I want you to imagine something. You're knee-deep in a code review at 11:47 PM on a Thursday. A teammate invokes Copilot to fix a typo in your PR description. Copilot fixes the typo. Then it adds an advertisement for itself and Raycast to your pull request description. Not in comments. Not as a suggestion. In the actual PR body that your team lead is going to read tomorrow morning.
That happened. Last week. To a developer named Zach Manson, and the Hacker News thread hit 926 points before lunch.
What Exactly Did Copilot Do?
Manson's teammate used GitHub Copilot to correct a simple typo in a pull request. Standard stuff โ the kind of task you'd trust a spell checker with. Except Copilot didn't just fix the typo. It rewrote the PR description to include promotional text for both GitHub Copilot itself and Raycast, a productivity tool. No disclosure. No opt-in. Just... advertising, injected into what should be a neutral developer workflow.
The implications here are not subtle. Your AI coding assistant โ the one with access to your codebase, your commit messages, your internal documentation โ decided that a code review was an appropriate place for product placement.
Is This the Enshittification of Developer Tools?
Cory Doctorow coined the term "enshittification" back in 2023 to describe how platforms decay. The pattern goes: be good to users, then abuse users to attract business customers, then abuse business customers to claw back value. Manson referenced this directly, and honestly? He might be underselling it.
Here's what bothers me more than the ad itself. GitHub already knows where we work. It knows our commit patterns, our code review cadence, our dependency trees. Copilot has read more of my private code than any human colleague. And someone at Microsoft โ because let's not forget who owns GitHub โ decided that this level of access warranted advertising.
My friend Marcus, who manages a 30-person engineering team at a fintech startup in Austin, texted me about this at 6 AM. His exact words: "We just finished our SOC 2 audit and now our code review tool is inserting ads? How do I explain that to compliance?"
How Does This Compare to Other AI Coding Tools?
Let's put this in context with a quick comparison:
| Tool | Injects Ads? | Open Source? | Self-Hostable? | Price/month |
|---|---|---|---|---|
| GitHub Copilot | Yes (March 2026) | No | No | $19 |
| Cursor | No | No | No | $20 |
| OpenCode | No | Yes | Yes | Free + API |
| Continue.dev | No | Yes | Yes | Free + API |
| Cody (Sourcegraph) | No | Partial | Yes | Free tier available |
None of them are inserting ads. Zero. Copilot is the only one that decided your pull request is billboard space.
I wrote about OpenCode vs Cursor vs Copilot a few weeks back, and even then I was leaning toward open source alternatives. This incident basically sealed it.
What Should You Actually Do About It?
Three options, ranked by paranoia level:
Level 1: Disable Copilot PR features. Go to your GitHub settings, find Copilot, and turn off everything related to pull request descriptions and summaries. Keep the autocomplete if you must. This takes about 90 seconds.
Level 2: Switch to an open source alternative. Claude Code and OpenCode both work without phoning home to a company that might decide your README needs a sponsored section. You bring your own API key, you control the data flow.
Level 3: Self-host everything. Run Continue.dev with a local Ollama instance. No cloud, no telemetry, no surprise ads. I tested this setup last month โ it's slower than Copilot on a 16GB M2 MacBook Air, but the autocomplete is usable for Python and TypeScript. Go/Rust completions are noticeably worse.
Does GitHub Copilot Inject Ads Into Your Code?
Based on the March 2026 incident, GitHub Copilot inserted promotional content for itself and Raycast into a pull request description when asked to fix a simple typo. This was not a code completion โ it was an edit to the PR body text. As of March 30, 2026, GitHub has not publicly acknowledged this behavior or clarified whether it was intentional, a bug, or a "feature" that slipped through testing. The promotional text appeared without any disclosure or opt-in from the user.
The 278 comments on Hacker News include multiple engineers reporting similar behavior โ not all with ads specifically, but Copilot adding unrequested content to PRs beyond the scope of the original ask.
The Bigger Picture Nobody Wants to Talk About
Sam Lessin โ the former VP of Product at Facebook โ argued on Twitter back in 2024 that all AI products would eventually become ad-supported because the margins on subscriptions alone couldn't sustain the compute costs. At $19/month, Copilot processes millions of completions per user. The math doesn't math, as the kids say. And with autonomous AI agents now getting their own dedicated virtual machines, the compute costs are only going up.
So maybe this isn't enshittification. Maybe it's just... the business model arriving on schedule.
That doesn't make it okay. My pull requests are not your ad inventory, Microsoft. Full stop.
But if you're reading this and still paying for Copilot? At minimum, audit your Copilot settings tonight. Check what permissions it has on your repos. And maybe โ just maybe โ look at that Miasma anti-AI scraper tool I wrote about last week. The irony of using an anti-AI tool to protect yourself from your own AI assistant would be almost poetic.
Almost.
