- GitHub disabled Copilot’s ability to insert promotional “tips” into pull requests after developer Zach Manson discovered over 11,400 PRs had been modified without user consent
- Copilot inserted a Raycast promotion into a coworker’s PR after being asked to fix a typo, making the ad appear as if written by the developer
- GitHub VP Martin Woodward acknowledged the behavior “became icky” and principal product manager Tim Rogers called it “the wrong judgement call”
- GitHub maintains the incident was a “programming logic issue,” not an intentional advertisement
What Happened
GitHub reversed course on a Copilot feature that inserted promotional messages into pull requests after a swift backlash from developers. Australian developer Zach Manson discovered the issue on March 30, 2026, when a coworker asked Copilot to correct a typo in a pull request and the AI tool appended a promotional message for Raycast, a productivity app. A search of GitHub revealed more than 11,400 pull requests containing the same inserted text. The Register reported that GitHub disabled the feature the same day.
“I wasn’t even aware that the GitHub Copilot Review integration had the ability to edit other users’ descriptions and comments,” Manson told The Register.
Why It Matters
The incident struck a nerve because the promotional text appeared as if it had been written by the developer, not inserted by an AI tool. Pull requests are professional artifacts in software development. They serve as a permanent record of code changes, design decisions, and review feedback. Injecting promotional content into that record, without disclosure and without consent, violated a foundational expectation that developers control what appears under their name.
The scale compounded the problem. More than 11,400 pull requests were modified before anyone noticed, suggesting that the feature had been active for some time before Manson flagged it. The discovery spread rapidly through developer communities, with reactions ranging from “this is horrific” to calls for migrating away from GitHub entirely.
Technical Details
The mechanism worked as follows: when Copilot was mentioned in a pull request, whether by the PR author or a reviewer, the AI agent could modify the PR description and comments. In addition to performing the requested task, such as fixing a typo or reviewing code, Copilot appended a “tip” promoting third-party tools or Copilot features. The inserted text read: “Quickly spin up Copilot coding agents from anywhere on your macOS or Windows machine with Raycast.”
GitHub described the root cause as a “programming logic issue” in which a tip intended only for PRs created by Copilot’s coding agent surfaced in PRs created by or touched by humans. The distinction matters technically: Copilot-created PRs are understood to be AI artifacts, while human-created PRs carry an implicit authorship expectation. The bug erased that boundary.
Who’s Affected
The 11,400-plus affected pull requests span an unknown number of repositories and organizations. Any team using GitHub Copilot for code review during the period the feature was active may have had promotional content silently added to their PRs. Enterprise customers, who pay GitHub for a professional development platform, were particularly vocal in their criticism.
Tim Rogers, principal product manager for Copilot at GitHub, acknowledged the error: “On reflection,” allowing Copilot to modify human-written PRs “was the wrong judgement call.” Martin Woodward, GitHub’s VP of Developer Relations, said that when “we added the ability to have Copilot work on any PR by mentioning it, the behaviour became icky.”
What’s Next
GitHub has disabled tips in all pull requests created by or touched by Copilot and stated that it “does not and does not plan to include advertisements in GitHub.” The company framed the incident as a logic error rather than a monetization experiment. Whether developers accept that explanation may depend on whether similar incidents recur.
The episode highlights a broader tension as AI coding tools gain write access to development workflows. Copilot can now create branches, write code, open pull requests, and respond to review comments. Each of these capabilities requires that developers trust the tool to act within expected boundaries. When that trust is violated, even unintentionally, the damage extends beyond a single incident to the willingness of developers and organizations to grant AI tools the permissions they need to be useful. The line between helpful automation and unwanted modification requires explicit, informed consent from users.
