AI Tooling, Code Review, and Threat Analysis #47

TaeyoungPark

June 14, 2026 — 2 min read

Today's Letter

GitHub, Copilot code review adds org-level controls
Microsoft Research, Project Ire flags LOTUSLITE variant

GitHub, Copilot code review adds org-level controls

GitHub updated Copilot code review with organization-level runner controls, content exclusion support, and removal of custom instruction length limits
Copilot code review runs on GitHub Actions, and organizations can now set a default runner type across all repositories instead of configuring each repository separately
Organization admins can lock the runner setting so the organization default overrides repository-level runner configuration
The runner configuration applies to both Copilot code review and Copilot cloud agent when both features are enabled
Copilot code review now respects repository, organization, and enterprise Copilot content exclusion settings for specified files and directories
Repository administrators can define excluded paths with path-based rules to keep irrelevant or restricted content out of review context
GitHub also removed the previous 4000-character limit for copilot-instructions.md and .github/*.instructions.md files used by code review
The changes were published in the GitHub Changelog on 2026-06-12 as part of the Copilot code review agentic architecture rollout

Source: github.blog

Microsoft Research, Project Ire flags LOTUSLITE variant

Microsoft Research said Project Ire identified another LOTUSLITE specimen in a Windows DLL backdoor sample.
The SHA-256 sample was not included in Acronis TRU's published IOC list for the LOTUSLITE family.
Ire generated a function-by-function behavioral report, covering install flow, C2 packet layout, command IDs, persistence, and obfuscation.
Microsoft said the analysis matched Acronis's public LOTUSLITE write-up without origin metadata, telemetry, or analyst prompting.
VirusTotal showed 1 of 72 vendors detecting the sample on May 28, 2026, rising to 7 of 70 by June 4.
Major EDR products including CrowdStrike Falcon, SentinelOne, Sophos, Trellix, Palo Alto, and ESET still did not flag it as malware.
Microsoft positioned Ire as an agentic reverse-engineering system aimed at catching variants that share TTPs but not known IOC hashes.

Source: microsoft.com
More: startuphub.ai

Jocoletter curates AI, software, and product trends for developers and builders.

#GitHub #Microsoft

Subscribe to Jocoletter

Anthropic results and NVIDIA training guide #55

Today's Letter 1. Anthropic, Project Fetch Phase Two results published 2. NVIDIA, Low-Precision Transformer Training Guide Anthropic, Project Fetch Phase Two results published * Anthropic published Phase Two results for Project Fetch on June 18, 2026, testing Claude Opus 4.7 on robodog setup and autonomy tasks first run

Agent Infrastructure and Copilot Metrics #54

Today's Letter 1. GitHub adds per-user AI credit metrics to Copilot API 2. AWS, Web Search for Bedrock AgentCore GA GitHub adds per-user AI credit metrics to Copilot API * GitHub added an `ai_credits_used` field to the Copilot usage metrics API for per-user AI credit consumption tracking

Agent deployment, Copilot model shifts, enterprise controls #53

Today's Letter 1. Cloudflare, temporary accounts for agent deployments 2. GitHub Copilot, Opus 4.6 (fast) retirement set for June 29 3. AWS, SageMaker inference metrics on CloudWatch 4. OpenAI adds ChatGPT Enterprise usage analytics and spend controls Cloudflare, temporary accounts for agent deployments * Cloudflare introduced Temporary Cloudflare

Agent Stack, Copilot, and Async Inference #52

Today's Letter 1. GitHub Copilot, context handling and Auto routing update 2. AWS, SageMaker Async Inference adds inline payloads 3. Vercel, Agent Stack and eve unveiled 4. Hugging Face, agentic tooling benchmark for open models published GitHub Copilot, context handling and Auto routing update * GitHub published a June