GitHub Copilot
GitHub's AI coding assistant with inline completions, chat, code review, and agent mode across VS Code, JetBrains, Visual Studio, Neovim, GitHub.com, and the CLI.
Independent assessment across data handling, compliance, security and transparency.
Overview
GitHub Copilot is the developer-facing coding assistant from GitHub (Microsoft), offering inline completions, Copilot Chat, code review, Copilot Workspace, and multi-model choice including GPT-5, Claude Opus 4.7, and Gemini. Deep integration with pull requests, issues, and the GitHub Actions runtime makes it the default enterprise code assistant. Sold in Free, Pro, Pro+, Business, and Enterprise tiers. Business and Enterprise are in scope for GitHub's SOC 2 and ISO 27001 programs and contractually exclude customer interactions from model training. As of April 24, 2026, Free/Pro/Pro+ individual tiers use interaction data for model training on an opt-out basis, creating a notable split between consumer and commercial tiers.
Risk factors
3- Self-hosted option available for enterprise
- Strong enterprise controls and security features
- Minimal data access with user consent
Recommendations
8- Provision all developers via Copilot Business or Enterprise under the corporate GitHub org; retire individual seats for work
- Enforce SSO/SCIM on the GitHub Enterprise Cloud tenant and block personal accounts on managed devices
- Enable the duplicate-code detection/filter in admin policy to suppress suggestions matching public code
- Turn on content exclusions (copilot-ignore / content_exclusions) to keep secrets directories and sensitive repos out of context
- Require code review and branch protection on any Copilot-authored PR; prohibit Copilot agent auto-merge
- Allowlist MCP servers and Copilot extensions centrally; block arbitrary user-installed ones in enterprise policy
- Scan Copilot output and committed code with existing SAST, secret-scanning, and SCA pipelines — not a Copilot-only review
- Train developers not to paste secrets, customer PII, or production data into Chat, even on Business/Enterprise
Data handling
- Storage
- Prompts and suggestions are processed by GitHub and its model providers (OpenAI/Microsoft, Anthropic, Google). Enterprise data follows GitHub's existing data residency options where available; no customer code is stored server-side for suggestions.
- Retention
- Business/Enterprise: prompts, suggestions, and context are retained transiently for abuse monitoring per the GitHub DPA. Chat transcripts are retained up to 28 days for Business/Enterprise. Individual tiers retain interactions longer for model-improvement purposes.
- Training on inputs
- GitHub does not use Copilot Business or Enterprise prompts, suggestions, or code snippets to train foundation models. As of April 24, 2026, Copilot Free/Pro/Pro+ interactions are used for training on an opt-out basis.
More Code Assistants tools
See all →Adrenaline AI
AI debugger that explains and fixes code errors.
Aider
Open-source AI pair programming tool that works in your terminal.
Aixcoder
AI-powered code completion tool for enterprise development.
Amazon Q Developer
AI coding assistant by AWS for building on Amazon cloud.
Anima AI
AI design-to-code platform for converting Figma to React.
Applitools
AI-powered visual testing and monitoring platform.