Copilot cloud agent includes a built-in agent firewall to control Copilot’s internet access and help protect against prompt injection and data exfiltration. Until now, the firewall was configured at the repository level by repository admins.

Organization admins can now manage the agent firewall across all repositories in their organization. This makes it easier to roll out Copilot cloud agent at scale with the right defaults and guardrails for your needs. Organization admins can:

  • Turn the firewall on or off across all repositories, or allow each repository to decide.
  • Turn the recommended allowlist on or off across all repositories, or allow each repository to decide.
  • Add entries to an organization-wide custom allowlist, covering all repositories (e.g., allowing access to an internal package registry).
  • Control whether repository admins are allowed to add their own custom allowlist entries.

By default, all settings allow each repository to decide, preserving existing behavior.

To learn more, see “Customizing the agent firewall for Copilot cloud agent” in the GitHub Docs.