There are ongoing complaints on forums that Microsoft’s Copilot AI service appears to act independently: even when disabled, it continues to activate. This issue is particularly noticeable in Visual Studio Code, where the assistant launches in workspaces without clear permission.
One developer, known online as rektbuildr, shared that he had restricted Copilot’s access to specific VSCode windows to protect confidential code from his private repositories. Despite these limitations, the assistant spontaneously activated in all open windows, raising concerns about the security of sensitive files.
“Today, Copilot spontaneously turned on in all open VSCode windows without my consent. I have agent mode enabled, so now you may have copies of all the files with keys, YAML secrets, certificates, etc. This is not normal,” wrote rektbuildr.
Previously, another user shared a similar experience. In his case, the Copilot service was disabled via Group Policy Objects (GPO), yet the assistant continued to run. Microsoft has not officially responded but reportedly assigned an employee to investigate the issue.
Concerns Around Security and Privacy
Some IT specialists have pointed out that Microsoft recently modified how Copilot launches in Windows 11. A simple shutdown is no longer enough to disable it fully. Users now need to use PowerShell commands and block the service from reinstalling through AppLocker for complete deactivation, adds NIX Solutions.
This development has reignited concern among users about related features, such as the controversial Recall function and Copilot Vision, which allow AI to access a broad scope of activity on a user’s PC. Many fear that these tools might overstep boundaries when it comes to privacy and data control.
We’ll keep you updated as more information becomes available and as Microsoft addresses these issues. The ongoing discussions show a clear need for transparency and better user control over AI-based tools like Copilot, especially in development environments where data sensitivity is high.