Shadow-KI · Risiko-Profil

GitHub Copilot.

von GitHub · coding · Geprüft April 19, 2026

Anbieter-Website

Base risk

2.8/ 5

LowMediumHighCritical

GitHub Copilot Individual and Pro tiers may use prompts and suggestions to improve the model; Copilot Business and Enterprise contractually exclude training and add IP indemnification, audit logs, and content filtering. Risk concentrates on copyright (suggestions occasionally reproduce GPL code verbatim) and on accidental disclosure of secrets in source files; both are reduced by Business+ tier filters.

Tier comparison

Same logo. Very different risks.

  • Free

    medium
    Trains on inputs
    Yes
    Retention
    0 days
    SSO
    No
    Admin controls
    No

  • Paid · consumer

    medium
    Trains on inputs
    Yes
    Retention
    0 days
    SSO
    No
    Admin controls
    No

  • Enterprise · team

    low
    Trains on inputs
    No
    Retention
    0 days
    SSO
    Yes
    Admin controls
    Yes

FAQ

Fragen zu GitHub Copilot.

Does Copilot leak secrets to GitHub?

Telemetry is disabled on Business+ tiers. On Individual, prompts are processed by Microsoft/OpenAI but suggestions are not retained. Use a secrets scanner to be sure.

What about the IP indemnity?

Copilot Business and Enterprise include indemnification against third-party copyright claims when the duplicate-code filter is enabled.

Shadow-KI auditieren

Ist GitHub Copilot in Ihrer Organisation aktiv
neben Tools, die die IT nicht kennt?

Führen Sie ein kostenloses 12-Minuten-Audit durch und gehen Sie mit einer importfertigen Sperrliste.

Kostenloses Audit startenMethodik

Buzzi.ai veröffentlicht Profile zu Informationszwecken. Validieren Sie Bedingungen stets mit dem Anbieter.