operate under strict connectivity restrictions.
That combination — terminal-native, pre-commit, infrastructure-independent — marks the most direct attempt yet to push security to the left of the pull request. The broader software industry has spent two decades refining the idea that catching vulnerabilities at the point of writing code is cheaper and faster than catching them after a CI pipeline runs. What /security-review adds is LLM-based inference at the detection step itself, rather than the rule-based pattern matching that has defined static analysis since the late 1990s.
AI Replaces Rules at the Vulnerability Detection Step
Traditional static application security testing (SAST) tools — Semgrep, CodeQL, Snyk Code — work by scanning source code against a library of predefined rules: dataflow graphs, taint traces, and pattern signatures for known vulnerability classes. A rule for SQL injection, for example, identifies points where unsanitized user input reaches a database query. Independent research has documented a precision rate of roughly 35.7% for standalone SAST rule engines — meaning the majority of flagged findings are false positives that developers must manually dismiss.
GitHub's new command replaces that rule engine with LLM inference. When a developer runs /security-review, Copilot CLI gathers the diff of current local code changes, sends that context to GitHub's cloud-hosted Copilot model routing infrastructure, and returns findings scored by severity and confidence. The key architectural choice is what it does not return: low-confidence findings. By filtering output to high-confidence results only, GitHub sidesteps the false-positive noise problem that has long plagued rule-based SAST tools while simultaneously acknowledging a hard constraint of LLM-based scanning — that language models can hallucinate vulnerability reports for code that is actually safe.
Independent research on LLM-SAST hybrid systems has found that combining LLM contextual reasoning with traditional static analysis can reduce false positives by up to 91% compared to standalone SAST tools. GitHub's approach takes a different route: rather than combining both systems, it uses LLM inference alone but restricts output to findings where confidence clears a threshold. The tradeoff is coverage versus noise. Semgrep and Snyk Code, which apply taint analysis and dataflow reachability, can trace vulnerability paths across multiple files and match against CVE databases — capabilities the /security-review command does not replicate. GitHub positions the command as a lightweight complement, not a replacement, for those tools.
What the Scanner Targets and What It Skips
The scan is tuned for five common, high-impact vulnerability classes: injection flaws including SQL injection, cross-site scripting (XSS), insecure data handling, path traversal, and weak cryptography. These map closely to the OWASP Top 10 — the industry-standard taxonomy of the most critical web application security risks — and represent the categories most likely to appear in the kind of incremental code changes a developer would scan before committing.
The command does not perform CVE database matching, taint analysis, or dependency scanning — those remain the domain of GitHub Code Scanning (which uses CodeQL), Dependabot (which tracks known dependency vulnerabilities), and Snyk Code (which applies interfile taint tracing). /security-review is scoped to what the LLM can reason about in the diff itself: code patterns, data-handling choices, and cryptographic implementations visible in the current changes.
Air-Gapped Support and the BYOK Architecture Behind It
By default, running /security-review sends code context to GitHub's cloud-hosted model gateway — a design consistent with how all Copilot inference works. The BYOK (bring your own key) mode added in April 2026 changes this: developers who set COPILOT_OFFLINE=true and point the CLI at a locally running model disable telemetry entirely, and all inference runs on the developer's own hardware. That architecture is what enables air-gapped operation. A security-sensitive team with no outbound connectivity can run a local model through an OpenAI-compatible API endpoint — tools like Ollama or vLLM — and execute /security-review without any data leaving the machine or the network.
This matters for regulated industries where code may be classified, where connectivity to third-party cloud services is restricted, or where organizational policy prohibits sending source code off-premises. The standard GitHub Copilot cloud workflow — where context is transmitted to hosted infrastructure for inference — does not satisfy those constraints. The local inference path does.
LLM Hallucination Constraint the Design Acknowledges
The decision to surface only high-confidence findings is the most technically significant aspect of the command. Language models trained on large code datasets can recognize patterns associated with vulnerability classes, but they can also produce false reports — flagging safe code as vulnerable when the reasoning chain contains an error. Datadog's engineering team, building a similar LLM-based false-positive filter for SAST, documented exactly this dynamic: static analyzers are intentionally risk-averse and flag anything resembling a potential vulnerability, while an LLM "introduces the ability to reason about context in ways that cannot be done by static analysis tools" — but brings its own inconsistency.
GitHub's design response is architectural: restrict output to findings where the model's confidence score clears a threshold, and position the tool explicitly as a complement to existing scanning infrastructure. GitHub's own documentation for the analogous Copilot secret scanning feature states that generic secret detection may miss instances of credentials checked into a repository and that "the LLM will improve over time." The same caveat applies here — the experimental label on /security-review signals that false-positive and false-negative rates under real-world conditions have not yet been characterized through large-scale production use.
That context sits alongside a broader pattern in Copilot's security history. Researchers documented two critical vulnerabilities in the Copilot Chat feature in 2025 — CamoLeak (CVE-2025-59145, CVSS score 9.6), which allowed silent exfiltration of private source code through a prompt injection technique, and RoguePilot, a passive prompt-injection flaw disclosed by Orca Security in February 2026. Both were patched, but they established that AI-assisted development tooling is itself a valid attack surface — a dimension any security-focused developer evaluating /security-review should weigh.
How to Enable the Command Today
/security-review is available to all GitHub Copilot subscribers. To try it, developers must first enable experimental mode in Copilot CLI, then run /security-review in any project directory to scan current code changes. The command returns findings ranked by severity and confidence alongside actionable fix suggestions, all within the terminal. GitHub is soliciting feedback from developers through the GitHub Community discussion thread.
The shift this represents is incremental but concrete. Security review has historically happened at the pull request stage — a point at which code context has already been assembled, reviewed, and often shared with teammates. Moving that scan to the pre-commit moment, where a developer still has full mental context of the code they just wrote, reduces the cognitive overhead of switching back to a security mindset after the fact. Whether the LLM's high-confidence output proves reliable enough to change developer behavior in practice is the question the public preview is designed to answer.
Frequently Asked Questions
How does GitHub Copilot security scanning work in the new /security-review command?
The command gathers the diff of a developer's current local code changes and sends that context to GitHub's Copilot model — hosted on cloud infrastructure — which returns severity- and confidence-scored vulnerability findings. Unlike traditional static analysis tools that match code against predefined rule libraries, the command uses LLM inference to reason contextually about the code. Only high-confidence findings are returned, reducing false-positive noise at the cost of narrower coverage.
Does GitHub Copilot scan for security vulnerabilities the same way as GitHub Code Scanning?
No. GitHub Code Scanning uses CodeQL, a rule-based static analysis engine that performs taint analysis and dataflow tracking across the full repository. The new /security-review command uses LLM inference scoped to current code changes in the terminal, runs independently of CodeQL, and does not perform CVE database matching or dependency scanning. GitHub describes the two as complementary tools covering different points in the development workflow.
Can GitHub Copilot CLI detect SQL injection and XSS before code is committed?
Yes. The /security-review command specifically targets injection flaws including SQL injection, cross-site scripting, insecure data handling, path traversal, and weak cryptography. It is designed to flag these vulnerability classes at the pre-commit stage, before code reaches a pull request or a CI pipeline. The tool is experimental and GitHub advises using it alongside — not instead of — dedicated security scanning tools.
What is the difference between pre-commit AI security scanning and traditional SAST?
Traditional SAST tools use deterministic rule engines — pattern matching, taint traces, dataflow graphs — to identify known vulnerability signatures. Pre-commit AI security scanning uses LLM inference, which can reason contextually about code behavior, potentially catching logical vulnerabilities that rule-based tools miss. The tradeoff is that LLMs can hallucinate findings; GitHub addresses this by filtering output to high-confidence results only.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission.
