Hospitality

How Cathay Reduced Security Fix Time by 63% with GitHub Copilot and Advanced Security

CCathaySource: GITHUBMarch 2026

Cathay, the Hong Kong-based premium travel brand that operates Cathay Pacific airline across 100 destinations with 30,000+ employees, unified its development and security toolchain on GitHub Enterprise, deployed GitHub Copilot to 1,000+ developers, and embedded security scanning into daily workflows through GitHub Advanced Security. The result was a 63% reduction in mean time to remediate security vulnerabilities and a 40% year-over-year improvement in tech debt fixes.

Impact

63%

Reduction in mean time to remediate security fixes

40%

Year-over-year improvement in tech debt fixes

4.4/5

Developer satisfaction NPS score

1,000+ developers in one week

Copilot rollout speed

4 million+

Lines of code accepted from Copilot

Challenge

Cathay’s fragmented toolchains and late-stage security fix processes were slowing delivery, frustrating developers, and creating compliance risks for a global airline where software failures have direct operational consequences.

Solution

Cathay consolidated development on GitHub Enterprise with GitHub Copilot for AI-assisted coding and GitHub Advanced Security for embedded vulnerability detection, shifting security left into the development workflow and eliminating the handoffs caused by late-stage security reviews.

Tools & Technologies

GAGitHub ActionsDeveloper ToolsGEGitHub EnterpriseDeveloper ToolsGCGitHub CopilotDeveloper ToolsGAGitHub Advanced SecuritySecurity

What Leaders Say

GitHub Copilot has been a game changer. It’s more than just a tool. It’s a collaborative partner that helps us stay focused on meaningful work instead of repetitive tasks.

Rajeev Nair, General Manager - IT Infrastructure & Security, Cathay

Copilot seamlessly integrates security into the development process, making it a shared responsibility without adding friction. The result is a secure, efficient, and enjoyable environment for building software.

Rajeev Nair, General Manager - IT Infrastructure & Security, Cathay

GitHub helps us ship faster and meet customer demands in a fast-changing aviation landscape. It’s a one-stop shop for developers, integrating everything we need into a single platform.

Naveen Jaisankar, DevSecOps Practice Lead, Cathay
Get the full story.

Sign up to read complete case studies, access detailed metrics, and unlock all use cases.

Full Story

Cathay operates one of Asia’s most recognized airlines, connecting more than 100 destinations with a workforce of over 30,000 people. Its software systems underpin critical operations — from flight management and crew scheduling to customer-facing booking and loyalty platforms. The stakes of a failed deployment or unpatched vulnerability are not abstract: they affect passengers, crew, and revenue in real time.

Before the transformation, the engineering organization faced compounding friction. Toolchains were fragmented and outdated, workflows were manual and error-prone, and security vulnerabilities were typically caught late in the development cycle — after code had been written, reviewed, and staged. Late-stage security fixes are expensive: they require rework, delay releases, and create handoffs between teams that slow everything down. Developer sentiment reflected the frustration, and the gap between the engineering team’s capabilities and the pace the business needed was widening.

Cathay adopted GitHub as its end-to-end development platform, consolidating code hosting, CI/CD, security, and AI into a single environment. GitHub Copilot was rolled out to more than 1,000 developers in under a week — a deployment pace that itself signals the quality of the onboarding experience. Developers began using Copilot for code completion and increasingly adopted agent mode, which handles multi-step tasks across the codebase. GitHub Advanced Security was embedded directly into developer workflows, enabling real-time code scanning and secret detection that catch issues before they reach review. Copilot Autofix surfaces suggested secure code changes inline without interrupting developer flow.

The measurable outcomes were significant. Tech debt fixes improved by 40% year-over-year. Mean time to remediate security vulnerabilities fell by 63%. Developers accepted more than four million lines of Copilot-suggested code, and developer satisfaction scores reached 4.4 out of 5. Rajeev Nair, General Manager of IT Infrastructure and Security at Cathay, described Copilot as a collaborative partner rather than a tool, noting that the cultural shift — developers taking ownership of security rather than treating it as a handoff — was as significant as the technical improvements.

For Cathay, the goal now is scaling these DevSecOps practices across the organization and using the unified GitHub platform as the foundation for continued innovation in aviation software. In an industry defined by regulatory complexity, safety requirements, and constantly shifting operational conditions, having engineering infrastructure that can adapt quickly without sacrificing security is not a productivity benefit — it is a competitive necessity.

Similar Cases

GM
General Motors
99%
source code standardized on github

General Motors consolidated 19,000+ developers and 150,000 repositories from 40+ fragmented tools onto GitHub Enterprise Cloud, reducing a critical build from 4–6 hours to 27 minutes. By adopting GitHub Advanced Security with Copilot Autofix and deploying GitHub Copilot to 8,000+ developers, GM remediated 100% of leaked secrets and modernized legacy COBOL and Fortran systems.

GCGitHub CopilotGAGitHub Actions
A
AstraZeneca
40%
developer velocity increase with github copilot

AstraZeneca, one of the world’s largest pharmaceutical companies, unified 5,000 developers and scientists onto GitHub Enterprise, automated CI/CD with GitHub Actions, and deployed GitHub Copilot — achieving a 40% increase in developer velocity in its pilot program and generating 9 to 10 additional hours of productive output per developer each week. With drug development timelines measured in decades, the company views even marginal acceleration as directly impacting patient outcomes.

HealthcareGEGitHub EnterpriseGCGitHub Copilot
W
WEX
~30%
developer productivity increase with github copilot

WEX, a global fintech company that processes payments for fleet management, employee benefits, and corporate spending, consolidated a fractured developer ecosystem of 300+ Azure DevOps organizations onto GitHub Enterprise and deployed GitHub Copilot across its engineering workforce of 1,700+. The result was approximately 30% higher developer productivity, ~60% ROI on Copilot licenses, and a 99% reduction in deployment cycle times.

Financial ServicesGEGitHub EnterpriseGCGitHub Copilot
D
Duolingo
25%
developer speed increase for developers new to a repo

Duolingo, the world’s most popular language learning app with over 500 million users, relies on GitHub Enterprise, GitHub Copilot, and GitHub Codespaces to keep 300 engineers moving fast across a 400-repository microservices codebase. GitHub Copilot delivered a 25% speed increase for developers new to a codebase, Codespaces reduced setup time for the largest repository to under a minute, and custom API integrations cut code review turnaround time by 67%.

EducationGEGitHub EnterpriseGCGitHub Copilot
O
OpenTable
40%
case resolution improvement

OpenTable deployed two Salesforce Agentforce AI agents — one for restaurants and one for diners — improving case resolution rates by 40% and handling tens of thousands of conversations without human escalation.

HospitalitySASalesforce Agentforce