Microsoft Reactor

Security alerts are only useful if someone acts on them. For most engineering teams, Dependabot alerts accumulate faster than developers can triage them — creating a backlog that quietly becomes a liability. In this session, Ankit Kumar Honey, Supply Chain Security Expert and Senior Engineering Manager leading GitHub's Dependabot team, shows you how GitHub is fundamentally changing the relationship between vulnerability detection and resolution.

You'll see live how a Dependabot alert can now be assigned directly to an AI coding agent: Copilot, Claude, or Codex — which analyzes the vulnerability, opens a draft pull request with a proposed fix, resolves test failures, and handles complex edge cases like package downgrades when a dependency is compromised or contains malware.

In this session with live demo, you'll learn:

• How Dependabot's AI agent assignment works end-to-end — from alert triage to merged fix
• When AI agent remediation is the right tool versus rule-based Dependabot auto-PRs
• What this shift means for engineering teams managing supply chain security at scale

Whether you're a developer, security engineer, or engineering leader, you'll leave with a clear picture of where supply chain security is heading and exactly how to start using these capabilities today.