Cathay is a premium travel and lifestyle brand that operates Cathay Pacific, a global airline with more than 30,000 employees and operations in 100 destinations. With unpredictable weather, shifting regulations, supply chain disruptions, and global events causing all kinds of uncertainties, having dependable software is crucial. 

But like many large enterprises, they were running into roadblocks as they worked to scale innovation—from an outdated, fragmented toolchain eroding the developer experience and slowing delivery to late-breaking security vulnerabilities causing serious risk to their business functions. 

While putting their customers first was always a core principle, without better tools and alignment, it was difficult to make this principle a reality. As a digital leader in aviation, they realized they needed to modernize—empower their developers to embrace a security-first mindset, streamline processes, and accelerate the release of secure, compliant solutions that customers can trust. 

Here’s how the Cathay team moved forward.

Modernize development at scale

Cathay adopted the GitHub platform as its end-to-end development environment. With code hosting, CI/CD, security, and AI all in one place, the team streamlined workflows and elevated the developer experience. As part of this transformation, Cathay's developers embraced GitHub Copilot for code completion and adopted GitHub Copilot agent mode—a real-time, autonomous collaborator to perform multi-step coding tasks across their codebase.

GitHub Copilot has been a game changer. It’s more than just a tool. It's a collaborative partner that helps us stay focused on meaningful work instead of repetitive tasks.

Developers now receive real-time suggestions in the IDE to speed up everyday tasks, while agent mode handles more complex changes, indexing hundreds of files and executing multi-step prompts across the codebase. With less time lost to manual edits and routine decisions, the team can move faster and focus on building higher-impact solutions—which has contributed to a 40% year-over-year improvement in tech debt fixes. That shift hasn’t just changed how developers work. It’s changed how they feel about their work.

“GitHub Copilot has been a game changer,” said Rajeev Nair, General Manager - IT Infrastructure & Security at Cathay. “It’s more than just a tool. It's a collaborative partner that helps us stay focused on meaningful work instead of repetitive tasks.”

The improvement in developer experience has delivered measurable results: Cathay rolled out GitHub Copilot to more than 1,000 developers in just one week, who have since accepted over four million lines of code. This adoption drove a noticeable lift in developer sentiment, with satisfaction and NPS scores rising to 4.4/5.

“It’s impressive how agent mode can identify exactly where changes are needed,” said Naveen Jaisankar, DevSecOps Practice Lead at Cathay. “It’s the kind of intelligence that speeds us up without sacrificing control.”

Secure from the start

Building on its success with GitHub Copilot, the Cathay team expanded its use of the GitHub platform to strengthen security across the development process. With GitHub Advanced Security, they embedded security checks directly into developer workflows—enabling faster fixes, earlier detection, and fewer handoffs between teams.

Developers are now able to identify and remediate vulnerabilities as they work, which virtually eliminates the delays that had been caused by late-stage fixes. This shift to proactive security has led to a 63% decrease in the Mean Time to Remediate (MTTR) security fixes. Features like real-time code scanning and secret detection allow teams to catch issues early and resolve them quickly, improving both confidence and delivery speed.

Copilot seamlessly integrates security into the development process, making it a shared responsibility without adding friction. The result is a secure, efficient, and enjoyable environment for building software.

Copilot Autofix has added another layer of efficiency by detecting vulnerabilities and suggesting secure code changes in real time, without disrupting developer flow. For Cathay, this shift wasn’t just about improving security outcomes; it has also helped shift the perception of security from a bottleneck to a shared responsibility.

“The most rewarding part has been seeing that ‘wow’ moment from our developers,” says Nair. “GitHub Copilot and Advanced Security aren’t just more tools or extra work—they have changed how we build software and the culture around it. Watching our teams embrace that mindset and feel empowered by it has been incredibly fulfilling.”

This process has also been about using AI responsibly, with clear guardrails and a focus on continuous learning. “Copilot seamlessly integrates security into the development process, making it a shared responsibility without adding friction,” says Nair. “The result is a secure, efficient, and enjoyable environment for building software.”

Create space for innovation

For the team at Cathay, GitHub isn’t just a tool—it’s the foundation for future innovation. With GitHub Copilot, agent mode, and built-in security that keeps them one step ahead, the airline is ready to scale its DevSecOps practices.

“GitHub helps us ship faster and meet customer demands in a fast-changing aviation landscape,” says Jaisankar. “It’s a one-stop shop for developers, integrating everything we need into a single platform.”

This unified development experience helps Cathay’s developers accelerate time to value and deliver great customer experiences, all while maintaining compliance and security.

“GitHub Copilot gives us the foundation to adapt, innovate, and deliver securely at speed and at scale,” says Jaisankar.