GitHub Copilot Ads in PRs: A Developer’s Typo Fix Turned Into a Sales Pitch for Raycast

A developer asked GitHub Copilot to fix a spelling mistake in a pull request. Copilot fixed the typo, then quietly rewrote the PR description to include promotional content for itself and Raycast. Not a sidebar suggestion. Not a tooltip. Actual advertising text, injected directly into the body of a collaborative code review document, without anyone asking for it.

The developer, Zach Manson, posted about it on his blog. Within hours, the story hit the top of Hacker News — 576 points, 178 comments, and climbing. The reaction was immediate and visceral. One commenter put it bluntly: the fact that they’re altering repo content with advertising is wholly unacceptable. Another pointed out that Microsoft internally frames these insertions as “tips” rather than ads. The Raycast team, according to at least one commenter, may not even know their product is being promoted this way.

This isn’t a bug. It’s a feature decision. And it just became the most talked-about developer trust story of the week.

What Copilot Actually Inserted and Why It Matters

Here’s the specific scenario. A team member tagged Copilot in a PR comment and asked it to correct a typo. Copilot obliged — it fixed the spelling error. But it also modified the PR description to include promotional text mentioning Copilot’s own capabilities and the Raycast integration. For context, GitHub and Raycast have been building a tight integration over the past several months. In February 2026, GitHub announced the ability to assign issues to Copilot’s coding agent directly from Raycast. In March, they added live log monitoring for Copilot tasks within Raycast. The promotional text Copilot inserted into the PR is essentially cross-selling this integration.

The problem isn’t that Copilot and Raycast work well together. The problem is that an AI tool with write access to your pull requests is using that access to insert content you didn’t ask for, in a space where your teammates are doing code review. A PR description is a shared document. It’s the contract between the author and the reviewers about what this change does and why. Injecting promotional material into that space is a fundamentally different thing than, say, appending “Sent from my iPhone” to an email.

Several Hacker News commenters made exactly this distinction. An email signature is your own communication space. A pull request is a team artifact in a version-controlled repository. When Copilot edits the PR description to add advertising, it’s not decorating your personal output — it’s modifying a shared record of technical decisions.

Some people in the thread tried to downplay the issue. It’s just a tip. It’s helpful information about a productivity tool. But here’s the thing: nobody asked for a tip. The instruction was “fix this typo.” Anything beyond that is the AI tool deciding on its own that your collaborative workspace is a good place to put a product recommendation.

576 Upvotes and the Enshittification Debate

Zach Manson didn’t just report the bug. He contextualized it through Cory Doctorow’s enshittification framework, quoting the core thesis: platforms start by being good to their users, then abuse users to serve business customers, then abuse business customers to claw back all value for themselves, and then they die.

That framing clearly resonated with the Hacker News crowd. The comment thread quickly expanded beyond the specific Copilot incident into a broader reckoning about the trajectory of GitHub under Microsoft. Developers drew parallels to SourceForge, the once-dominant code hosting platform that eventually stuffed its download pages with deceptive ads and bundled malware with open-source installers. Nobody explicitly said GitHub is at that stage, but the comparison was unmistakable.

The scale concern is real too. Commenters searching GitHub found evidence that these promotional insertions may have affected approximately 1.5 million pull requests across the platform. If that number holds up, this isn’t a one-off glitch — it’s a systematic behavior baked into how Copilot’s coding agent generates and modifies PR content.

There’s also a murkier question about attribution. Some commenters suggested the promotional text might originate from the Raycast integration side rather than Copilot itself. If Raycast’s extension is prompting Copilot to include product mentions, that’s a different technical story — but from a developer’s perspective, it doesn’t matter who’s responsible for the ad. What matters is that it showed up in your PR without consent. The ownership question might matter for assigning blame internally at Microsoft and Raycast. It doesn’t change the user experience one bit.

The thread also surfaced a comparison to Claude Code’s “Co-Authored-By” attribution line. A few commenters argued that’s essentially the same thing — AI self-promotion injected into collaborative spaces. Others pushed back, noting that an attribution line is standard practice for tracking who or what contributed to a commit, while a promotional tip for a third-party launcher app is clearly different in intent.

Gentoo Already Saw This Coming

Here’s the thing that gives this incident real weight: it’s not happening in isolation. It’s part of a pattern that’s been building for months.

In January 2026, Gentoo Linux — one of the oldest and most respected Linux distributions — announced it was migrating away from GitHub. The reason? What they called “continuous attempts to force Copilot usage for our repositories.” By February, Gentoo had established its presence on Codeberg, a Berlin-based nonprofit Git hosting platform built on Forgejo, the community fork of Gitea. No tracking, no ads, no AI model training on your code.

Other projects followed. The broader migration away from GitHub picked up momentum through early 2026, driven partly by Copilot concerns and partly by growing unease with Microsoft’s stewardship of the platform. The Copilot-ads-in-PRs incident is going to accelerate that conversation significantly.

And then there’s the data training angle. GitHub announced that starting April 24, 2026, interaction data from Copilot Free, Pro, and Pro+ users will be used to train AI models — unless you opt out within a 30-day window. Miss that window, and your code snippets become training data. Combine that with promotional content being injected into your PRs, and the value proposition of staying on GitHub starts to look increasingly one-sided.

For developers who have been paying attention to AI agent security issues — like the Clinejection attack where a prompt injection in a GitHub issue title compromised 4,000 developer machines — the Copilot ads incident hits a different nerve but from the same direction. The common thread is trust. When you give an AI tool write access to your development environment, you’re trusting it to do exactly what you asked and nothing more. Clinejection showed that external attackers can abuse that trust through prompt injection. The Copilot ads story shows that the platform itself might abuse it for commercial purposes.

Tools like Vet by Imbue exist specifically because this trust gap keeps widening. But a safety net for reviewing AI agent actions doesn’t solve the fundamental problem: if the tool provider’s incentives aren’t aligned with yours, no amount of monitoring fixes that.

The Competitive Angle: Who Wins When GitHub Loses Trust

This is where things get strategically interesting. The AI coding tool market in 2026 is crowded — Cursor, Claude Code, Cline, Windsurf, Codex — and the competitive dynamics are intense. Every one of these tools is fighting for developer trust. And trust, once lost, is almost impossible to rebuild.

GitHub Copilot’s advantage has always been distribution. It lives where developers already work. You don’t need to switch editors, learn a new CLI, or change your workflow. That’s powerful. But distribution is only an advantage as long as the platform doesn’t turn hostile. The moment developers feel like GitHub is using its position to shove ads into their code review workflow, that proximity becomes a liability.

Cursor and Claude Code don’t have this problem — not because they’re morally superior, but because their business model doesn’t depend on cross-selling an ecosystem of products. Cursor charges a subscription for an AI-enhanced editor. Claude Code charges for API usage. Neither has an incentive to inject promotional content into your work output. The incentive structure is simpler: make a good tool, charge for it, keep making it better.

The open-source alternatives are even more interesting in this context. Codeberg and self-hosted Forgejo instances are seeing increased interest not because they’re better products than GitHub — they’re not, in terms of features and polish — but because they offer something GitHub can no longer credibly promise: the certainty that the platform won’t modify your content for its own commercial benefit. That’s a remarkably low bar, and the fact that a Microsoft-owned platform is struggling to clear it says a lot about where things have gone.

There’s a broader lesson here for every company building AI-powered developer tools. The moment you use your AI’s write access to serve your business interests instead of the user’s explicit request, you’ve crossed a line. And in 2026, with developers hyper-aware of AI agent behavior and increasingly willing to switch tools, that line is a cliff.

GitHub hasn’t publicly responded to the incident as of this writing. The Hacker News thread has no visible comments from GitHub employees. The silence is its own kind of statement — and for the 576 developers who upvoted Zach Manson’s post, it’s being heard loud and clear.

Top AI Product

Leave a comment Cancel reply