1. GitHub Copilot API Security Audit: Cross-Client Data Leakage & Permission Flaws Exposed
A critical security audit is targeting the GitHub Copilot API surface, including its REST endpoints and MCP platform tools. The core focus is a dangerous pattern of cross-client data leakage and permission enforcement failures. The investigation was triggered by the auth-model unification effort (Waves 1–2C), which, du...