GitHub has moved its Enterprise AI Controls and agent control plane into general availability, turning what had been a preview governance layer into a standard control surface for companies rolling out Copilot agents at scale.

What shipped

The release gives enterprise administrators a centralized AI Controls view for managing policies, tracking agent sessions, and reviewing audit activity across their organizations. GitHub says admins can now search recent agent sessions, filter activity by specific agents including third-party tools, and trace actions back through audit logs that flag whether the actor was an agent and who it was acting for.

Why it matters

The product direction is notable because GitHub is treating agent governance as a first-class admin problem, not just a product add-on. Enterprises adopting coding agents need more than model access; they need visibility into who launched a task, what the agent changed, and whether custom agents follow internal policy.

GitHub is also adding programmatic support for enterprise custom agents through REST endpoints, plus enterprise-level definitions tied to a canonical .github-private/agents/*.md path. That gives large organizations a way to standardize agent behavior while still letting teams build specialized workflows on top.

One caveat remains: GitHub said enterprise MCP allowlists are still in public preview while it works on a design that scales across organizations. Even so, the GA launch shows that agent observability, policy enforcement, and auditability are quickly becoming core infrastructure for enterprise software teams.