The less overt version of that is to figure out what mistakes copilot already makes (either things that are common in tutorials but not good in production, or things that are outdated, like hashing passwords with md5), and then systematically looking for software that includes such copilot suggestions.
Is there a technique to scan for software that includes copilot suggestions? Or is this just theoretical? Sounds impossible given MS/GH's monopoly on access to the model input data.
Probably not, but I can imagine something similar to hijacking a popular library and publishing a new version that opens a certain port and waits for instructions. All a malicious actor needs to do is increase the amount of exposed servers to be caught while they later scan the internet for anyone with that port open.
