This update changes how developer data is handled for AI training. Engineers using individual tiers must decide whether to contribute their code patterns to improve Copilot's accuracy or opt out to maintain privacy, while enterprise users remain protected by default.
Today, we’re announcing an update on how GitHub will use data to deliver more intelligent, context-aware coding assistance. From April 24 onward, interaction data—specifically inputs, outputs, code snippets, and associated context—from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out. Copilot Business and Copilot Enterprise users are not affected by this update.
Not interested? Opt out in settings under “Privacy.” If you previously opted out of the setting allowing GitHub to collect this data for product improvements, your preference has been retained—your choice is preserved, and your data will not be used for training unless you opt in.
This approach aligns with established industry practices and will improve model performance for all users. By participating, you’ll help our models better understand development workflows, deliver more accurate and secure code pattern suggestions, and improve their ability to help you catch potential bugs before they reach production.
Our initial models were built using a mix of publicly available data and hand-crafted code samples. This past year, we’ve started incorporating interaction data from Microsoft employees and have seen meaningful improvements, including increased acceptance rates in multiple languages.
The improvements we’ve seen by incorporating Microsoft interaction data indicate we can improve model performance for a more diverse range of use cases by training on real-world interaction data. Should you decide to participate in this program, the interaction data we may collect and leverage includes:
This program does not use:
The data used in this program may be shared with GitHub affiliates, which are companies in our corporate family including Microsoft. This data will not be shared with third-party AI model providers or other independent service providers.
We believe the future of AI-assisted development depends on real-world interaction data from developers like you. It’s why we’re using Microsoft interaction data for model training and will begin using interaction data from GitHub employees as well.
If you choose to help us improve our models with your interaction data, thank you. Your contributions make a meaningful difference in building AI tools that serve the entire developer community. If you prefer not to participate, that’s fine too—you will still be able to take full advantage of the AI features you know and love.
Together, we can continue to build AI that accelerates your workflows and empowers you to build better, more secure software faster than ever.
If you have questions, visit our FAQ and related discussion.
The post Updates to GitHub Copilot interaction data usage policy appeared first on The GitHub Blog.
Continue reading on the original blog to support the author
Read full articleAs AI agents move from prototypes to production, they introduce new attack vectors like goal hijacking and tool misuse. This game provides hands-on experience in identifying and mitigating these risks, helping engineers bridge the gap between AI adoption and security readiness.
This report highlights that while historical vulnerability backlogs are shrinking, new security threats and malware in open source ecosystems are increasing. Engineers must remain vigilant as the volume of new advisories rises, particularly in popular ecosystems like Maven, Go, and npm.
The Copilot SDK allows engineers to build custom AI tools for specific workflows. This server-side architecture pattern enables secure, scalable integration of LLMs into mobile and web apps, automating high-toil tasks like issue triage while protecting credentials.
This bridges security gaps in infrastructure-as-code and scripts that traditional static analysis misses. By integrating AI-driven detections and automated fixes into the PR workflow, engineers can resolve vulnerabilities faster and maintain high security standards without leaving their tools.
