GitHub changes & security finds

[GitHub announced]roboin.io on March 12, 2026 that complimentary Copilot access would be folded into a new GitHub Copilot Student plan and that manual selection of premium models including Claude Opus, Claude Sonnet and GPT‑5.4 would be removed. GitHub’s public changelog and follow-up posts list retained alternatives such as Claude 4.5 Haiku, Gemini 3.1 Pro and GPT‑5.3 Codex for student accounts. github.blog Martin Woodward, GitHub’s VP of developer relations, framed the change as a sustainability move in an internal message and public comments on March 12–13, [2026 said]theregister.com, while multiple student threads on GitHub’s Community discussion board catalogued complaints and requests for clarification the same [week thread]github.com. GitHub Security Lab published a March 6, 2026 deep‑dive describing an LLM‑driven Taskflow Agent and said the system has reported more than 80 vulnerabilities in open‑source projects during internal [runs described]github.blog, with roughly 20 of those issues advanced to formal disclosures so [far reported]letsdatascience.com. The Taskflow Agent was open‑sourced as the seclab‑taskflow‑agent repository and is designed to run in GitHub Codespaces using a three‑stage auditing workflow (threat‑modeling, suggest‑and‑audit) that currently requires a Copilot license and premium model requests to [operate repo]github.com.