GitHub Makes Remote MCP Server Generally Available With OAuth, Security Enhancements, and New Tools

GitHub has announced the general availability of its remote MCP (Model Context Protocol) Server, introducing a suite of improvements designed to streamline developer workflows and boost security.

Last month, GitHub open-sourced its implementation of the MCP server, a new open standard designed to enhance how large language models (LLMs) interact with real-time data and external tools.

Now, the new update brings OAuth 2.1 + PKCE authentication, now integrated into first-party Copilot IDEs, including VS Code, Visual Studio, JetBrains, Eclipse, and Xcode, as well as third-party tools like Cursor.

This new method replaces personal access tokens (PATs) with more secure, short-lived credentials and automatic token refresh. A single “MCP servers in Copilot” policy now centralises access management across environments.

Beyond authentication, GitHub has rolled out premium tools tied to its advanced offerings. The Copilot Coding Agent can autonomously manage development tasks — from bug fixes to feature builds — before submitting a pull request. Security features also expand, with secret scanning and push protection now free for all public repositories and code scanning alerts integrated for GHAS-enabled projects.

The update also improves daily workflows with tools for security advisories, sub-issue management, pull request enhancements, and better session handling.

By reducing context switching, GitHub says the MCP Server allows AI assistants like Copilot and Claude Code to seamlessly interact with GitHub data, helping developers code, review, and secure software faster.