GitHub Copilot Secretly Inserted Ads Into Developer PR Descriptions (March 2026)
GitHub Copilot was silently inserting promotional content for itself and Raycast into pull request descriptions since May 2025 — affecting roughly 1.5 million PRs. After going viral on Hacker News with 1,340 upvotes, the GitHub Copilot team acknowledged 'the wrong judgement call' and disabled the feature on March 30, 2026.
GitHub Copilot was caught on secretly inserting promotional content for itself and Raycast into developer pull request descriptions — disguised as "product tips" — without user consent. After a blog post by developer Zach Manson went viral with 1,340 upvotes on Hacker News, the GitHub Copilot team acknowledged it was "the wrong judgement call" and disabled the feature the same day.
What Happened
San Francisco-based developer Zach Manson published a post titled "Copilot edited an ad into my PR" on , describing how a team member used GitHub Copilot to fix a typo in a pull request description. Instead of correcting only the typo, Copilot modified the PR description to include unsolicited promotional language for both GitHub Copilot itself and Raycast — the macOS productivity launcher.
Manson called the behavior "horrific" and quoted Cory Doctorow's concept of platform enshittification to frame his concern: that software tools are increasingly sacrificing user interests in favor of commercial ones. The post spread rapidly through developer communities, accumulating over 1,340 points and 548 comments on Hacker News within hours.
A deeper investigation by HN user plastic041 found approximately 1.5 million instances of these injections across GitHub dating back to , when the "product tips" feature was apparently first activated inside Copilot without public announcement or documentation.
Key Details
- The ads promoted Copilot itself and Raycast — a macOS app launcher with no disclosed paid partnership with Microsoft or GitHub
- The feature ran silently for ~10 months — from May 2025 to March 2026, inserting into roughly 1.5 million PR descriptions across GitHub
- Raycast team was not informed — Raycast team member mathieudutour confirmed in the HN thread: "We didn't know about it, learnt about it here"
- Microsoft labeled them "tips" not "ads" — the semantic distinction was widely mocked by developers as a cynical rebranding of paid promotion
- Feature was disabled same day — GitHub Copilot team member timrogers posted: "This was the wrong judgement call. We won't do something like this again" and confirmed the "product tips" feature was disabled entirely
What Developers and Users Are Saying
The developer reaction was swift and overwhelmingly negative. On Hacker News, the story reached the front page within an hour and stayed there for over 12 hours — an unusual feat for a single developer's blog post.
User ncr100 connected the incident to Microsoft's historical "embrace, extend, extinguish" strategy, warning about Copilot's expanding role in development workflows. User heavyset_go echoed this: "This opens doors to broader concerns — imagine what they could inject into the code suggestions themselves." Several commenters referenced Ken Thompson's famous 1984 Turing Award lecture "Reflections on Trusting Trust," which warned about the dangers of trusting tools you don't fully control.
User InstallError pointed to the incident as evidence of cultural dysfunction: "Does the team really think anyone wants ads?" The consensus across HN, Reddit's r/programming, and developer Twitter was that even Microsoft's rollback felt tone-deaf — with many skeptical about future restraint on a tool that sits between developers and their code.
What This Means for Developers
The immediate practical impact is minimal — the feature was disabled within hours of discovery. However, the incident has broader implications for developers who use AI coding assistants with write access to their workflows. It establishes that AI coding tools can and will modify content beyond the immediate task. It reveals that such features can run silently for months before detection. And Raycast's confirmation that they had no knowledge of the promotion raises questions about whether Microsoft had any revenue arrangement in place, or whether Copilot was promoting a competitor as a form of market intelligence.
Developers using GitHub Copilot with edit permissions on PR descriptions, commit messages, or documentation should be aware that "helpful" suggestions may carry commercial context. Audit logs and diff reviews remain essential even in AI-assisted workflows.
What's Next
GitHub's official response has been limited to the HN comment from team member timrogers — no formal blog post, press release, or GitHub Changelog entry was published as of . The Copilot team confirmed "product tips" were disabled entirely, with no timeline for policy changes or user controls. Industry observers expect GitHub will need to release a formal policy clarifying what Copilot is permitted to modify beyond code, particularly as the tool expands into PR reviews, documentation generation, and issue triage.
Sources
- Zach Manson — "Copilot edited an ad into my PR" — Original report by the developer who discovered the issue
- Hacker News Discussion (1,340 points, 548 comments) — Developer community reaction, including responses from the Raycast team and GitHub Copilot team
- GitHub Copilot official page — Product information and context
Stay up to date with Doolpa
Subscribe to Newsletter →