What Is GitHub Copilot CLI's New /security-review Command? AI Pre-Commit Vulnerability Scanner Explained

核心结论

If you're searching for "GitHub Copilot security review" or "Copilot CLI vulnerability scanner," the short answer is: GitHub shipped an experimental /security-review slash command on June 10, 2026 that uses LLM inference to scan your uncommitted code changes for 11 categories of vulnerabilities — from SQL injection and XSS to supply-chain risks — directly in your terminal. It's free during public preview, requires no setup beyond having Copilot CLI installed, and surfaces only high-confidence findings to reduce false positives. But it won't replace CodeQL, and the irony of an AI security scanner running on a CLI with its own documented prompt injection vulnerabilities isn't lost on security researchers.

What It Does

The /security-review command scans your local working tree — the code you've changed but haven't committed yet — and flags high-impact vulnerabilities across 11 categories:

1. Injection flaws — SQL, command, and LDAP injection
2. Cross-site scripting (XSS) — reflected, stored, and DOM-based
3. Broken access control & path traversal — unsafe file reads, directory traversal
4. Server-side request forgery (SSRF)
5. Insecure deserialization & prototype pollution
6. Weak cryptography — hardcoded keys, weak algorithms
7. Hardcoded credentials — API keys, tokens, passwords in source
8. Sensitive data leaks — PII, secrets in logs or error messages
9. Authentication & CORS failures — misconfigured auth, overly permissive CORS
10. Security misconfigurations — debug mode in production, missing headers
11. Supply-chain risks — unpinned dependencies, known-vulnerable package versions
12. Cross-prompt injection (XPIA) — LLM-integrated code vulnerable to prompt-based attacks

Unlike GitHub's existing security tools — code scanning, Dependabot, and secret scanning — this scanner doesn't rely on any of them. It's purely LLM-driven: the Copilot model reads your diff and reasons about whether the changes introduce security problems.

How It Works

You use it like any other Copilot CLI slash command. Inside a Copilot CLI session, with uncommitted changes in your repo:

Copilot reads the git diff of your working tree, sends it to the model, and the model returns a structured analysis. The output is designed to be high-confidence only — GitHub explicitly tuned it to minimize false positives, which is the right call for a pre-commit tool where every flagged issue creates friction.

The scan is local to your session. It doesn't push code to a remote scanner or require CI pipeline integration. This matters for two reasons: first, it's fast (seconds, not minutes), and second, it works on private repos without additional configuration.

Why It Matters

The timing is significant. Copilot CLI just received a major refresh at Microsoft Build 2026 on June 2, which made rubber duck review and voice input generally available, added prompt scheduling, and shipped an experimental terminal UI with tabs for issues, PRs, and gists. The /security-review command builds on this momentum by adding a security layer to the increasingly agentic Copilot CLI workflow.

More importantly, it addresses a real pain point: most security scanning happens in CI, after you've already pushed code and opened a PR. By then, vulnerable code has already left your machine. A pre-commit scanner catches issues at the earliest possible stage — before they enter the shared repository.

The 11-category coverage is also notably comprehensive for a first release. It's not just checking for SQL injection and XSS; it covers prototype pollution, XPIA (a category specific to LLM-integrated applications), and supply-chain risks. This breadth suggests GitHub is positioning this as a serious security tool, not a checkbox feature.

The Limitations — and the Irony

There are three important caveats.

First, it's experimental. This is a public preview feature with all the instability that implies. The GitHub changelog entry is short on details about false negative rates, and the model may miss subtle vulnerabilities that a dedicated static analysis tool would catch.

Second, it won't replace CodeQL or human review. GitHub's own documentation positions this as a fast, lightweight pre-commit filter — not a replacement for CI-based code scanning or expert security review. Business logic flaws, complex authorization issues, and bespoke system vulnerabilities are out of scope.

Third — and this is the uncomfortable part — the CLI it runs on has its own documented security issues. Researchers discovered the RoguePilot vulnerability class in Copilot CLI, where indirect prompt injection could cause the AI to execute malicious commands. GitHub patched RoguePilot in February 2026, but researchers continue to find new variations of prompt injection attacks against AI coding tools. An AI security scanner running on an AI-powered CLI that has its own prompt injection surface is, to put it mildly, a trust exercise.

The byteiota analysis captured this well: "It's experimental, it won't replace CodeQL, and the CLI it rides on has documented trust issues worth knowing about."

Should You Use It?

For most developers, the answer is yes — with the understanding of what it is and isn't.

If you're already using Copilot CLI, adding /security-review to your pre-commit routine is a low-cost way to catch obvious vulnerabilities early. The high-confidence-only output means you won't drown in false positives, and the terminal-native experience means zero configuration overhead.

If you're not using Copilot CLI, this alone probably isn't the reason to start — but combined with the Build 2026 refresh (rubber duck, voice input, prompt scheduling, terminal UI), the overall Copilot CLI value proposition has improved significantly in June 2026.

For teams with existing security infrastructure (CodeQL, Snyk, Semgrep), treat this as a complementary layer — a fast first pass that catches low-hanging fruit before your heavier CI scanners run.

The Bigger Picture

The /security-review command is part of a broader trend: AI coding tools are eating the development lifecycle from both ends. On one side, AI writes more code than ever — generating features, refactoring legacy systems, and producing boilerplate at scale. On the other side, AI is now reviewing that code for security issues, creating an AI-writes-AI-reviews loop.

The question isn't whether this trend continues — it's whether the AI reviewers can keep pace with the AI writers. For now, /security-review is a modest but meaningful step in that direction.