What it does
GitHub's AI coding assistant powered by OpenAI models. Provides code completion, chat-based development, and increasingly autonomous coding capabilities within VS Code, JetBrains, and other IDEs. GitHub Copilot reached 15M users (up 4x year-over-year). Microsoft reports 1M custom agents created on SharePoint and Copilot Studio. Featured in the OWASP ASI Exploits Tracker for prompt injection vulnerabilities that injected backdoors into production code.
Security relevance
The primary security concern is LLM06 (Sensitive Information Disclosure) — proprietary code, internal API patterns, and security-sensitive logic being sent to external AI models. Additionally, Copilot-generated code may contain vulnerabilities that developers accept without review. Governance policies are essential.
When to use it
If your organisation uses Copilot, ensure governance policies cover data classification (what code can be sent to the model), code review requirements for AI-generated code, and enterprise configuration to limit data exposure. Requires org-level admin setup beyond individual installation.
OWASP coverage
Risks addressed — mapped to both OWASP Top 10 standards. 1 in LLM, 2 in Agentic.
The raw record
What Yuntona stores. Single source of truth — fork it on GitHub.
name: GitHub Copilot slug: github-copilot type: Mixed category: AI Code Assistants url: https://github.com/features/copilot reviewed: 2026-04 added: 2026-04 updated: 2026-04 risks: llm: [LLM06] asi: [ASI05, ASI09] complexity: Guided Setup pricing: — audience: Builder lifecycle: [develop] tags: [Code, Dev, Microsoft]