GitHub Copilot Coding Agent: Key Updates and What They Mean for Developers

You file an issue before lunch. By the time you return to your desk, a pull request is already waiting for review.

That's the core promise of GitHub Copilot coding agent. Operating asynchronously in the background, it tackles delegated work — squashing bugs, authoring tests, retiring technical debt — and surfaces a pull request when the job is complete. While you're iterating in your editor with inline Copilot assistance, the coding agent is executing the tasks you've handed off, effectively parallelizing your development workflow.

Several meaningful updates have landed recently that sharpen that delegation loop. Here's what shipped and how to put it to work.

Visual learner? Watch the video above! ☝️

Choose the right model for each task

The Agents panel now surfaces a model picker, giving developers direct control over which underlying model handles a given task.

Previously, every background job ran against a single default model. There was no mechanism to allocate a more capable model to complex work, or to prioritize throughput on routine tasks where raw reasoning power isn't the bottleneck.

That constraint is gone. Route straightforward work — adding unit tests, fixing a typo-level bug — to a faster, leaner model. Escalate to a more capable one when you're dealing with a gnarly refactor or integration tests that need to reason through real edge cases. If you'd rather not manage that decision, the auto setting lets GitHub handle the routing for you.

To get started:

• Open the Agents panel (top-right in GitHub), select your repo, and pick a model.
• Write a clear prompt and kick off the task.
• Leave the model on auto if you'd rather let GitHub choose.

Model selection is available for Copilot Pro and Pro+ users now, with support for Business and Enterprise coming soon.

Learn more about model selection with Copilot coding agent. 👉

Pull requests that arrive in better shape

The friction in reviewing agent-generated output has historically been the cleanup pass. You open the diff and find code that technically satisfies the requirement but reads like no human on your team would have written it — functional, but rough around the edges.

Copilot coding agent now runs Copilot code review against its own changes before opening the pull request. It processes that feedback, iterates on the patch, and only then requests your review. By the time you're tagged, the diff has already been through a quality pass.

In one documented session, the agent identified that its own string concatenation logic was unnecessarily convoluted and refactored it before the pull request landed. That kind of catch used to fall on the reviewer.

To get started:

• Assign an issue to Copilot or create a task from the Agents panel.
• Click into the task to view the logs.
• See the moments where the agent ran Copilot code review and applied feedback.

Review the pull request when prompted. Copilot requests your review only after it has iterated.

Learn more about Copilot code review + Copilot coding agent. 👉

Security checks that run while the agent works

AI-generated code carries the same security surface area as human-written code — vulnerable patterns, inadvertently committed secrets, dependencies carrying known CVEs. The difference is velocity. An agent can introduce those issues at a pace that makes catching them in review genuinely difficult.

Copilot coding agent now runs code scanning, secret scanning, and dependency vulnerability checks natively within its execution workflow. If a dependency carries a known vulnerability, or a string pattern resembles a committed API key, it gets flagged before the pull request is opened — not after it's already in your review queue.

Code scanning is ordinarily gated behind GitHub Advanced Security. With Copilot coding agent, that capability is included at no additional cost.

To get started:

• Run any task through the Agents panel.
• Check the session logs as it runs. You'll see scanning entries as the agent works.
• Review the pull request. It's already been through the security filter.

Learn more about security scanning in Copilot coding agent. 👉

Custom agents that follow your team's process

A minimal prompt leaves significant room for interpretation — and that interpretation doesn't always align with how your team actually operates. Conventions around testing, benchmarking, documentation, and code style tend to live in institutional knowledge rather than in any single prompt.

Custom agents give you a way to encode that knowledge. Drop a configuration file under .github/agents/ and define a structured workflow for a specific class of work. A performance optimization agent, for instance, can be wired to run benchmarks first, apply the targeted change, then measure the delta before opening a pull request — ensuring every optimization is grounded in data rather than intuition.

In a recent GitHub Checkout demo, that workflow played out precisely as designed. The agent benchmarked a lookup function, applied a targeted fix, and returned a measured improvement on that specific operation. Narrow scope, real data, no ambiguity.

Custom agents can also be shared across an organization or enterprise, ensuring consistent process wherever teams are running the coding agent.

To get started:

• Create an agent file under .github/agents/ in your repo.
• Open the Agents panel and start a new task.
• Select your custom agent from the options.
• Write a prompt scoped to what that agent does.

Learn more about creating custom agents. 👉

Move between cloud and local without losing context

Development rarely stays in one environment. You might initiate a task in the cloud and want to take it across the finish line locally. Or you're deep in a terminal session and want to delegate a subtask without breaking your flow. Until now, crossing that boundary meant reconstructing context from scratch.

That handoff is now seamless. Pull a cloud session into your local terminal and you get the branch, the full execution logs, and the complete task context. Or press & in the CLI to push work back to the cloud and continue on your end — no context loss in either direction.

To get started:

• Start a task with Copilot coding agent and wait for the session to appear.
• Click "Continue in Copilot CLI" and copy the command.
• Paste it in your terminal to load the session locally with branch, logs, and context intact.
• Press the ampersand symbol (&) in the CLI to delegate work back to the cloud and keep going locally.

Learn more about Copilot coding agent + CLI handoff. 👉

What this adds up to

Copilot coding agent has matured considerably. Model selection, self-review, integrated security scanning, custom agent workflows, seamless CLI handoff — and that's just the recent release cadence. The team is actively developing private mode, pre-coding planning capabilities, and non-PR use cases like issue summarization and report generation. The roadmap is substantial. Stay tuned.

Share feedback on what ships next in GitHub Community discussions.