# Autodetect AI code
Knowing if your project contains AI-generated code helps raise awareness of code ownership and code security. To help build this awareness, SonarQube Server can autodetect AI-generated code in projects on GitHub using GitHub Copilot. If turned on, the feature alerts Project Admins when project contributors recently used GitHub Copilot so that such projects can be protected with Sonar’s [ai-standards](https://docs.sonarsource.com/sonarqube-server/2025.1/ai-capabilities/ai-standards "mention").
**Autodetect AI-Generated Code** is turned on by default in SonarQube Server, but your GitHub App must have the appropriate permissions in order to allow communication with SonarQube Server.
## Requirements
1. The **Autodetect AI-Generated Code** feature is turned on by default in SonarQube Server. See the instructions below to manage feature activation at the global and project levels.
2. Your Github organization having the Copilot subscription must be the organization you bind to SonarQube Server.
3. If you are using SonarQube Server with the GitHub Enterprise Server (the self-hosted version of the GitHub platform) or SSO, a SonarQube administrator must set up a SCM account for each Copilot Business subscription user so that the users’ Copilot login matches their GitHub Enterprise Server login. See the [updating-scm-details](https://docs.sonarsource.com/sonarqube-server/2025.1/instance-administration/user-management/updating-scm-details "mention") page for these instructions.
4. A Project Admin must enable access from your GitHub App. The autodetection feature will not function without giving SonarQube Server access to GitHub Copilot Business.
## Autodetecting AI code
With access to your GitHub App, SonarQube Server can evaluate users’ GitHub Copilot usage and code contribution patterns to identify potential AI-generated code. If there is a match in user data, SonarQube Server will display the **AI code detected** status on the project’s Overview and Project Information pages.
SonarQube Server does not retroactively check older code from previous commits. In addition, projects that have the  applied by a quality standards admin will be excluded from automatic AI code detection. See the [#label-projects-with-ai-code](https://docs.sonarsource.com/sonarqube-server/2025.1/analysis-functions/ai-code-assurance/overview#label-projects-with-ai-code "mention") article for details.
{% hint style="info" %}
Ensure that the GitHub organization with the Copilot Business subscription is bound with SonarQube Server. If you are using SSO, you must define SCM accounts for your users.
{% endhint %}
To activate **Autodetect AI-Generated Code** in SonarQube Server, follow these three steps:
### Step 1: Manage AI autodetection in SonarQube Server
**Autodetect AI-Generated Code** can be managed at the global and project levels:
* At the global level, go to **Administration** > **Configuration** > **General Settings** > **AI-Generated Code** and select or deselect **Autodetect AI-Generated Code**. The setting is turned on by default.
* At the project level, go to *Your Project* > **Project Settings** > **AI-Generated Code** and select or deselect **Autodetect AI-Generated Code in this project**. The setting is turned on by default.
### Step 2: Enable your GitHub integration
The **Autodetect AI-Generated Code** feature relies on your GitHub App for SonarQube Server to give SonarQube Server access to your organization’s usage statistics of GitHub Copilot. To create a new integration or manage an existing one, go to **Administration** > **DevOps Platform Integrations** > **GitHub**. Instructions can be found on the [setting-up-github-app](https://docs.sonarsource.com/sonarqube-server/2025.1/devops-platform-integration/github-integration/setting-up-at-global-level/setting-up-github-app "mention") page.
Once you’ve registered your GitHub App, a Project Admin must navigate (in GitHub) to *Your GitHub App* > **App settings** > **Permissions & events** > **Organization permissions** > **GitHub Copilot Business** and set the access level to **Read-only**. Note that as per standard procedure, GitHub will send a confirmation email which must be acknowledged; more details about confirming this requirement is on the [permissions-for-ai-autodetect](https://docs.sonarsource.com/sonarqube-server/2025.1/instance-administration/ai-features/permissions-for-ai-autodetect "mention") page.
{% hint style="info" %}
Because GitHub administrators manage SonarQube Server’s permission levels in GitHub Copilot Business, they can disable AI Code Autodetection for your SonarQube organization. However, they cannot effectively enable the feature in SonarQube Server without the correct permission type. See the [user-permissions](https://docs.sonarsource.com/sonarqube-server/2025.1/instance-administration/user-management/user-permissions "mention") page.
{% endhint %}
### Step 3: Rescan your project
With the requirements satisfied, SonarQube Server will check for the presence of AI-generated code each time an analysis is performed. Projects containing autodetected code will display the **AI code detected** status on the project’s Overview and Project Information pages.
If **Autodetect AI-Generated Code** is turned off on a project containing autodetected code, the **AI code detected** status will be displayed until the next analysis is run.
## Related pages
* [overview](https://docs.sonarsource.com/sonarqube-server/2025.1/ai-capabilities/overview "mention") of AI capabilities
* Learn about [ai-standards](https://docs.sonarsource.com/sonarqube-server/2025.1/ai-capabilities/ai-standards "mention")
* See also[enable-ai-codefix](https://docs.sonarsource.com/sonarqube-server/2025.1/instance-administration/ai-features/enable-ai-codefix "mention") to get AI-generated fix suggestions