Home / Tech Pulse / June 18, 2026
GitHub Actions AWS AgentCore Copilot Auto Mode GitHub Agent Finder Anthropic Seoul Google Cloud UK Databricks AI SecurityMarket
Dillip Chowdary

Tech Pulse Daily: GitHub Actions, AWS AgentCore

Curated by Dillip Chowdary - June 18, 2026 - Morning IST edition

Today's Top Highlights

  • GitHub Actions GitHub made actions/checkout v7 generally available with default protection against common pull_request_target and workflow_run fork checkout patterns.
  • AWS AgentCore AWS Summit New York added Bedrock AgentCore capabilities for web grounding, managed enterprise knowledge, observability, and scaled agent controls.
  • Copilot Auto Mode GitHub made Copilot Chat auto model selection generally available on github.com and mobile for all plans.
  • GitHub Agent Finder GitHub launched agent finder so Copilot can discover MCP servers, skills, canvases, tools, and agents from approved registries.
  • Anthropic Seoul Anthropic opened its Seoul office and signed an MOU with Korea's Ministry of Science and ICT for AI safety and cyber threat collaboration.

GitHub Actions: Checkout v7 Blocks Pwn Requests

GitHub made actions/checkout v7 generally available with default protection against common pull_request_target and workflow_run fork checkout patterns.

  • Default Guardrail: actions/checkout v7 refuses common pwn request patterns in privileged pull_request_target workflows.
  • Backport Date: GitHub plans to backport enforcement to supported checkout majors on July 16, 2026.
  • Risk Model: The control targets fork pull request head and merge commits that would run with base-repo tokens or secrets.
  • Opt Out: The allow-unsafe-pr-checkout flag remains available, but it is intentionally visible for code review.
Official source ->

AWS AgentCore: Web Search and Managed Knowledge

AWS Summit New York added Bedrock AgentCore capabilities for web grounding, managed enterprise knowledge, observability, and scaled agent controls.

  • Web Grounding: AgentCore Web Search gives agents cited current knowledge without third-party search egress.
  • Managed RAG: Bedrock Managed Knowledge Base adds connectors, Smart Parsing, and an Agentic Retriever for multi-hop queries.
  • Gateway Fit: Managed Knowledge Base is available as a native target type in AgentCore Gateway.
  • Regions: AWS lists availability across US, APAC, Europe, and AWS GovCloud US-West regions.
Official source ->

Copilot Auto Mode: Model Routing for All Users

GitHub made Copilot Chat auto model selection generally available on github.com and mobile for all plans.

  • Routing: Auto mode chooses a model by task complexity and real-time availability.
  • Model Pool: GitHub names Claude Sonnet 4.6, GPT-5.4 mini, GPT-5.4, and Haiku 4.5 as example routes.
  • Governance: Auto mode respects user and administrator model settings.
  • Billing: GitHub says paid subscribers receive a 10% token-use discount when using auto.
Official source ->

GitHub Agent Finder: ARD Discovery Comes to Copilot

GitHub launched agent finder so Copilot can discover MCP servers, skills, canvases, tools, and agents from approved registries.

  • Discovery: Agent finder ranks AI resources for a described task instead of loading every possible tool up front.
  • Standard: The feature implements the open Agentic Resource Discovery specification.
  • Controls: Enterprises decide which registry Copilot can query and which resources may surface.
  • Installation: GitHub says agent finder discovers resources but does not silently install or connect them.
Official source ->

Anthropic Seoul: Korean AI Safety MOU

Anthropic opened its Seoul office and signed an MOU with Korea's Ministry of Science and ICT for AI safety and cyber threat collaboration.

  • Office: Seoul becomes Anthropic's local base for Korean enterprises, startups, researchers, and developers.
  • MOU: The Ministry partnership covers safe public-sector adoption and cybersecurity cooperation.
  • Evaluation: Anthropic says the work includes Korean-language safety evaluation with the Korea AI Safety Institute.
  • Ecosystem: The launch targets Korea's electronics, semiconductor, gaming, and enterprise software AI demand.
Official source ->

Google Cloud UK: Gemini 3.5 Flash Sovereign AI

Google Cloud said Gemini 3.5 Flash with in-country AI processing will be available by late June for sensitive UK sovereign workloads.

  • Timing: Google targets late June 2026 availability for in-country AI processing.
  • Sovereignty: The feature is positioned for sensitive UK workloads and data residency commitments.
  • Scale: Google frames the UK opportunity as a projected £400 billion AI economic boost by 2030.
  • Stack: The announcement ties agents, custom silicon, frontier models, security, and data cloud together.
Official source ->

Databricks AI Security: AIM, Ingress, and Private Links

Databricks announced security and compliance updates for scaling Genie, dashboards, apps, serverless, and AI workloads across clouds.

  • Identity: Automatic Identity Management for Entra ID is generally available on AWS and GCP.
  • Access: AIM for Okta enters Public Preview alongside Context-Based Ingress policies.
  • Networking: Private Network Gateway and expanded Private Link support target private data sources and Lakebase.
  • Compliance: Databricks cites KSA, ISMAP, HITRUST, AWS GovCloud expansion, and upcoming FedRAMP High on Azure Commercial.
Official source ->

This Week in Tech

Jun 18

Actions audit: Find privileged pull_request_target workflows before checkout enforcement backports.

Jun 19

AgentCore pilots: Split web-grounded answers from write-capable agent actions.

Jun 20

Copilot controls: Confirm auto mode and agent finder respect enterprise model and registry policy.

Jun 23

Security review: Map Databricks AIM, ingress, and Private Link changes to existing identity controls.

Developer Resources

GitHub Actions: Checkout v7 Blocks Pwn Requests
GitHub Actions checkout v7 blocks common pwn request patterns by default, with supported major-version backports due July 16, 2026. AWS AgentCore: Web Search and Managed Knowledge
AWS expanded Bedrock AgentCore with web search, managed knowledge, observability, and controls for safer production agent deployments. Copilot Auto Mode: Model Routing for All Users
GitHub Copilot auto mode routes Chat requests by task complexity and availability while honoring admin model policies. GitHub Agent Finder: ARD Discovery Comes to Copilot
GitHub Agent Finder brings ARD-based resource discovery to Copilot so agents can find approved tools without bloating context. Anthropic Seoul: Korean AI Safety MOU
Anthropic opened Seoul and signed a Korean AI safety MOU covering public-sector adoption, Korean-language evaluation, and cyber threat sharing. Google Cloud UK: Gemini 3.5 Flash Sovereign AI
Google Cloud said Gemini 3.5 Flash with in-country AI processing is due by late June for sensitive UK sovereign AI use cases. Databricks AI Security: AIM, Ingress, and Private Links
Databricks added AIM, Context-Based Ingress, Private Network Gateway, and broader compliance for AI workloads at Data + AI Summit.

Key Takeaways

  1. 1Fix CI trust first: privileged pull_request_target workflows are the most urgent June 18 review item.
  2. 2Separate grounding from action: AgentCore Web Search should not directly trigger write tools without policy approval.
  3. 3Govern discovery: Agent Finder and ARD need approved registries, not open-ended tool discovery.
  4. 4Sovereignty is product work: Gemini 3.5 Flash in-country processing still requires data classification and audit paths.
  5. 5AI security is becoming identity work: Databricks AIM, ingress policy, and private connectivity show where platform controls are moving.

Market Snapshot

Currency Exchange

1 USD = ₹94.29USD softer vs 7 days

Crypto Ticker

BTC$63,883 spot
ETH$1,746 spot
DOGE$0.0844 spot
SHIB$0.00000479 spot