GitHub Launches Security Campaigns with Copilot Autofix to Tackle Codebase Vulnerabilities

GitHub has officially launched Security Campaigns with Copilot Autofix, now generally available for GitHub Advanced Security and GitHub Code Security customers.

This new feature is designed to help security and development teams quickly tackle security debt across their entire codebase.

Security Campaigns enable automated, large-scale vulnerability remediation—boosting fix rates from 10% to 55%, according to GitHub.

The addition of Copilot Autofix further accelerates this process by providing AI-generated code suggestions and explanations directly in pull requests.

Security managers can define and control campaign scopes, generate and track GitHub issues, and monitor progress—all within the GitHub environment. Campaigns can include up to 1,000 curated code scanning alerts, guided by templates based on common risks such as the MITRE Top 10, streamlining remediation efforts.

Early adopters like Lumen and Alchemy report improved collaboration, faster fixes, and greater security awareness among developers.

GitHub emphasised that security debt remains one of the most overlooked threats, with 90% of risks going unaddressed—something these new campaigns aim to change.