GitHub's Agent Control Plane: What Enterprise AI Governance Actually Looks Like

On February 26, 2026, GitHub made its Enterprise AI Controls and agent control plane generally available. The timing is notable: it came in the same week that Claude and Codex became available for Copilot Business and Pro users, and as GitHub Enterprise Server 3.20 hit release candidate. The GA isn’t a coincidence—it reflects an industry that has moved from “should we let agents into our codebase?” to “how do we govern agents that are already in our codebase?”

Here’s what GA actually gives you, what it doesn’t, and what it means if you’re responsible for AI in an enterprise engineering org.

What’s in the Box

Unified AI administration. The AI Controls tab is now the permanent home for all AI-related policies—no more hunting through settings. A new admin role decentralizes management without requiring full org-admin access; you can assign fine-grained permissions to view audit logs, manage agent sessions, and configure AI Controls independently.

Audit logging for agent activity. This is the meaningful addition for compliance and incident response. Audit logs now include actor_is_agent identifiers so you can distinguish agent actions from human actions in the log trail. agent_session.task events track session start, finish, and failure. All agent sessions from the last 24 hours are visible without the previous 1,000-record cap.

Custom agent management with version control. You can define enterprise-wide custom agent standards, version-control them, and use 1-click push rules to protect custom agent file paths (.github/agents/*.md) across all repos. That means when a team customizes an agent, the customization is visible, tracked, and subject to enterprise policy—not a shadow config living in someone’s fork.

API support for enterprise-wide policy. Programmatic application of agent definitions means your governance tooling can enforce standards without manual configuration at the org or repo level. For large enterprises with hundreds of repositories, this is the difference between governance that scales and governance that’s aspirational.

Enhanced session visibility and search. You can now search and filter agentic session activity by specific agents, including third-party agents, with faster audit log filtering.

What’s Still in Preview

MCP (Model Context Protocol) enterprise allow lists remain in public preview. This matters because MCP is the layer through which agents connect to enterprise tools, databases, and APIs. Governing which MCP servers your agents can talk to—and logging what they do—is arguably more important than governing the agents themselves. Expect GA here in the coming months.

Why This Matters Beyond Compliance

The honest version: most engineering teams that use GitHub Copilot today have minimal visibility into what agents are doing on their behalf. When a Copilot agent opens a PR, touches a workflow file, or interacts with your CI/CD pipeline, the action lands in the same audit trail as a developer push—or it didn’t land at all before GA. For regulated industries, that’s a gap. For any engineering org that has an incident and needs to reconstruct what happened, it’s a blind spot.

The agent control plane addresses this by making agent actions legible. That’s not a small thing. The shift from “agents are doing stuff in our repos” to “we can see exactly what agents did and when” is the prerequisite for responsible AI at enterprise scale.

What Teams Should Do Now

Map your current agent footprint. Before GA ships value, you need to know which agents are operating in your environment. Copilot, Cursor, custom agents, third-party integrations—inventory them. The new session visibility tools are useful only if you know what you’re looking for.

Define your agent policy. Enterprise AI Controls give you policy controls; they don’t set policy for you. Decide which agents can operate in which contexts (prod vs. test vs. protected branches), what approval is required for agent-generated PRs, and who has admin access to the AI Controls workspace.

Turn on audit logging and review it. The default state for most teams is “logging exists, nobody reads it.” Make agent audit log review part of your security and incident response process before you need it, not after.

Assess your MCP exposure. If your teams are using MCP-connected agents (and they likely will be within six months), understand which external systems agents are touching. The MCP allow list feature in preview is where enterprise MCP governance will live. Get ahead of it.

GitHub’s agent control plane GA isn’t the finish line for enterprise AI governance—it’s the starting line. But it’s a real starting line, built on actual audit trails and actual policy enforcement, not just documentation that says “humans are responsible for agent output.” That’s worth taking seriously.