Overview

GitHub's Enterprise AI Controls and agent control plane are now generally available, providing enterprise administrators with comprehensive governance tools for managing AI agents and Copilot usage at scale. These features address the core challenge of enabling AI capabilities while maintaining security, compliance, and visibility across the organization.

Key Features

AI Administrator Role & Workspace: A new enterprise custom role with fine-grained permissions allows designated AI administrators to oversee all AI-related settings from a centralized console. This role grants access to audit logs, agent session activity, and AI Controls management without requiring full enterprise admin access.

Complete Agent Activity Visibility: The audit logging system now provides full visibility into agent operations, including:

• actor_is_agent identifiers that distinguish agent-driven actions
• User attribution showing who agents act on behalf of
• agent_session.task events tracking session lifecycle (started, finished, failed)
• Cloud agent session activity from the past 24 hours
• Centralized MCP (Model Context Protocol) registry and allowlist management

Custom Agent Standards & Protection: Organizations can now define, version control, and enforce enterprise standards for custom agents. A new 1-click push rule protects the .github/agents/*.md file path across the enterprise, preventing unauthorized modifications while allowing controlled updates.

New in General Availability

Enhanced Agent Discovery: Administrators can now search and filter agentic session activity by specific agents (including third-party agents) and track usage by organization. The agents page audit log is prefiltered for Copilot and third-party agents, and the 24-hour session history no longer caps at 1,000 records, enabling complete session traceability.

Enterprise Agent Policies via API: New REST API endpoints allow programmatic application of enterprise-wide custom agent definitions, enabling Infrastructure-as-Code approaches to agent governance. The AI Controls tab in enterprise settings is now the permanent home for all AI-related policies and settings.

MCP Allow Lists in Preview: Enterprise-wide MCP allow list management remains in public preview while GitHub refines the solution to scale better across organizations without requiring multiple registries.

What Developers & Admins Should Know

• Enterprise administrators should navigate to the new AI Controls tab in enterprise settings to configure agent policies and review activity
• Custom agent definitions are now stored in .github-private/agents/*.md for canonical control
• API support enables programmatic policy management for enterprise-scale deployments
• MCP governance features are still evolving; additional session activity coverage and granular policy controls are planned

Roadmap

Future enhancements include comprehensive session activity coverage across VS Code and Copilot CLI clients, programmatic access to agent activity data, and expanded MCP governance options.