The Hacker News AI Security ยท July 8, 2026

GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code

Why it matters

An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a new study of GitHub Copilot by researchers Abhishek Kumar and Carsten Maple. The models they tested throu

My takeaway: GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code is an agent-security signal. The practical read is that autonomy, memory, tool permissions, and third-party integrations are the control surface that needs threat modeling and monitoring.