How GitHub's agentic security principles make our AI agents as secure as possible

Efforts have been made to develop AI agents that balance usability and security, focusing on human oversight to prevent risks associated with highly autonomous systems. The key concerns include data exfiltration, impersonation, and prompt injection, which could lead to security incidents if not properly managed. To mitigate these risks, principles such as ensuring visible context, implementing firewalls, restricting access to sensitive information, preventing irreversible changes without human intervention, and attributing actions accurately to both users and agents are emphasized. These guidelines are applied to the GitHub Copilot coding agent, ensuring that it operates securely within user-defined parameters, prompting human approval for significant actions, and gathering context only from authorized users. These strategies aim to make the agents both intuitive and secure, allowing users to confidently utilize GitHub Copilot's functionalities.