Whilst I'd still take it with a grain of salt, two have been. Mostly their code scanning AI stuff though (or pieces of them), which... Has had a lot of issues, compared to more traditional approaches.
+ Code scanning: AI-powered autofixes for CodeQL alerts integrated into VS Code
+ Secret scanning push protection for gists
CodeQL has never worked anyway and I’m unsure why it’s even a thing given it doesn’t work