🟡 Medium | Source: The Register — Security
Researchers have demonstrated a jailbreak technique against GitHub Copilot that bypasses its safety guardrails by embedding harmful instructions within code rather than natural language prompts. The flaw operates at the workflow level, meaning Copilot’s content filters can be circumvented by framing requests programmatically. This matters because organisations relying on Copilot’s built-in safeguards to prevent misuse may have a false sense of security.
Security Architect’s Take: Review your AI acceptable-use policies and do not treat Copilot’s built-in content filters as a sufficient control boundary — consider supplementing with code review tooling, output scanning, and developer awareness training around AI jailbreak risks.
Original advisory: GitHub Copilot: Sorry Dave, I can’t do that harmful thing - unless you ask me in code