EVERYTHING
According to Developer-tech, GitHub has expanded its automation capabilities by launching Agentic Workflows in public preview. This follows a technical preview announced in February, where the company first introduced the concept of using AI agents to handle routine repository maintenance and engineering tasks within the standard Actions framework.
Natural language integration and infrastructure
The new feature allows development teams to define complex automations using natural language Markdown files. GitHub then compiles these instructions into standard YAML configurations, making it easier for non-experts to deploy sophisticated AI behaviors. Because these workflows run as standard Actions, they inherit the runner groups and policy constraints already established by an organization.
A significant technical update in this release is the support for the built-in GITHUB_TOKEN. This change eliminates the manual overhead of creating and managing personal access tokens (PATs) for agentic tasks, simplifying the security architecture for teams adopting the technology. The platform also introduced new hosted runner images, including Ubuntu 26.04 and Windows 11 arm64 with Visual Studio 2026.
Enterprise adoption and use cases
Early adopters have already begun integrating these workflows into their production environments to manage multi-repository engineering tasks. Notable companies using the technology include:
- Carvana, which utilizes Agentic Workflows for changes spanning multiple repositories.
- Marks & Spencer, which has developed reusable workflows for security, quality, and delivery.
- Automated processes for vulnerability remediation and dependency maintenance.
- Routine change reviews and automated issue triage across various projects.
"The challenge was not getting an agent to open a pull request, but trusting the output enough to merge it," — May Walter, CTO at Hud.io, noted regarding the shift toward autonomous development.
Security and threat mitigation
To address concerns regarding automated code execution, GitHub has implemented several layers of security. Agents operate with read-only permissions by default and are confined within sandboxed containers protected by an Agent Workflow Firewall. Furthermore, a dedicated threat detection job scans all proposed changes before they can be applied to the codebase.
These measures come as a response to increasing software supply-chain attacks. While not directly linked to Agentic Workflows, recent reports highlighted how stolen GitHub Actions secrets were used to compromise repositories and inject malicious packages. By providing sandboxing and approval gates for bot-created pull requests, GitHub aims to prevent unauthorized access to sensitive information during the automated lifecycle.