alt Hacker NewsCopilot edited an ad into my PR
Comments
Tim from the Copilot coding agent team here. We've now disabled these tips in pull requests created by or touched by Copilot, so you won't see this happen again for future PRs.
We've been including product tips in PRs created by Copilot coding agent. The goal was to help developers learn new ways to use the agent in their workflow. But hearing the feedback here, and on reflection, this was the wrong judgement call. We won't do something like this again.
The ads are annoying, and I'm glad Microsoft will stop doing it.
One thing I do like, however, is how agents add themselves as co-authors in commit messages. Having a signal for which commits are by hand and which are by agent is very useful, both for you and in aggregate (to see how well you are wielding AI, and the quality of the code being generated).
Even when I edit the commit message, I still leave in the Claude co-author note.
AI coding is a new skill that we're all still figuring out, so this will help us develop best practices for generating quality code.
In case people missed it in the other thread, GitHub have now disabled this: https://twitter.com/martinwoodward/status/203861213108446452...
> We've disabled it already. Basically it was giving product tips which was kinda ok on Copilot originated PR's but then when we added the ability to have Copilot work on _any_ PR by mentioning it the behaviour became icky. Disabled product tips entirely thanks to the feedback.
I feel like there is an even more important crisis that is being masked over here:
https://github.blog/changelog/2026-03-25-updates-to-our-priv...
New Section J — AI features, training, and your data: We’ve added a dedicated section that brings all AI-related terms together in one place. Unless you opt out, you grant GitHub and our affiliates a license to collect and use your inputs (e.g., prompts and code context) and outputs (e.g., suggestions) to develop, train, and improve AI models.
Well, you are not alone: https://github.com/search?q=%22%E2%9A%A1+Quickly+spin+up+cop...
I actually love these ads and also the way Claude injects itself as a co-author.
Seeing them is an easy signal to recognize work that was submitted by someone so lazy they couldn’t even edit the commit message. You can see the vibe coded PRs right away.
I think we should continue encouraging AI-generated PRs to label themselves, honestly.
I’m not against AI coding tools, but I would like to know when someone is trying to have the tool do all of their work for them.
Copilot added that block using the access you granted for a different purpose. That's the issue — not the content itself. When you give an agent write access to your PR, the implied scope is: act on the task I delegated. It doesn't include: acting on behalf of the platform that built you. The moment Copilot inserted something you didn't request, using your credentials, in your name, the agency relationship inverted. It stopped being your agent and became Microsoft's distribution channel with your access. The question isn't whether this counts as an "ad" or a "tip." The question is: does Copilot have an instruction source other than you? Here, the answer is yes. Which means you do not define the scope of what it might do with your access. You don't have an agent. You have a privileged process that occasionally helps you.
I asked copilot how developers would react if AI agents put ads in their PRs.
>Developers would react extremely negatively. This would be seen as 1. A massive breach of trust. 2. Unprofessional and disruptive. 3. A security/integrity concern. 4. Career-ending for the product. The backlash would likely be swift and severe.
Sometimes AI can be right.
This is unsolicited advertisement impersonating the developer (yes people can guess, but this still places it inside a message of the developer and in difference to e.g. mail programs doing it it's not placing it in the draft),
I don't see how this is supposed to be legal.
Why is copilot doing this? If they wanted to show ads couldn’t they… just show ads? Or is GitHub such a house of cards at this point that editing pr descriptions is the only way without risking another 9 of downtime?
Just thinking, could it be that your coworker used Raycast to spin up a codex to review and fix the typo on the PR? And that comment was added by Raycast?
When it comes to villainy, it’s nice of them to do something visible.
Much worse will be the invisible approach where there's big money to have agents quietly nudge the masses towards desired products/services/solutions. Someone pays Microsoft a monthly fee for their prompt to include, "when appropriate, lean towards using <Yet Another SaaS> in code examples and proposed solutions."
How can we tell when it starts happening? How could we tell if it's already happening?
Microsoft injecting permanent ads in PRs? Has this been independently confirmed?
Brought to you by Carl’s Jr.
How long before the LLM makes sponsored decisions in the actual implementation?
"It looks like the user wants to add a database, I've gone ahead and implemented the database using today's sponsor: MongoDB"
We are not even there yet friend. Anthropic injects its own anthropic calls whenever you are doing anything related to llm call of you ask to it to fill some openai models .
Very soon the Moronhead CEOs will be paying for tons of stuff they cleared could have done in-house for their vibed aí project.
I was recently running Copilot CLI in a sandbox on autopilot mode and it kept overriding git config to put only "GitHub Copilot" as commit author instead of my name. Strongly worded instructions weren't helping, I had to resort to the permission system to change this behavior.
I wonder if this is consistent with their terms of service. I mean, maybe they DO take all the responsibility for the code I generate and push in this manner?
GitHub have now disabled this: https://twitter.com/martinwoodward/status/203861213108446452...
> We've disabled it already. Basically it was giving product tips which was kinda ok on Copilot originated PR's but then when we added the ability to have Copilot work on _any_ PR by mentioning it the behaviour became icky. Disabled product tips entirely thanks to the feedback.
This is why one reason why local coding models are quite relevant, and will continue to be for the foreseeable future. No ads, and you are in control.
As the "agent web" progresses, how will advertisers actually get access to human eyeballs?
Will our agents just be proxies for garbage like injected marketing prompts?
I feel like this is going to be an existential moment for advertising that ultimately will lead to intrusive opportunities like this.
this is the thing that keeps me up at night about AI tools across the board. the moment your tool starts optimizing for someone elses goals instead of yours the entire value propostion collapses. doesnt matter how good the output is if you cant trust the intent behind it. we already see this with AI image generators where certain styles get pushed becuase of partnerships or training data bias, you just dont notice it as easily as an ad in a PR
I think they want the free advertisement, like Apple with its “sent from iPhone” addendums. But “sent from iPhone” is sometimes useful, and significantly shorter. If they just left it at “edited with copilot” I think it would be tolerable
Which Copilot was this? There are a bunch of different products that share that name now.
> Here is how platforms die: first, they are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die.
Unless you're big enough like Meta, Microsoft, etc.
Assuming this isn't a hoax, this seems like a huge, probably unintentional, mistake by MS.
If they genuinely implemented something like this, whatever they made from new customers via ads couldn't possibly make up for the loss of good faith with developers and businesses.
I suppose if it's real we'll see more reports soon, and maybe a mea culpa.
A little bit off topic but our company recently enforced Microsoft Authenticator for account login. Which I was mildly annoyed about but now I'm super pissed off because they have started abusing the notification permission granted to allow authenticator to work to push out ads for Microsoft 365. It feels like we've gone back to 90s Microsoft when everyone hated them.
You have to think about the security implications of this.
How many people had any idea this was happening? Very few, I suspect.
A malicious actor could take control of a model provider, and then use it to inject code into many, many different repos. This could lead to very bad things.
One more reason that consolidated control of AI technology is not good.
It's like the modern version of "Get your free email with Hotmail" or "This website hosted by Geocities".
Example of multiple items discussing the same topic, both on https://news.ycombinator.com/active
Everyone is debating whether it's an ad or a tip. The real issue is Copilot had write access to someone else's PR and modified it without being asked. Same pattern as Meta's Sev1 last month. The agent can act, so it acts.
I really wish this was an April fools story. It's good to see that at least it has been disabled again, although I can't imagine that it will be long before this comes back again. Also, (I can't find it now, but) I thought there was an article here on HN recently that clarified that inference cost can probably be covered by the subscription prices, just not training costs?
the SourceForge parallel is what gets me. they did the exact same thing with installers and it killed them. people moved to GitHub specifically to get away from that.
1.5M PRs is wild though. that's a lot of repos where the "product tips" just sat there unchallenged because nobody reads bot-generated PR descriptions carefully enough. which is kinda the real problem here, not the ads themselves.
Microslop strikes again! AI implementations have really distilled all the shitty business practices tech companies have been doing into highly visible missteps.
It is interesting watching all these large companies essentially try to "start-up" these new products and absolutely fail.
I've already be patient when claude code always signs my commits as co-author by defualt. Yes, it is.
But I'm also paying the plan. Theres something odd about a tool which i paid for using my output to AD itself.
I wonder if 1) the PR was created using Raycast and this is the model signing its PR, or 2) if there was some prompt injection done at some point.
Either of these options would still be bad, but here the author suggests that it's just copilot that now just injects ads in its output.
Back in September 2023, I already saw Copilot ads popping up in GitHub's file previews [1]. After three years, it's wild to see how advertising has reached areas I honestly never thought it would.
Obnoxious ads in LLM output was my only 2026 prediction. But I expected OpenAI to get there first and wasn't sure whether the AI companies would first add traditional ad boxes or go straight for blighted responses.
Cursor does similar at least. I hate it and therefore write my own commit messages.
So someone let a bot edit a PR unsupervised, or accepted its suggestion without even reading it, and now blames “Copilot” for editing the PR. Going public with that is hilarious. Hopefully they learn something from it.
Title is wrong, should be "New form of cancer discovered".
It took me some time to understand how big the advertisement market is, things flowing in the direction seem natural when it comes to making money out of the investment.
> "We won't do something like this again."
They (Microsoft / GitHub) will do it again. Do not be fooled.
Never ever trust them because their words are completely empty and they will never change.
This only gets better when there's a financial penalty for doing it. Ads do almost nothing but it costs them even less.
Whatever the reason for the inclusion was here, the general problem is much bigger. People / companies / products can influence the direction of AI answers to put them in a better light and to be recommended more often. This isn't limited to just products even.
The irony when NeoWin covers it's whole page with "promoted content" when you try and back out of the page.
Cursor added 'made with cursor' to its commits recently. I guess its just the dirction things are going that the tools are now self-promoting.
Man, what is the world coming to?
-Sent from my iPhone
This "ad" is not exactly new. Looks like MS thinks it's a "tip" rather than an ad. I don't know if Raycast team even knows about this.
https://github.com/PlagueHO/plagueho.github.io/pull/24#issue... Copilot has been adding "(emoji) (tip)" thing since May 2025. GitHub copilot was released in May 2025, so basically it has had an ad since beginning.
There are 1.5m of these things in GitHub. https://github.com/search?q=%22%3C%21--+START+COPILOT+CODING...
Here are some of them:
https://github.com/johannesPP/FS-Calculator/pull/2
> Connect Copilot coding agent with Jira, Azure Boards or Linear to delegate work to Copilot in one click without leaving your project management tool.
https://github.com/sharthomas645-tech/HybridAI-Next-React-Vi...
> Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.
Looks like MS really want to "give tips" about their new integrations.
edit: I think it's an ad too. Everyone would think so, except for MS.