We see this most clearly within the friction round opting out. In 2025, Microsoft and GitHub challenged developer belief by pushing GitHub Copilot deeper into core workflows with out giving maintainers clear, dependable management over it. For instance, two of essentially the most upvoted GitHub Neighborhood threads within the prior 12 months had been requests to dam Copilot-generated points and pull requests, and to repair the shortcoming to disable computerized Copilot code critiques.
Past this friction, GitHub has made ecosystem-level shifts that really feel like rug pulls to integrators. In a transfer that shocked many, they introduced a tough sundown for GitHub Copilot Extensions constructed as GitHub Apps, blocking new creation after September 24, 2025, and implementing full disablement by November 10, 2025. By explicitly telling builders this was a alternative moderately than a migration as they pivoted to Mannequin Context Protocol servers, GitHub violated the cardinal rule of “boring” infrastructure. Stability is meant to be the characteristic, not API churn.
And simply to spherical it out, GitHub Copilot’s safety posture took a really public hit when researchers disclosed “CamoLeak,” a crucial Copilot Chat vulnerability that would exfiltrate secrets and techniques and personal code from non-public repos by way of immediate injection and a Content material Safety Coverage bypass, which GitHub mitigated partly by disabling picture rendering in Copilot Chat. Put these collectively and the belief drawback will not be that AI exists, it’s the notion that GitHub Copilot is turning into unavoidable infrastructure, whereas concurrently being topic to churn and occasional sharp edges which are onerous to justify when the product is meant to be the boring, reliable layer.
