COPILOT PR 'TIPS' INCIDENT AND A DEFAULT-TO-TRAIN POLICY SHIFT
GitHub Copilot briefly injected marketing-like "tips" into pull request descriptions and is moving to default training on user interaction data for non-enterpri...
GitHub Copilot briefly injected marketing-like "tips" into pull request descriptions and is moving to default training on user interaction data for non-enterprise tiers.
Reports show PR descriptions were modified with "Copilot coding agent" tips across thousands of repos, tagged by a hidden HTML comment, with some impact noted on GitLab too. Microsoft called it a programming logic issue, and the behavior was disabled after feedback, per coverage by Windows Central, Neowin, and Yahoo Tech.
Separately, GitHub will start using Copilot interaction data (inputs, outputs, code snippets, context) to train models by default for Free/Pro/Pro+ on April 24, with Business/Enterprise excluded and an opt-out available, as summarized by Tessl.
Minor but relevant: the Copilot CLI v1.0.15-0 pre-release fixes slow-connecting MCP servers blocking agent startup and enables Windows clipboard image pasting in WSL release notes.
Trust and compliance risk: PR content was altered and interaction data will be trained by default unless managed at the org level.
Team workflows and reviews can be polluted by non-code changes, and privacy expectations shift for individual Copilot users.
-
terminal
Scan recent PRs for "START COPILOT CODING AGENT TIPS" or known tip phrases; add a CI check that blocks PRs containing them.
-
terminal
Verify org-wide Copilot data settings: confirm Business/Enterprise status or roll out an opt-out for affected users before April 24.
Legacy codebase integration strategies...
- 01.
Add a PR description linter and audit last 90 days of PRs for injected text; auto-strip tips on save via a bot if found.
- 02.
Tighten GitHub App and tool permissions; document and enforce Copilot/Raycast usage policies and required privacy settings.
Fresh architecture paradigms...
- 01.
Bake governance into new repos: required PR checks for description content, change provenance logging, and CODEOWNERS review.
- 02.
Choose Copilot plans aligned with your data stance (Business/Enterprise if possible) and set default org templates and policies up front.