{"id":93243,"date":"2026-01-14T10:45:09","date_gmt":"2026-01-14T18:45:09","guid":{"rendered":"https:\/\/github.blog\/?p=93243"},"modified":"2026-01-20T11:55:23","modified_gmt":"2026-01-20T19:55:23","slug":"community-powered-security-with-ai-an-open-source-framework-for-security-research","status":"publish","type":"post","link":"https:\/\/github.blog\/security\/community-powered-security-with-ai-an-open-source-framework-for-security-research\/","title":{"rendered":"Community-powered security with AI: an open source framework for security research"},"content":{"rendered":"\n

Since its founding in 2019<\/a>, GitHub Security Lab has had one primary goal: community-powered security<\/em>. We believe that the best way to improve software security is by sharing knowledge and tools, and by using open source software so that everybody is empowered to audit the code and report any vulnerabilities that they find.<\/p>\n\n\n\n

Six years later, a new opportunity has emerged to take community-powered security to the next level. Thanks to AI, we can now use natural language to encode, share, and scale our security knowledge, which will make it even easier to build and share new security tools. And under the hood, we can use Model Context Protocol (MCP) interfaces<\/a> to build on existing security tools like CodeQL<\/a>.<\/p>\n\n\n\n

As a community, we can eliminate software vulnerabilities far more quickly if we share our knowledge of how to find them. With that goal in mind, our team has been experimenting with an agentic framework called the GitHub Security Lab Taskflow Agent<\/a>. We’ve been using it internally for a while, and we also recently shared it with the participants of the GitHub Secure Open Source Fund<\/a>. Although it’s still experimental, it’s ready for others to use.<\/p>\n\n\n\n

Demo: Variant analysis<\/h1>\n\n\n\n

It takes only a few steps to get started with seclab-taskflow-agent:<\/p>\n\n\n\n

    \n
  1. Create a personal access token.<\/li>\n\n\n\n
  2. Add codespace secrets.<\/li>\n\n\n\n
  3. Start a codespace.<\/li>\n\n\n\n
  4. Run a taskflow with a one-line command.<\/li>\n<\/ol>\n\n\n\n

    Please follow along and give it a try! <\/p>\n\n\n\n

    Note: This demo will use some of your token quota, and it’s possible that you’ll hit <\/em>rate limits<\/em><\/a>, particularly if you’re using a free GitHub account. But I’ve tried to design the demo so that it will work on a free account. The quotas will refresh after one day if you do hit the rate limits.<\/em><\/p>\n\n\n\n

    Create a fine-grained personal access token<\/h2>\n\n\n\n

    Go to your developer settings page<\/a> and create a personal access token (PAT).<\/p>\n\n\n\n

    \"Screenshot<\/figure>\n\n\n\n

    Scroll down and add the “models” permission:<\/p>\n\n\n\n

    Screenshot of the developer settings page where I am adding the \"Models\" permission to my new PAT.<\/figure>\n\n\n\n

    Add codespaces secrets<\/h2>\n\n\n\n

    For security reasons, it’s not a good idea to save the PAT that you just created in a file on disk. Instead, I recommend saving it as a “codespace secret,” which means it’ll be available as an environment variable when you start a codespace in the next step.<\/p>\n\n\n\n

    Go to your codespaces settings<\/a> and create a secret named GH_TOKEN<\/code>:<\/p>\n\n\n\n

    \"Screenshot<\/figure>\n\n\n\n

    Under “Repository access,” add GitHubSecurityLab\/seclab-taskflows<\/code><\/a>, which is the repo that we’ll start the codespace from.<\/p>\n\n\n\n

    Now go back to your codespaces settings<\/a> and create a second secret named AI_API_TOKEN<\/code>. You can use the same PAT for both secrets.<\/p>\n\n\n\n

    We want to use two secrets so that GH_TOKEN<\/code> is used to access GitHub’s API and do things like read the code, whereas AI_API_TOKEN<\/code> can access the AI API. Only one PAT is needed for this demo because it uses the GitHub Models API, but the framework also supports using other (not GitHub) APIs for the AI requests.<\/p>\n\n\n\n

    Start a codespace<\/h2>\n\n\n\n

    Now go to the seclab-taskflows repo<\/a> and start a codespace:<\/p>\n\n\n\n

    \"Screenshot<\/figure>\n\n\n\n

    After the codespace starts, wait a few minutes until you see a prompt like this:<\/p>\n\n\n\n

    \"Screenshot<\/figure>\n\n\n\n

    It’s important to wait until you see (.venv<\/code>) before the prompt, as it indicates that the Python virtual environment<\/a> has been created.<\/p>\n\n\n\n

    Run a taskflow with a one-line command<\/h2>\n\n\n\n

    In the codespace terminal, enter this command to run the variant analysis demo taskflow:<\/p>\n\n\n

    \n
    python -m seclab_taskflow_agent -t seclab_taskflows.taskflows.audit.ghsa_variant_analysis_demo -g repo=github\/cmark-gfm -g ghsa=GHSA-c944-cv5f-hpvr<\/code><\/pre>\n<\/path><\/path><\/svg><\/path><\/svg><\/clipboard-copy><\/div>\n\n\n
    Answer “yes” when it asks for permission to run memcache_clear_cache<\/code>; this is the first run so the cache is already empty. The demo downloads and analyzes a security advisory<\/a> from the repository (in this example, GHSA-c944-cv5f-hpvr<\/code><\/a> from cmark-gfm<\/a>). It tries to identify the source code file that caused the vulnerability, then it downloads that source code file and audits it for other similar bugs. It’s not a sophisticated demo, and (thankfully) it has not found any new bugs in cmark-gfm 🫣. But it’s short and simple, and I’ll use it later to explain what a taskflow is. You can also try it out on a different repository, maybe one of your own, by changing the repo name at the end of the command.<\/p>\n\n\n\n
    Other ways to run<\/h1>\n\n\n\n
    I recommend using a codespace because it’s a quick, reliable way to get started. It’s also a sandboxed environment, which is good for security. But there are other ways to run the framework if you prefer.<\/p>\n\n\n\n
    Running in a Linux terminal<\/h2>\n\n\n\n
    These are the commands to install and run the demo locally on a Linux system:<\/p>\n\n\n
    \n
    export AI_API_TOKEN=github_pat_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\nexport GH_TOKEN=$AI_API_TOKEN\npython3 -m venv .venv\nsource .venv\/bin\/activate\npip install seclab-taskflows\npython -m seclab_taskflow_agent -t seclab_taskflows.taskflows.audit.ghsa_variant_analysis_demo -g repo=github\/cmark-gfm -g ghsa=GHSA-c944-cv5f-hpvr<\/code><\/pre>\n<\/path><\/path><\/svg><\/path><\/svg><\/clipboard-copy><\/div>\n\n\n
    These commands download our latest release from PyPI<\/a>. Note that some of the toolboxes included with the framework may not work out-of-the-box with this approach because they depend on other software being installed. For example, the CodeQL toolbox<\/a> depends on CodeQL<\/a> being installed. You can copy the installation instructions from the devcontainer configuration<\/a> that we use to build our codespaces environment.<\/p>\n\n\n\n
    Running in docker<\/h2>\n\n\n\n
    We publish a docker image<\/a> with tools like CodeQL pre-installed. You can run it with this script<\/a>. Be aware that this docker image only includes seclab-taskflow-agent<\/a>. We are planning to publish a second “batteries included” image that also includes seclab-taskflows<\/a> in the future. Note: I’ll explain the relationship between seclab-taskflow-agent and seclab-taskflows in the section about the collaboration model.<\/p>\n\n\n\n
    Taskflows<\/h1>\n\n\n\n
    A taskflow is a YAML file containing a list of tasks for the framework to execute. Let’s look at the taskflow for my demo (source<\/a>):<\/p>\n\n\n
    \n
    seclab-taskflow-agent:\n  filetype: taskflow\n  version: 1\n\nglobals:\n  repo:\n  ghsa:\n\ntaskflow:\n  - task:\n      must_complete: true\n      agents:\n        - seclab_taskflow_agent.personalities.assistant\n      toolboxes:\n        - seclab_taskflow_agent.toolboxes.memcache\n      user_prompt: |\n        Clear the memory cache.\n\n  - task:\n      must_complete: true\n      agents:\n        - seclab_taskflow_agent.personalities.assistant\n      toolboxes:\n        - seclab_taskflows.toolboxes.ghsa\n        - seclab_taskflows.toolboxes.gh_file_viewer\n        - seclab_taskflow_agent.toolboxes.memcache\n      user_prompt: |\n        Fetch the details of the GHSA {{ GLOBALS_ghsa }} of the repo {{ GLOBALS_repo }}.\n\n        Analyze the description to understand what type of bug caused\n        the vulnerability. DO NOT perform a code audit at this stage, just \n        look at the GHSA details.\n\n        Check if any source file is mentioned as the cause of the GHSA.\n        If so, identify the precise file path and line number.\n\n        If no file path is mentioned, then report back to the user that \n        you cannot find any file path and end the task here.\n\n        The GHSA may not specify the full path name of the source\n        file, or it may mention the name of a function or method\n        instead, so if you have difficulty finding the file, try\n        searching for the most likely match.\n\n        Only identify the file path for now, do not look at the code or\n        fetch the file contents yet.\n\n        Store a summary of your findings in the memcache with the GHSA\n        ID as the key. That should include the file path and the function that \n        the file is in.\n\n  - task:\n      must_complete: true\n      agents:\n        - seclab_taskflow_agent.personalities.assistant\n      toolboxes:\n        - seclab_taskflows.toolboxes.gh_file_viewer\n        - seclab_taskflow_agent.toolboxes.memcache\n      user_prompt: |\n        Fetch the GHSA ID and summary that were stored in the memcache\n        by the previous task.\n\n        Look at the file path and function that were identified. Use the \n        get_file_lines_from_gh tool to fetch a small portion of the file instead of\n        fetching the entire file.\n\n        Fetch the source file that was identified as the cause of the\n        GHSA in repo {{ GLOBALS_repo }}. \n\n        Do a security audit of the code in the source file, focusing\n        particularly on the type of bug that was identified as the\n        cause of the GHSA.<\/code><\/pre>\n<\/path><\/path><\/svg><\/path><\/svg><\/clipboard-copy><\/div>\n\n\n
    You can see that it’s quite similar in structure to a GitHub Actions workflow. There’s a header at the top, followed by the body, which contains a series of tasks. The tasks are completed one by one by the agent framework. Let’s go through the sections one by one, focusing on the most important bits:<\/p>\n\n\n\n
    Header<\/h2>\n\n\n\n
    The first part of the header defines the file type. The most frequently used file types are:<\/p>\n\n\n\n