Skip to content

Security FAQs

Does Copilot use my data to train it's model?

No, GitHub uses neither Copilot Business nor Enterprise data to train its models.

How do I know that Copilot isn't introducing vulnerabilities with it's suggested code?

Just as any developer might inadvertently introduce vulnerabilities into a codebase, Copilot's suggestions have the potential to as well. This is why part of utilizing the tool properly includes fully understanding the suggestions it provides, rather than blindly accepting them. Even the most trusted senior developer shouldn't subvert the review/PR process and that same principle applies to Copilot. If Copilot does introduce vulnerable code into the main codebase, then there's likely an issue with the fundamental review or CI processes that should be reexamined to prevent any one entity from being able to introduce vulnerabilities.