Microsoft Caught Sneaking "Co-Authored-By Copilot" Into VS Code Commits - Even with AI Off

The controversy began when a Microsoft product manager quietly introduced a “Co‑Authored‑by Copilot” line into the Git commit metadata of Visual Studio Code. The modification was approved by a principal engineer without any release notes, and it landed in the codebase instantly. Developers who had explicitly disabled Copilot discovered their commits were still labeled as AI‑generated, prompting an outpouring of criticism on GitHub and Hacker News. The rapid community response forced Microsoft to acknowledge the mistake, with engineer Dmitriy Vasyura pledging to roll back the setting in the upcoming 1.119 release.

Beyond the immediate backlash, the episode raises serious questions about how software vendors track and report AI usage. By automatically tagging commits, Microsoft could inadvertently—or deliberately—inflate Copilot’s activity metrics, a practice that would mislead investors and product teams alike. More importantly, the hidden attribution creates potential copyright liabilities; organizations that enforce strict AI policies may find themselves unintentionally violating internal guidelines or external regulations. Legal teams are now scrutinizing whether such metadata could be considered a form of undisclosed data processing under emerging AI governance frameworks.

For the broader tech industry, the incident underscores the need for transparent AI governance and robust internal review processes. Companies deploying AI‑assisted tools must ensure that telemetry and attribution mechanisms respect user settings and compliance requirements. As enterprises increasingly adopt AI‑enhanced development environments, trust hinges on clear communication about what data is collected and how it is used. Microsoft’s swift reversal signals a growing awareness that opaque AI features can erode developer confidence and invite regulatory scrutiny.