Security Agent

The MegaBrain Security Agent continuously monitors your repositories' Dependabot alerts, triages each finding for real-world exploitability, analyzes the important ones in an isolated sandbox, and can open remediation pull requests — all attributable and reviewable.

Where to configure

Organization sidebar → Security AgentSettings. Choose repositories, models, analysis depth, and automation thresholds, then toggle the agent on.

Permissions

To read Dependabot alerts, the MegaBrain GitHub App needs the vulnerability_alerts permission (shown as Dependabot alerts: Read-only in GitHub). If the agent reports Additional permissions required, grant it in two steps:

  1. In your GitHub App settings, under Repository permissions, set Dependabot alerts to Read-only and save.
  2. As an organization owner, accept the new permission request for the installation (or use Re-authorize GitHub App from the Security Agent page).
  3. Return to the Security Agent settings and click Refresh permissions.

Refresh permissions only re-reads the currently granted scopes — the permission must first be added to the GitHub App itself.

How it works

Each finding flows through a four-stage pipeline. Every stage is attributable, and you stay in control of what gets automated.

1

Sync

The agent pulls open Dependabot alerts from your selected repositories and records them as security findings.

2

Triage

A triage model assesses each finding for exploitability in the context of your code, producing a recommendation and confidence level — without spending sandbox time.

3

Analysis

For findings that warrant it, the agent runs a deeper analysis in an isolated sandbox to confirm whether the vulnerable code path is actually reachable.

4

Remediation

When enabled, the Cloud Agent drafts a remediation pull request that upgrades or patches the affected dependency, ready for your review.

Models

You can configure a dedicated model for each stage:

  • Triage model — initial triage and exploitability recommendations.
  • Analysis model — sandbox analysis and final extraction.
  • Remediation model — used by the Cloud Agent when creating remediation PRs.

The default is Auto Balanced (mb-auto/balanced), which automatically routes to a strong price-to-capability model. You can pick any model available to your organization, including free options.

Analysis modes

Control how deeply each finding is analyzed to balance thoroughness against time and credits:

  • Auto (default) — run triage first, then sandbox analysis only when needed.
  • Shallow (triage only) — quick triage without sandbox analysis, to save time and credits.
  • Deep (always sandbox) — run full sandbox analysis for every finding.

Automation

Automation is opt-in and gated by severity thresholds so the agent only acts where you want it to:

  • Auto-dismiss — automatically dismiss low-risk findings above a confidence threshold.
  • Auto-analysis — automatically analyze new findings at or above a minimum severity.
  • Auto-remediation — automatically open remediation PRs at or above a minimum severity.

SLA policy

Findings are tracked against configurable service-level targets by severity. The defaults are:

SeverityTarget to resolve
Critical15 days
High30 days
Medium45 days
Low90 days

Ready to get started? Open MegaBrain, head to your organization's Security Agent settings, select repositories, and turn the agent on.