GitHub shipped a new /security-review slash command in GitHub Copilot CLI on June 10—an experimental feature in public preview that runs an AI-driven security review on your local code changes before they reach a commit or pull request. The scan lives inside the same terminal session where you're already prompting Copilot to write code, which is the point: security checks at the moment of creation, not after the diff is pushed.
What the Command Does
Run /security-review in any project directory and Copilot CLI analyzes your current working changes—the same diff you'd stage for a commit. The output is structured for action:
- High-confidence findings ranked by severity and confidence, so you can triage fast instead of wading through noise.
- Actionable fix suggestions you can apply without switching to a browser, IDE panel, or separate security dashboard.
- A focused review tuned to common, high-impact vulnerability classes: injection flaws, cross-site scripting, insecure data handling, path traversal, and weak cryptography.
GitHub is explicit that this is a Copilot-driven scan. It does not invoke GitHub Code Scanning, Dependabot, or secret scanning under the hood. It complements those hosted tools with a lightweight, on-demand pass you trigger when you want one—right before you commit.
How to Try It
The command ships behind Copilot CLI's experimental gate. Two ways to enable it:
- Launch with the flag:
copilot --experimental - Or toggle from inside a session:
/experimental
Once experimental mode is on, run /security-review in your project. The CLI sends your local change context to Copilot's model gateway—the same inference path as other Copilot CLI commands—and returns findings inline. GitHub is soliciting feedback through the GitHub Community discussion thread linked from the changelog.
Available to all GitHub Copilot subscribers. No separate security SKU required for the preview itself, though enterprise teams should still treat findings as advisory until the feature graduates from experimental status.
Where It Fits in the Security Stack
The pattern GitHub has been building all year is moving detection left—into the agent's workflow, not just CI. In March, the GitHub MCP Server added secret scanning so agents could check for exposed credentials before commit. On June 9, GitHub extended security validation for third-party coding agents—CodeQL, dependency advisories, and secret scanning on PRs from Claude, Codex, and other external agents. /security-review is the terminal-native version of that same instinct: catch problems while the context is still hot.
The three layers stack cleanly:
- Pre-commit, local, on-demand.
/security-reviewin Copilot CLI—LLM inference over your diff, no repo push required. - Pre-commit, hosted engine. Secret scanning via the GitHub MCP Server or
/secret-scanningin Copilot Chat—pattern-matched credential detection against GitHub's secret database. - Post-push, repo-wide. Code Scanning, Dependabot, and the new third-party agent validation on pull requests—deterministic rules that run regardless of which tool wrote the code.
None of these replace the others. LLM review catches logic-level issues static analysis often misses; static analysis catches known CVEs and secret patterns models hallucinate past. The win is running both before production.
Air-Gapped and BYOK Teams
By default, /security-review sends code context to GitHub's cloud-hosted model gateway—the standard Copilot inference path. Teams with stricter connectivity requirements have an alternative: Copilot CLI's BYOK mode, combined with COPILOT_OFFLINE=true and a locally running model behind an OpenAI-compatible API (Ollama, vLLM, etc.), keeps inference on your hardware with telemetry disabled. That architecture means a security-sensitive team with no outbound connectivity can still run /security-review against a local model without data leaving the machine.
For most web developers the cloud path is fine. For regulated environments, the local path is what makes a terminal security command actually usable.
Why It Matters for Web Developers
AI coding agents ship features fast. They also ship SQL concatenation, missing output encoding, and eval() wrappers with the same confidence they ship working CRUD. A dedicated security slash command lowers the friction of checking your own output—especially when you're iterating in Copilot CLI and never opening a PR until the feature feels done.
Two moves worth trying this week. First, enable experimental mode and run /security-review on your current branch before your next commit—treat it like a linter pass, not a formal audit. Second, pair it with secret scanning if you're using the GitHub MCP Server: LLM review for logic flaws, pattern matching for credentials. The agent era keeps compressing the gap between writing code and shipping it. GitHub is betting the fix isn't slower agents—it's security tooling that lives in the same terminal session.