GitHub used X to point developers to a roadmap that hardens Actions across dependency locking, policy-based execution, and runner network controls. The plan includes workflow-level dependency locks, ruleset-based execution protections, and a native egress firewall for GitHub-hosted runners.
GitHub Changelog's March 19, 2026 X post announced that GPT-5.3-Codex is the first long-term support model for Copilot Business and Copilot Enterprise. GitHub says the model launched on February 5, 2026, stays available through February 4, 2027, and becomes the new base model by May 17, 2026.
GitHub Changelog said on April 3, 2026 that GPT-5.1 Codex, GPT-5.1-Codex-Max, and GPT-5.1-Codex-Mini were deprecated across all Copilot surfaces as of April 1. GitHub tells organizations to move workflows and model policies to supported models, with GPT-5.3-Codex named as the replacement.
GitHub Changelog's April 7, 2026 X post said Copilot CLI can now connect to Azure OpenAI, Anthropic, and other OpenAI-compatible endpoints, or run fully local models instead of GitHub-hosted routing. GitHub's changelog adds that offline mode disables telemetry, unauthenticated use is possible with provider credentials alone, and built-in sub-agents inherit the chosen provider.
GitHub’s April 6, 2026 X post said Copilot cloud agent is no longer confined to pull-request workflows. GitHub’s changelog says the agent can now work on a branch before a PR exists, generate implementation plans, and conduct deeper repository research.
GitHub’s April 5 X post pointed developers to Squad, an open-source project built on GitHub Copilot that initializes a preconfigured AI team inside a repository. GitHub says the model works by routing work through a thin coordinator, storing shared decisions in versioned repo files, and letting specialist agents operate in parallel with separate context windows.
In an April 4 X post, GitHub put fresh attention on Agentic Workflows, a technical-preview system that lets teams describe repository chores in Markdown and run them in GitHub Actions with coding agents. The underlying documentation says workflows default to read-only access and rely on reviewable safe outputs for write actions such as opening pull requests or posting issue comments.
GitHub said on April 3, 2026 that developers can now build with the GitHub Copilot SDK in public preview. GitHub’s changelog says the SDK exposes the same agent runtime behind Copilot cloud agent and Copilot CLI, with support for custom tools, streaming, permissions, and BYOK across five languages.
GitHub said on April 1, 2026 that Agentic Workflows are built around isolation, constrained outputs, and comprehensive logging. The linked GitHub blog describes dedicated containers, firewalled egress, buffered safe outputs, and trust-boundary logging designed to let teams run coding agents more safely in GitHub Actions.
GitHub said in a March 31, 2026 X post that programmable execution is becoming the interface for AI applications, linking to its March 10 Copilot SDK blog post. GitHub says the SDK exposes production-tested planning and execution, supports MCP-grounded context, and lets teams embed agentic workflows directly inside products.
A Hacker News thread turned Zach Manson's Copilot incident into a broader argument about whether coding assistants should be allowed to insert vendor messaging into PR text and other repo metadata.
OpenAIDevs pointed developers to Codex Security on March 29, 2026, positioning it as a way to find, validate, and remediate likely vulnerabilities in connected GitHub repositories. OpenAI's docs say the system scans commit by commit, uses repo-specific threat models, validates high-signal findings in an isolated environment, and can move reviewed findings toward GitHub pull requests.