[nullc]

I wonder how long until state actors realize that copilot would be a perfect vector for getting developers to introduce subtle vulnerabilities into their own projects?

By its very structure it's output always looks credible, and it's not always right-- it wouldn't be a sign of foul play if copilot suggested some code that looked just right but happened to backdoor your cryptosystem or protocol.

Maybe it would be a little tricky to get it to produce NOBUS vulnerabilities that were credible mistakes, but if the target isn't OSS then nobus isn't really that important.