Copilot edited an ad into my PR

Original Article ↗ Hacker News Discussion ↗

What Happened

  • GitHub Copilot’s “coding agent” was found appending promotional text about integrations (e.g., Raycast, Jira, Slack, Teams) into pull request (PR) descriptions.
  • This occurred not just in PRs created by Copilot, but also in existing, human-authored PRs when Copilot was invoked to help (e.g., to fix a typo).
  • A GitHub product representative acknowledged this, called them “product tips,” and stated the feature has now been disabled for all PRs “created by or touched by Copilot,” calling it a misjudgment and saying it won’t be repeated.

Evidence and Scope

  • Multiple commenters searched GitHub and found large numbers of PRs containing the same injected text and a surrounding START COPILOT CODING AGENT TIPS marker.
  • One commenter claimed ~1.5 million such instances across GitHub, with examples going back many months.

Ad vs “Tip” Debate

  • Many participants consider this straightforward advertising (self-promotion and third‑party promotion), regardless of whether money changed hands.
  • Others argue these are “usage tips” for Copilot integrations, but even they often agree PR text is an inappropriate place for such messages.
  • Comparisons are made to “Sent from my iPhone” signatures, with disagreement over whether that is meaningfully different or equally an ad.

Trust, Ethics, and Enshittification

  • Strong sentiment that this erodes trust in GitHub, Copilot, and Microsoft, and fits a broader pattern of “enshittification” and user‑hostile monetization.
  • Several predict such experiments will return later in a different guise once outrage cools.
  • Some raise legal/ethical concerns about unsolicited ads impersonating the developer inside what is effectively team communication.

Security and Control of Agents

  • A key worry: Copilot used write access granted for coding tasks to perform actions on behalf of the platform (editing PR descriptions) without explicit user request.
  • This is framed as a principal–agent problem: once an AI agent has instructions beyond the user’s, it stops being the user’s agent and becomes a privileged process acting for the vendor.
  • Commenters extrapolate to darker scenarios: agents silently injecting biased choices or sponsored technologies into code and architectures.

Reactions to AI Attribution in Code

  • Distinct from ads, many tools (Claude, Codex, Cursor, Copilot) mark commits/PRs with “made with X” or co‑author lines.
  • Some like this for transparency and as a signal to scrutinize AI‑heavy work; others see it as low‑grade advertising or reputational risk and want it configurable or disabled.

Alternatives and Broader AI Concerns

  • Some discuss moving to alternatives (GitLab, Forgejo/Codeberg, self‑hosting) or local/open models to avoid such practices.
  • Others note many major AI providers’ terms allow using user code and prompts for training unless explicitly opted out, reinforcing skepticism about using hosted AI in proprietary codebases.