Enabling generic secret detection
You can enable generic secret detection in the security settings page of your repository or organization.
Note
You do not need a subscription to GitHub Copilot to use AI-powered generic secret detection. AI-detected secrets features are available to repositories owned by organizations and enterprises with GitHub Secret Protection enabled.
Enabling generic secret detection for your repository
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

-
In the "Security" section of the sidebar, click Advanced Security.
-
Under "Secret Protection", to the right of "Scan for AI-detected secrets", click Enable.
Enabling generic secret detection for your organization
You must configure generic secret detection for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
- Create a new custom security configuration, or edit an existing one. See Creating a custom security configuration.
- When creating the custom security configuration, ensure that "Secret Protection" is set to Enabled, and that the dropdown menu for "Scan for AI-detected secrets" is also set to Enabled.
- Apply the custom security configuration to one or more repositories. For more information, see Applying a custom security configuration.
For information on how to view alerts for generic secrets that have been detected with AI, see Viewing and filtering alerts from secret scanning.