GitHub has made secret scanning through the GitHub MCP Server generally available, giving AI coding agents a way to check for exposed credentials before code is committed or opened as a pull request.
The release matters because AI assistants are no longer just autocomplete. They are editing files, moving across repositories, and increasingly touching configuration, deployment scripts, and API integrations. That is exactly where leaked keys and tokens tend to appear.
The change
According to GitHub’s changelog, MCP-compatible tools such as GitHub Copilot CLI and Visual Studio Code can now ask GitHub’s MCP Server to scan work in progress for exposed secrets. The feature had been in public preview since March and is available for repositories with GitHub Secret Protection enabled.
GitHub says the MCP tools now honor existing push protection customization, so detections and bypass behavior align with organization or repository security settings instead of creating a separate policy path.
Why this fits the agent era
The useful part is placement. Traditional secret scanning often catches a leak after a push, or blocks it at the final gate. MCP-based scanning moves the check into the agent session, while the code is still being changed.
That makes it better suited to agentic workflows. A developer can ask an assistant to scan changed files, explain risky lines, and help remove credentials before the work enters Git history. For teams experimenting with autonomous coding agents, that reduces one of the obvious failure modes: an agent confidently committing a real token copied from a local config file, test fixture, or prompt context.
The limits teams should notice
The GitHub docs are careful about scope. Secret scanning through MCP is a pre-commit safety check, not a full replacement for repository alerts or push protection. The documentation says findings returned by MCP-invoked scans are ephemeral and visible only in the current agent chat session. They do not become persistent alerts in the repository’s Security tab or GitHub’s alert APIs.
The tools also require the GitHub remote MCP server; local MCP server configurations are not supported for this feature. Teams will need to enable the relevant MCP toolsets and make sure users have write access to the repositories being scanned.
Practical impact
For security teams, this is less about one new command and more about where controls live. Secret detection can now sit beside the AI assistant that is making changes, rather than only inside CI or a post-push scanner.
For developers, the best version of the workflow is simple: before committing AI-generated or AI-edited code, ask the agent to scan the current diff for secrets and fix anything suspicious. It will not catch every risk, and it should not replace branch protection, code review, or credential rotation. But it is a useful guardrail at the moment mistakes are cheapest to fix.
InfoQ framed the release as part of a broader shift toward AI-aware DevSecOps. That sounds abstract, but the underlying point is practical: as agents write more code, security tools need to be callable by agents too.
