Summary
GitHub added a workflow that lets teams assign Dependabot alerts to coding agents including Copilot, Claude, and Codex so the agent can analyze the vulnerability and open a draft fix PR. This moves agent execution directly into a native application security workflow rather than leaving remediation to ad hoc prompting.
What changed
Dependabot alerts can now be assigned from the alert detail page to a supported coding agent, which then investigates the alert and proposes a draft pull request for remediation.
Why it matters
This brings agent-driven code changes into a high-value security workflow, making vulnerability remediation more operational, reviewable, and closer to default GitHub usage for teams already running Code Security.
Evidence excerpt
GitHub says teams can assign a Dependabot alert to a coding agent, which then analyzes the alert and opens a draft pull request with a proposed fix.