While there is a serious legal issue here, there is another more serious issue. Namely that CoPilot definitely doesn't understand code. You can type the beginning of a function and it will return a body that seems relevant. And if the first thing it thinks is relevant is some malicious code (e.g. from a proof-of-concept exploit repo), then CoPilot has regurgitated code that could compromise one or more of your systems.
The obvious counter-argument is that CoPilot is an aid. But the kinds of bugs that actually matter are the bugs that most programmers can't spot (e.g. off-by-one errors). And CoPilot is just regurgitating whatever code seems relevant, whether it contains bugs or not. And there's a lot of deeply-buggy code on Github.
While there is a serious legal issue here, there is another more serious issue. Namely that CoPilot definitely doesn't understand code. You can type the beginning of a function and it will return a body that seems relevant. And if the first thing it thinks is relevant is some malicious code (e.g. from a proof-of-concept exploit repo), then CoPilot has regurgitated code that could compromise one or more of your systems.
The obvious counter-argument is that CoPilot is an aid. But the kinds of bugs that actually matter are the bugs that most programmers can't spot (e.g. off-by-one errors). And CoPilot is just regurgitating whatever code seems relevant, whether it contains bugs or not. And there's a lot of deeply-buggy code on Github.