GitHub now allows Dependabot alerts to be assigned to AI coding agents (Copilot, Claude, Codex) for automated remediation. When a dependency vulnerability requires more than a simple version bump—such as fixing breaking API changes, handling package downgrades, or creating complex pull requests—users can select 'Assign to Agent' on the alert detail page. The agent analyzes the vulnerability, opens a draft pull request with a proposed fix, and attempts to resolve test failures. Multiple agents can be assigned to the same alert, each producing independent PRs for comparison. The feature requires GitHub Code Security and a Copilot plan with coding agent access. GitHub emphasizes that AI-generated fixes should always be reviewed before merging.
Table of contents
How it worksTackle complex dependency updates with coding agentsAlways review agent outputWho can use this feature?Try it nowSort: