學習、聯繫、建置

Microsoft Reactor

加入 Microsoft Reactor 並與開發人員即時互動

準備好開始使用 AI 和最新技術嗎？ Microsoft Reactor 提供活動、訓練和社群資源，協助開發人員、企業家和初創公司建置 AI 技術等等。加入我們！

學習、聯繫、建置

Microsoft Reactor

加入 Microsoft Reactor 並與開發人員即時互動

準備好開始使用 AI 和最新技術嗎？ Microsoft Reactor 提供活動、訓練和社群資源，協助開發人員、企業家和初創公司建置 AI 技術等等。加入我們！

From Alert to Fix: AI Agents and the Future of Vulnerability Remediation in GitHub

22 4月, 2026 | 5:00 下午 - 6:00 下午 (UTC) 國際標準時間

格式:
線上直播

主題: AI 安全性與資料治理

語言: 英文

Security alerts are only useful if someone acts on them. For most engineering teams, Dependabot alerts accumulate faster than developers can triage them — creating a backlog that quietly becomes a liability. In this session, Ankit Kumar Honey, Supply Chain Security Expert and Senior Engineering Manager leading GitHub's Dependabot team, shows you how GitHub is fundamentally changing the relationship between vulnerability detection and resolution.

You'll see live how a Dependabot alert can now be assigned directly to an AI coding agent: Copilot, Claude, or Codex — which analyzes the vulnerability, opens a draft pull request with a proposed fix, resolves test failures, and handles complex edge cases like package downgrades when a dependency is compromised or contains malware.

In this session with live demo, you'll learn:

How Dependabot's AI agent assignment works end-to-end — from alert triage to merged fix
When AI agent remediation is the right tool versus rule-based Dependabot auto-PRs
What this shift means for engineering teams managing supply chain security at scale

Whether you're a developer, security engineer, or engineering leader, you'll leave with a clear picture of where supply chain security is heading and exactly how to start using these capabilities today.