Could GitHub Copilot be used as a form of supply chain attack?
As in, could you intentionally create public, vulnerable code that looks fine that then gets picked up and referenced in other projects?
Considering existing code already has vulnerabilities, some of which were used to train Copilot I think it's possible but not efficient in terms of success rate.
But if they continue to ignore license terms I can see someone create repos with intentionally Copilot-incompatible licenses and watermark it so they can prove the license terms were violated.
I think this is unlikely, especially in a targeted manner.