RetailSoftware Engineering

How Cathay Reduced Security Fix Time by 63% with GitHub Copilot and Advanced Security

CCathaySource: GITHUBMarch 2026

Cathay, the Hong Kong-based premium travel brand that operates Cathay Pacific airline across 100 destinations with 30,000+ employees, unified its development and security toolchain on GitHub Enterprise, deployed GitHub Copilot to 1,000+ developers, and embedded security scanning into daily workflows through GitHub Advanced Security. The result was a 63% reduction in mean time to remediate security vulnerabilities and a 40% year-over-year improvement in tech debt fixes.

Impact

63%

Reduction in mean time to remediate security fixes

40%

Year-over-year improvement in tech debt fixes

4.4/5

Developer satisfaction NPS score

1,000+ developers in one week

Copilot rollout speed

4 million+

Lines of code accepted from Copilot

Challenge

Cathay’s fragmented toolchains and late-stage security fix processes were slowing delivery, frustrating developers, and creating compliance risks for a global airline where software failures have direct operational consequences.

Solution

Cathay consolidated development on GitHub Enterprise with GitHub Copilot for AI-assisted coding and GitHub Advanced Security for embedded vulnerability detection, shifting security left into the development workflow and eliminating the handoffs caused by late-stage security reviews.

Tools & Technologies

GAGitHub ActionsDeveloper ToolsGAGitHub Advanced SecuritySecurityGCGitHub CopilotDeveloper ToolsGEGitHub EnterpriseDeveloper Tools

What Leaders Say

GitHub Copilot has been a game changer. It’s more than just a tool. It’s a collaborative partner that helps us stay focused on meaningful work instead of repetitive tasks.

Rajeev Nair, General Manager - IT Infrastructure & Security, Cathay

Copilot seamlessly integrates security into the development process, making it a shared responsibility without adding friction. The result is a secure, efficient, and enjoyable environment for building software.

Rajeev Nair, General Manager - IT Infrastructure & Security, Cathay

GitHub helps us ship faster and meet customer demands in a fast-changing aviation landscape. It’s a one-stop shop for developers, integrating everything we need into a single platform.

Naveen Jaisankar, DevSecOps Practice Lead, Cathay
Get the full context.

Sign up to read complete case studies, access detailed metrics, and unlock all use cases.

Full Story

Cathay operates one of Asia’s most recognized airlines, connecting more than 100 destinations with a workforce of over 30,000 people. Its software systems underpin critical operations — from flight management and crew scheduling to customer-facing booking and loyalty platforms. The stakes of a failed deployment or unpatched vulnerability are not abstract: they affect passengers, crew, and revenue in real time.

Before the transformation, the engineering organization faced compounding friction. Toolchains were fragmented and outdated, workflows were manual and error-prone, and security vulnerabilities were typically caught late in the development cycle — after code had been written, reviewed, and staged. Late-stage security fixes are expensive: they require rework, delay releases, and create handoffs between teams that slow everything down. Developer sentiment reflected the frustration, and the gap between the engineering team’s capabilities and the pace the business needed was widening.

Cathay adopted GitHub as its end-to-end development platform, consolidating code hosting, CI/CD, security, and AI into a single environment. GitHub Copilot was rolled out to more than 1,000 developers in under a week — a deployment pace that itself signals the quality of the onboarding experience. Developers began using Copilot for code completion and increasingly adopted agent mode, which handles multi-step tasks across the codebase. GitHub Advanced Security was embedded directly into developer workflows, enabling real-time code scanning and secret detection that catch issues before they reach review. Copilot Autofix surfaces suggested secure code changes inline without interrupting developer flow.

The measurable outcomes were significant. Tech debt fixes improved by 40% year-over-year. Mean time to remediate security vulnerabilities fell by 63%. Developers accepted more than four million lines of Copilot-suggested code, and developer satisfaction scores reached 4.4 out of 5. Rajeev Nair, General Manager of IT Infrastructure and Security at Cathay, described Copilot as a collaborative partner rather than a tool, noting that the cultural shift — developers taking ownership of security rather than treating it as a handoff — was as significant as the technical improvements.

For Cathay, the goal now is scaling these DevSecOps practices across the organization and using the unified GitHub platform as the foundation for continued innovation in aviation software. In an industry defined by regulatory complexity, safety requirements, and constantly shifting operational conditions, having engineering infrastructure that can adapt quickly without sacrificing security is not a productivity benefit — it is a competitive necessity.

Similar Cases

A
AstraZeneca
40%
developer velocity increase with github copilot

AstraZeneca, one of the world’s largest pharmaceutical companies, unified 5,000 developers and scientists onto GitHub Enterprise, automated CI/CD with GitHub Actions, and deployed GitHub Copilot — achieving a 40% increase in developer velocity in its pilot program and generating 9 to 10 additional hours of productive output per developer each week. With drug development timelines measured in decades, the company views even marginal acceleration as directly impacting patient outcomes.

HealthcareGAGitHub ActionsGEGitHub Enterprise
W
WEX
~30%
developer productivity increase with github copilot

WEX, a global fintech company that processes payments for fleet management, employee benefits, and corporate spending, consolidated a fractured developer ecosystem of 300+ Azure DevOps organizations onto GitHub Enterprise and deployed GitHub Copilot across its engineering workforce of 1,700+. The result was approximately 30% higher developer productivity, ~60% ROI on Copilot licenses, and a 99% reduction in deployment cycle times.

Financial ServicesGAGitHub ActionsGEGitHub Enterprise
GM
General Motors
99%
source code standardized on github

General Motors consolidated 19,000+ developers and 150,000 repositories from 40+ fragmented tools onto GitHub Enterprise Cloud, reducing a critical build from 4–6 hours to 27 minutes. By adopting GitHub Advanced Security with Copilot Autofix and deploying GitHub Copilot to 8,000+ developers, GM remediated 100% of leaked secrets and modernized legacy COBOL and Fortran systems.

GAGitHub ActionsCCodeQL
CW
Camping World
40%
customer engagement increase

Camping World deployed IBM watsonx Assistant as a virtual agent named Arvee across all web properties, increasing customer engagement by 40% and improving agent efficiency by 33%.

RetailICIBM ConsultingIWIBM watsonx Assistant
R
Rakuten
~50% reduction
mean time to recovery

Rakuten integrated OpenAI Codex into incident response, CI/CD pipelines, and autonomous development — cutting mean time to recovery by 50% and compressing quarter-long projects into weeks.

RetailOCOpenAI Codex
E
Engine
15%
average handle time reduction

Engine, a B2B travel platform handling 500,000+ annual traveler requests, deployed an Agentforce AI agent called Eva that autonomously manages over 30% of customer cases end-to-end. The implementation reduced average handle time by 15%, lifted CSAT from 3.7 to 4.3, and delivered $2M in estimated annual cost savings — all within a 12-day deployment timeline.

RetailSASalesforce AgentforceABAgentforce Builder
S
Shopify
< 24 hours
model upgrade deployment

Shopify built Sidekick, an AI commerce assistant powered by Claude Sonnet on Google Vertex AI, enabling millions of merchants to reach their first sale in days instead of weeks.

RetailCOClaude on Vertex AIGBGoogle BigQuery
E
Etsy
~80x
listings per theme increase via algotorial curation

Etsy, the global marketplace for handcrafted and vintage goods, serves nearly 90 million buyers across more than 130 million listings from 5 million sellers. Using Vertex AI, BigQuery, Dataflow, and Gemini, the company built a personalized search and discovery platform it calls “algotorial curation” — increasing listings per theme by 80x, driving a 5% lift in SEO-driven visits, and delivering a 3% conversion improvement for sellers.

RetailGDGoogle DataflowGBGoogle BigQuery