GitHub Copilot remains the most widely adopted AI coding assistant. Its evolution from autocomplete tool to full agent platform — with coding agents, agent mode, and multi-model support — has kept it firmly in the Adopt ring.
Architecture Deep Dive → GitHub Copilot Architecture Breakdown — three-tier client/proxy/LLM architecture, hybrid RAG retrieval strategy, multi-model routing, and how the coding agent differs from the inline completion engine.
Why It's in Adopt
Copilot's 2025–2026 evolution has been significant:
- Copilot Coding Agent: Assign Copilot to a GitHub issue and it creates a PR autonomously in a sandboxed cloud environment. This absorbed the earlier "Copilot Workspace" concept.
- Agent mode in VS Code: Multi-step agentic tasks directly in the editor — file edits, terminal commands, and iteration loops.
- Multi-model support: Copilot now uses both OpenAI and Anthropic Claude models, selecting the best model for the task.
- Copilot Extensions: Third-party integrations that extend Copilot's capabilities.
- Inline completions: The original feature — still excellent, still the reason most developers start using Copilot.
Pricing (as of March 2026)
| Plan | Price | Key features |
|---|---|---|
| Free | $0 | Limited completions and chat |
| Individual | $10/month | Full completions, chat, agent mode |
| Business | $19/month/seat | Organization policies, SSO, audit logs |
| Enterprise | $39/month/seat | Fine-tuned models, knowledge bases |
Security Considerations
AI-generated code frequently introduces vulnerabilities that traditional scanners miss — Veracode's 2025 report and CodeRabbit's 2025 data (1.57x more security findings in AI-coauthored PRs) both confirm this. Copilot's popularity means this is a significant surface area for many teams. Copilot's own Security Review feature (added October 2025) partially addresses this: the coding agent now runs CodeQL analysis, dependency scanning, and secret scanning on its own output before opening PRs. But it's still maturing — early versions primarily caught low-severity style issues, and LLM-only review without deterministic tools has documented blind spots for SQLi, XSS, and insecure deserialization.
Recommended: treat Copilot's security review as a floor, not a ceiling. Layer it with a dedicated SAST tool (Semgrep, CodeQL, Snyk Code) for security-sensitive changes. See the Security radar for detailed assessments.
When NOT to Use Copilot
- You need the strongest autonomous coding performance. Copilot's coding agent is good but trails Claude Code (80.8% SWE-bench) on complex, multi-file tasks. For tasks where first-attempt success rate matters most, Claude Code or Codex may be better choices.
- You're on GitLab or Bitbucket. Copilot's agent features are deeply integrated with GitHub. The IDE extensions work elsewhere, but the coding agent and PR workflows don't.
- You want to control your model routing. While Copilot offers multi-model support, GitHub decides the default routing. For teams that need guaranteed model selection per-task (e.g., always use Claude Opus for security reviews), Cursor or Claude Code offer more control.
- Cost sensitivity on large teams. At $39/seat/month for Enterprise across 500 engineers, that's $234K/year. If most of your team uses completions (not agent mode), the $10/month Individual plan covers the primary use case at a fraction of the cost.
Key Characteristics
| Property | Value |
|---|---|
| IDE support | VS Code, JetBrains, Visual Studio, Neovim, Xcode |
| Underlying models | OpenAI (GPT-5.4, GPT-5, GPT-4.1, o3-mini) + Anthropic (Claude Opus 4.6, Sonnet 4.6, Haiku 4.5) + Google (Gemini 3.1 Pro, 3 Flash) + xAI (Grok 4.1 Fast, experimental) |
| Agent features | Coding Agent (cloud), Agent Mode (local) |
| Provider | GitHub (Microsoft) |
| Website | github.com/features/copilot |
| Docs | docs.github.com/copilot |