GITHUB FLIPS COPILOT TRAINING DEFAULT FOR INDIVIDUALS: INTERACTION DATA OPT-OUT STARTS APR 24
GitHub will start training Copilot on individual users’ interaction data by default on April 24 unless they opt out; Business and Enterprise accounts are exclud...
GitHub will start training Copilot on individual users’ interaction data by default on April 24 unless they opt out; Business and Enterprise accounts are excluded.
GitHub updated its data use for AI coding assistance: Copilot Free, Pro, and Pro+ interaction data may be used to train models unless users opt out, while Copilot Business and Enterprise are not included. The company says it can share this training data with Microsoft but not independent third-party model providers, and that content "at rest" in private repos isn’t used for training Help Net Security.
Interaction data covers prompts, suggestions, accepted/modified outputs, surrounding code, comments, filenames, repo structure, navigation patterns, and feedback. Private repo content during a Copilot session may be collected for training unless the user disables it, but stored content remains off-limits. GitHub reports better suggestion acceptance after training on Microsoft employee interaction data and now plans to scale this approach to individuals TechSpot.
Coverage highlights the default-on change and expected pushback from users uncomfortable with opt-out policies TechRadar.
If any developers use Copilot outside your enterprise plan, their session data may train GitHub’s models by default.
Sensitive code context can appear in interaction data; governance gaps now become immediate risk, not theoretical.
-
terminal
Audit who in your org uses Copilot Free/Pro/Pro+ and flip their training opt-out; verify via account and editor settings across OS/IDEs.
-
terminal
Create a synthetic test repo and validate Copilot suggestions don’t regurgitate seeded tokens or comments after org-wide opt-out/migration.
Legacy codebase integration strategies...
- 01.
Migrate individual Copilot users to Business/Enterprise or mandate opt-out; document this in onboarding and MDM baselines.
- 02.
Harden editor policies: disable Copilot in high-sensitivity paths (secrets, licensing, cryptography) and scrub comments before prompts.
Fresh architecture paradigms...
- 01.
Start with Copilot Business/Enterprise to keep training disabled and enforce policies via SSO, SCIM, and org controls from day one.
- 02.
Segment private IP from public code and define where Copilot is allowed; gate usage for services handling secrets or regulated data.