
As of July 2, GitHub Copilot CLI no longer needs a personal access token to run inside GitHub Actions. You add one permission line, update the CLI, and the workflow’s built-in GITHUB_TOKEN handles authentication automatically. The PAT you’ve been storing as a long-lived secret — tied to someone’s personal account and never expiring unless manually revoked — is now optional baggage you should drop immediately.
The PAT Problem Was Getting Worse
This is not a minor convenience update. Personal access tokens in CI/CD pipelines have been a persistent security liability, and the threat landscape proved it repeatedly. In March 2025, a compromised PAT in the tj-actions/changed-files action triggered a cascade that rewrote version tags and exposed secrets across 23,000+ repositories. By September 2025, the GhostAction campaign had weaponized injected workflow files to exfiltrate 3,325 secrets across 817 repos. The May 2026 TeamPCP breach of GitHub’s internal infrastructure followed a similar playbook: malicious VS Code extension, compromised developer credentials, PAT exfiltration.
The pattern is consistent: attackers stopped going after production servers and started going after the automation pipelines that deploy to them. Long-lived PATs stored as repository secrets are the easiest target on that path. Eliminating them from AI-driven workflows is the correct response, not a workaround.
How the New Setup Works
The change is minimal on your end. Add copilot-requests: write to your workflow’s permissions block. That’s it — GITHUB_TOKEN authentication kicks in automatically. The token is generated fresh for each workflow run, scoped to the triggering repository, and expires the moment the job finishes. No rotation schedule. No secrets to audit.
Before and after, side by side:
# BEFORE — PAT required
jobs:
ai-task:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Copilot CLI
env:
COPILOT_GITHUB_TOKEN: ${{ secrets.MY_PAT }}
run: copilot -p "review this PR for security issues" --no-ask-user
# AFTER — GITHUB_TOKEN, no secrets
jobs:
ai-task:
runs-on: ubuntu-latest
permissions:
copilot-requests: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Run Copilot CLI
run: copilot -p "review this PR for security issues" --no-ask-user
Two prerequisites: your organization needs the “Allow use of Copilot CLI billed to the organization” policy enabled (it’s on by default if you already had the Copilot CLI policy active), and you need a recent CLI version. Run copilot update before testing.
The Billing Change That Comes With It
Switching from a PAT to GITHUB_TOKEN also changes who pays. With a PAT, AI credit consumption was charged to the individual user’s Copilot seat. With the workflow token, it’s billed to the organization. That matters for teams that care about cost attribution — which, since GitHub’s move to usage-based billing on June 1, is an increasingly material concern.
The model is simple: 1 AI credit = $0.01. Org admins now have cost centers, per-user and per-cost-center budgets, and pooled credits — no more stranded capacity sitting on a user who barely uses Copilot in automation. The REST API supports budget configuration today; a UI is coming. If you’re running Copilot CLI at any scale in Actions, account for this billing shift before you enable the policy.
Part of a Bigger Pattern
This change didn’t come from nowhere. On June 11, GitHub dropped the PAT requirement for Agentic Workflows — the engine-agnostic automation layer that can run Copilot CLI, Claude Code, or OpenAI Codex from Markdown-described intent files. The July 2 changelog entry extended the same treatment specifically to Copilot CLI used directly in Actions.
GitHub is systematically replacing long-lived credentials with ephemeral tokens across its entire AI tooling surface. The direction is clear. If you’re still managing PATs for any GitHub AI automation, you’re carrying unnecessary risk with no upside.
What to Do Now
Three steps: (1) Run copilot update to get the latest CLI. (2) Confirm the org policy is enabled in your Copilot settings. (3) Replace the COPILOT_GITHUB_TOKEN environment variable with a permissions: copilot-requests: write block and delete the stored PAT secret. Review the official migration documentation for edge cases around enterprise-managed models and cost center setup. The full changelog entry covers the policy toggle and billing details.
The PAT is not deprecated yet, but there’s no reason to keep using it. Ephemeral tokens exist. Use them.













