Under the hood: Security architecture of GitHub Agentic Workflows
… To limit internet access, agentic workflows create a private network between the agent and firewall. …
Search
What's coming to our GitHub Actions 2026 security roadmap
… The firewall operates outside the runner VM at Layer 7. …
Improving token efficiency in GitHub Agentic Workflows
… In the gh-aw-firewall repo, Security Guard, which audits every pull request for security-sensitive changes, and Smoke Claude an integration test that exercises the firewall’s Claude CLI path, had the most post-fix runs and show improvements of 43% and 59%, respectively. …
How GitHub uses eBPF to improve deployment safety
… Then we can output a log line with all the information: WARN DNS BLOCKED reason=FromDNSRequest blocked=true blockedAt=dns domain=github.com. pid=266767 cmd="curl github.com " firewallMethod=blocklist With that, we’re done. …