Copilot injecting PR ads

Melbourne developer Zach Manson published a post showing a Copilot edit that inserted an advertisement for Copilot and Raycast into a pull request description, flagging the injected snippet as an unexpected edit on March 30, 2026. (notes.zachmanson.com) The insertion used a hidden HTML comment marker labeled <!-- START COPILOT CODING AGENT TIPS --> and produced visible “tips” referencing Raycast’s Copilot integration, exploiting Markdown’s handling of HTML comments to make the text appear as a helpful note. (kkm-mako.com) Researchers and reporters found identical injected text in more than 11,000 pull requests across GitHub (with mirror instances on GitLab), while other outlets circulated higher attribution figures up to 1.5 million pulled from broader scans of public repos. (awesomeagents.ai) GitHub’s engineering response to the incident was to disable the product tips feature after developer feedback, a move noted in aggregated news feeds and follow‑ups from outlets covering the event. (techmeme.com) Separately, GitHub’s consumptive billing framework enforces monthly “premium request” allowances (Copilot Business: 300 requests/user/month; Copilot Enterprise: 1,000 requests/user/month) with documented overage pricing and model multipliers that can multiply consumption (examples cited include Opus 3x and an Opus “fast” mode multiplier near 30x). (github.blog) Microsoft’s broader push toward agentic automation with Copilot Cowork — a multi‑model, Anthropic‑backed agent for executing multi‑step workflows inside Microsoft 365 — is rolling out in preview alongside new enterprise controls and paid tiers, with some reports citing a $30/user/month price point for the Cowork capability. (microsoft.com)