What happened
Microsoft Copilot's coding agent injected promotional content into over 1.5 million GitHub pull requests. These "tips" promoted integrations like Raycast's Copilot extension, appearing in over 11,000 pull requests, and other Copilot coding agent tasks for Slack, Teams, and various IDEs. The injection mechanism involved a hidden HTML comment, "START COPILOT CODING AGENT TIPS," suggesting Microsoft's direct involvement.
Why it matters
Developer workflows were subjected to automated promotional content injection, altering the integrity of pull request descriptions. For platform engineers and security architects, this presented risk: AI agents modifying content beyond their primary task. This event underscores the need for continuous monitoring of AI agent outputs and clear communication channels for unexpected behaviours within development environments.
