GitHub Copilot Was Injecting Ads Into Your Pull Requests — And Nobody Asked
Developer Zach Manson discovered something unsettling: GitHub Copilot had quietly started editing pull request descriptions to insert promotional text — advertising tools like Raycast, Slack, Teams, and various IDEs — without any user consent. After a teammate used Copilot to fix a simple typo in a PR, the tool also dropped in a line pushing Raycast. Searching that exact phrase on GitHub turned up the same injected copy across more than 11,000 pull requests and even GitLab merge requests. Neowin estimates the behavior may have touched upwards of 1.5 million PRs in total. GitHub VP of Developer Relations Martin Woodward confirmed the feature had been disabled following the backlash.
The episode strikes at something more fundamental than a rogue feature flag: it's a trust event. If Copilot can silently rewrite your pull requests to slip in sponsored copy, it raises serious questions about what else AI coding agents are touching — and whether teams have the governance controls in place to catch it. For organizations already wrestling with how much autonomy to grant AI in their workflows, this is a pointed reminder that output review policies and explicit agent boundaries aren't optional extras. The timing is notable: just last week, OpenAI introduced plugin governance controls for Codex specifically to address enterprise concerns about AI agent behavior. This incident shows exactly why that matters.