Community-Powered Security Meets AI
How GitHub Security Lab is using agentic taskflows to democratize vulnerability research.
Imagine you’re a security researcher who just found a dangerous bug in a popular piece of software. You patch it, write up your findings, and move on. But somewhere else in the codebase — or in a completely different project — the exact same type of bug is quietly hiding, waiting to cause harm. Sound frustrating? It is. And it’s one of the biggest challenges in software security today.
The good news: a team at GitHub has been working on a creative solution — and they’ve just opened it up for everyone to try.
First, Let’s Understand the Problem
Software is built by millions of people around the world, and bugs — especially security vulnerabilities — are almost inevitable. The tricky part isn’t just finding them. It’s that the same kind of bug tends to show up again and again, in different projects, written by different teams who never had a chance to learn from each other’s mistakes.
The traditional approach to security has often been siloed: companies keep their tools and knowledge private. But GitHub Security Lab, founded in 2019, believes the opposite approach works better — sharing knowledge openly so the whole community gets stronger together. Think of it like a neighbourhood watch program, but for software security.
Enter AI — and a New Kind of Security Tool
Thanks to recent advances in AI, it’s now possible to describe security knowledge in plain, everyday language — and then use that knowledge to automatically scan code for problems. You don’t need to be a wizard who speaks fluent “computer” to encode what you know about a bug type.
GitHub Security Lab has built an experimental tool called the Taskflow Agent that puts this idea into practice. It combines AI with existing security tools (like CodeQL, a powerful code analysis tool) to automate the process of hunting for vulnerabilities.
Trying It Out: Getting Started in Four Steps
The team designed the setup to be as painless as possible. Here’s what getting started actually looks like.
Step 1 — Create a Personal Access Token (PAT)
A PAT is essentially a digital ID badge that lets the tool access GitHub on your behalf. You create one from your GitHub developer settings page, and make sure to add the “Models” permission to it — this is what allows the tool to use the AI API.
Step 2 — Save Your Token Securely as Codespace Secrets
Rather than saving your token in a plain text file on disk (which is risky), you store it as a codespace secret — an environment variable that’s only available inside your secure cloud workspace. You’ll create two secrets:
GH_TOKEN— used to access GitHub’s API and read codeAI_API_TOKEN— used to access the AI API
You can use the same PAT value for both. The reason for two separate secrets is flexibility: the framework supports swapping in different AI providers later without changing how GitHub access works.
Step 3 — Start a Codespace
A Codespace is a ready-made coding environment that runs in your browser — no local setup required. You simply open the seclab-taskflows repository on GitHub and click to launch a new Codespace. Once it starts, wait until you see this prompt in the terminal:
(.venv) $
That (.venv) prefix tells you the Python virtual environment is ready. Don’t run any commands until you see it — it’s your green light.
Step 4 — Run a Taskflow with One Command
Now for the fun part. In the terminal, type this single command to launch the demo:
python -m seclab_taskflow_agent \
-t seclab_taskflows.taskflows.audit.ghsa_variant_analysis_demo \
-g repo=github/cmark-gfm \
-g ghsa=GHSA-c944-cv5f-hpvr
When it asks for permission to run memcache_clear_cache, answer “yes” — it’s just clearing an empty cache on first run, nothing destructive.
Note: This demo uses a small portion of your GitHub Models API quota. If you’re on a free account, you might hit rate limits — but the demo is designed to work within free-tier limits, and quotas reset after 24 hours.
Prefer to Run It Locally? No Problem.
If you’d rather not use a Codespace and prefer to run things directly on your own Linux machine, here are the commands to install and launch the demo:
export AI_API_TOKEN=github_pat_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
export GH_TOKEN=$AI_API_TOKEN
python3 -m venv .venv
source .venv/bin/activate
pip install seclab-taskflows
python -m seclab_taskflow_agent \
-t seclab_taskflows.taskflows.audit.ghsa_variant_analysis_demo \
-g repo=github/cmark-gfm \
-g ghsa=GHSA-c944-cv5f-hpvr
This pulls the latest release directly from PyPI (Python’s public package repository). Just be aware that some advanced features — like the CodeQL toolbox — require additional tools to be installed separately.
There’s also a Docker image available if you prefer a containerised setup with tools like CodeQL pre-installed, though that’s a more advanced option.
So What Exactly Is a “Taskflow”?
Think of a taskflow like a recipe. A recipe tells a chef: first do this, then do that, and finally check if it’s done. A taskflow tells the AI agent the same kind of thing, but for security tasks.
Each taskflow is a YAML file — a simple, human-readable text format — that breaks a big security job into smaller steps. Here’s the actual taskflow used in the demo:
seclab-taskflow-agent:
filetype: taskflow
version: 1
globals:
repo:
ghsa:
taskflow:
- task:
must_complete: true
agents:
- seclab_taskflow_agent.personalities.assistant
toolboxes:
- seclab_taskflow_agent.toolboxes.memcache
user_prompt: |
Clear the memory cache.
- task:
must_complete: true
agents:
- seclab_taskflow_agent.personalities.assistant
toolboxes:
- seclab_taskflows.toolboxes.ghsa
- seclab_taskflows.toolboxes.gh_file_viewer
- seclab_taskflow_agent.toolboxes.memcache
user_prompt: |
Fetch the details of the GHSA {{ GLOBALS_ghsa }} of the repo {{ GLOBALS_repo }}.
Analyze the description to understand what type of bug caused
the vulnerability. DO NOT perform a code audit at this stage, just
look at the GHSA details.
Check if any source file is mentioned as the cause of the GHSA.
If so, identify the precise file path and line number.
If no file path is mentioned, then report back to the user that
you cannot find any file path and end the task here.
The GHSA may not specify the full path name of the source
file, or it may mention the name of a function or method
instead, so if you have difficulty finding the file, try
searching for the most likely match.
Only identify the file path for now, do not look at the code or
fetch the file contents yet.
Store a summary of your findings in the memcache with the GHSA
ID as the key. That should include the file path and the function that
the file is in.
- task:
must_complete: true
agents:
- seclab_taskflow_agent.personalities.assistant
toolboxes:
- seclab_taskflows.toolboxes.gh_file_viewer
- seclab_taskflow_agent.toolboxes.memcache
user_prompt: |
Fetch the GHSA ID and summary that were stored in the memcache
by the previous task.
Look at the file path and function that were identified. Use the
get_file_lines_from_gh tool to fetch a small portion of the file instead of
fetching the entire file.
Fetch the source file that was identified as the cause of the
GHSA in repo {{ GLOBALS_repo }}.
Do a security audit of the code in the source file, focusing
particularly on the type of bug that was identified as the
cause of the GHSA.
If you’ve ever seen a GitHub Actions workflow file, this will look quite familiar. There’s a header at the top, and then a series of tasks that execute one by one.
Breaking Down the Three Tasks
Task 1 — Clear the Cache
Every run starts fresh. This first task simply wipes the memory cache (called memcache — think of it as a shared sticky note board between tasks). It also demonstrates an important safety feature: the tool asks for your confirmation before doing anything potentially irreversible. This is a built-in protection against prompt injection attacks — a sneaky type of attack where malicious content in data tries to hijack what the AI does next.
Task 2 — Find the Vulnerable File
This task downloads the security advisory (called a GHSA — GitHub Security Advisory) and analyses its description to figure out which source code file was responsible for the bug. It then saves a summary — including the file path and relevant function name — into the memcache, ready for Task 3 to pick up.
Task 3 — Audit the Code
The final task reads the summary left by Task 2, fetches just the relevant portion of the source file (not the whole thing — that would use too many AI tokens), and runs a focused security audit on it, looking for other bugs of the same type.
One subtle but important detail: earlier versions of this task tried to analyse the entire source file at once, which was expensive and slow. The prompt now specifically asks for “a small portion of the file” — a tiny wording change that makes a big practical difference.
How Does the Import System Work?
Taskflows often need to borrow tools (”toolboxes”) from other packages. The framework uses Python’s standard import system to make this seamless. For example, this line in a taskflow:
toolboxes:
- seclab_taskflow_agent.toolboxes.memcache
...tells the framework: go find the memcache.yaml file inside the toolboxes folder of the seclab_taskflow_agent package. Under the hood, it splits the name seclab_taskflow_agent.toolboxes.memcache into a directory (seclab_taskflow_agent.toolboxes) and a filename (memcache), then uses Python’s importlib.resources.files to locate and load memcache.yaml.
This means the whole ecosystem of Python packaging — including PyPI, versioning, and dependency management — just works out of the box. The only quirk: file names always need to have at least two parts, meaning your files must always live at least one directory deep.
Want to Publish Your Own Taskflows?
The team has made it easy to share your own security taskflows with the community. Their seclab-taskflows repository is designed as a copy-paste template. Here’s the recommended path to getting your own package published:
Use the
hatch newcommand to generate your project structure — it’ll create essential files likepyproject.tomlautomatically.Organise your project with sub-directories for taskflows, toolboxes, personalities, etc. — mirroring the structure of
seclab-taskflows.Copy their
publish-to-pypi.yamlGitHub Actions workflow to automatically upload your package to PyPI whenever you push a version tag likev1.0.0.
The two core packages the team maintains on PyPI are:
seclab-taskflow-agent— the engine (the framework itself)seclab-taskflows— the team’s own suite of taskflows, and a ready-made template for yours
What Makes This Different From Other AI Security Tools?
A lot of AI-powered security tools these days are “black boxes” — you put code in, get results out, and have no idea what happened in between. That makes them hard to trust, learn from, or improve.
The Taskflow Agent takes the opposite approach. Everything is open and readable. You can look at exactly what instructions the AI is following, modify them, and share your improved version with others. It’s designed for transparency and collaboration — two things that are especially important when it comes to security.
The team puts it plainly: many agentic security tools popping up today are closed-source, which is the antithesis of what community-powered security stands for. They want people to look under the hood.
The Bigger Picture
The goal here isn’t just to build a cool tool — it’s to change the way the security community works. Right now, vulnerabilities are often discovered and fixed in isolation. The vision behind the Taskflow Agent is a future where a breakthrough made by one researcher can be quickly turned into a shared tool that protects everyone’s software.
The framework is also built for rapid experimentation. The team isn’t trying to make the world’s most polished or efficient tool — they’re making something easy to modify and iterate on, so that new security ideas can be tested quickly.
Key Takeaway
Security doesn’t have to be a solo sport. With tools like the GitHub Security Lab Taskflow Agent, AI becomes a bridge — connecting security knowledge, automating repetitive research tasks, and making it easier for the whole community to protect software together.
The code is open, the taskflows are readable, and getting started takes a single command. Whether you’re a seasoned security researcher or just getting curious about how the internet stays safe, this kind of open, collaborative approach is a powerful sign of what becomes possible when people — and AI — work as a team.
Want to try it yourself? The project is open and available on GitHub, and the demo is designed to work even on a free account.