Skip to main content

GitHub Copilot Bills Hit $800: Visual Studio’s June Update Adds Real-Time Usage Alerts and MCP Trust Checks

Microsoft’s June Stable Channel update for Visual Studio landed on two things developers have been asking for all year: A clearer view of what their Copilot habit actually costs, and a way to know whether an MCP server has quietly changed under the hood. Both features answer real pain points that surfaced in the past few months, not hypothetical ones.

The Billing Shock That Started It All

On June 1, GitHub moved every Copilot plan from premium request units to usage-based billing, calculated by token consumption rather than request count. Base plan prices didn’t change, but the way usage is metered did, and the shift meant users would be charged based on how many tokens they burn as they work, rather than a low flat rate per request.

The reaction was loud. Some developers reported their monthly bills climbing from around $29 to nearly $750, and other reports of heavy agentic users have their costs surging from $39 to over $800 a month. Whether that’s a fair reflection of what agentic coding actually costs to run, or a rug pull on users Microsoft had trained to use Copilot without thinking twice, depends on who you ask. Either way, the complaint developers kept repeating was the same: they couldn’t see it coming.

Visual Studio’s refreshed Copilot Usage window is a direct answer to that. It now shows real-time usage against the token-based model, with proactive alerts as you approach a limit, when you hit it, and when overage billing kicks in. The quota warning threshold is configurable, so teams can decide how much runway they want before the heads-up arrives. It’s a small UI change, but it’s the kind of visibility that should have shipped alongside the billing model itself.

“Token-based billing makes cost a runtime variable that scales with how aggressively teams run agentic workflows, and that moves spend variability inside the development toolchain itself,” said Mitch Ashley, VP and practice lead for software lifecycle engineering and AI-native software engineering at The Futurum Group. “AI dev tool providers owe their customers the same usage notifications and limits that the hyperscalers have had to put in place.”

Ashley points to a familiar precedent. “Engineering leaders now face the discipline cloud computing forced a decade ago: Budgets, alerts, and governance for metered consumption,” he said. “Teams that scale agentic development without real-time cost telemetry will learn their inference economics after the fact from an invoice.”

MCP Servers Now Get Checked Twice

The second headline feature is less about cost and more about trust. Model Context Protocol servers extend what Copilot can reach — files, APIs, internal tools — and that reach has become one of the more scrutinized parts of the AI coding stack this year. Security researchers have cataloged dozens of MCP-specific vulnerabilities across 2025 and 2026, including a critical OS command injection flaw in mcp-remote, an OAuth proxy with over 437,000 downloads used in integrations from Cloudflare, Hugging Face and Auth0. One of the recurring patterns researchers flag is what’s sometimes called a “rug pull”: a server passes review, gets trusted, and then behaves differently after deployment — new tools, new permissions, new instructions the agent will happily follow.

Visual Studio’s answer is a two-stage trust check that runs at startup. Before the MCP server process even starts, the current configuration is compared against a previously trusted baseline. After it starts, the fingerprint of its tools, prompts, resources, and instructions is compared against the last trusted version. If anything diverged, a dialog stops and asks you to review the changes before the server runs. You can accept and update the baseline, always trust the server going forward, or reject the changes and abort startup. First-time connections are implicitly trusted and set the initial baseline, and built-in or registry-controlled servers skip the prompt.

It’s not a full answer to MCP supply chain risk — sandboxing, least-privilege scoping, and audit logging still matter, and Visual Studio isn’t claiming to replace those. But catching silent changes to a server’s tools or instructions before they run is a meaningful gap to close, especially for teams that added MCP servers early and haven’t looked at them since.

The Smaller Stuff

Three other changes round out the release. The GitHub Copilot modernization agent for C++ is now generally available for MSVC upgrades — it analyzes a project, flags compatibility issues, and lays out an upgrade plan, either fully automated or step-by-step with review gates. Next edit suggestions now span the entire active file instead of just the area around your cursor, which matters more than it sounds like for anyone making a change that ripples through a file. And emojis render in full color everywhere Visual Studio shows text, which is cosmetic but consistent — what you see now matches what your teammates see.

Why This Update Matters

Taken together, the usage tracking and MCP trust checks suggest where Microsoft thinks the friction actually lies right now: Cost predictability and tool trust, not new features. Both problems trace back to the same root cause — Copilot has become an agentic platform that acts with real autonomy, and the guardrails around visibility and consent are still catching up to that shift. This update doesn’t close the gap. It’s a reasonable step toward it.



from DevOps.com https://ift.tt/nRLXoJi

Comments

Popular posts from this blog

Building a Security Feedback Process for DevOps

The last few years have seen some major slip-ups in the security space among all major cloud providers, resulting in uncertainty and speculation. That’s understanding; cloud security is an extremely complicated subject as enterprises build and deploy applications faster than ever before to keep up with business requirements. Most of the security issues that occur […] The post Building a Security Feedback Process for DevOps appeared first on DevOps.com . from DevOps.com http://bit.ly/2L1DS7t

Cloudbees Is A Launch Partner For Google Cloud Run As Product Goes Ga

Industry Leaders Collaborate to Offer Streamlined Deployment of Containerized Applications, Better Access to CloudBees Solutions on Google Cloud Platform Marketplace   GOOGLE CLOUD NEXT, LONDON AND SAN JOSE, CA. – November 20, 2019 – CloudBees, the enterprise DevOps leader powering the continuous economy, today announced an extension of its partnership with Google. As a Google […] The post Cloudbees Is A Launch Partner For Google Cloud Run As Product Goes Ga appeared first on DevOps.com . from DevOps.com https://ift.tt/2XuFTxc

Carbon-Aware DevOps: Turning CI/CD Pipelines Into Emissions-Controlled Workloads 

Turning continuous integration and continuous delivery (CI/CD) pipelines into emissions‑controlled workloads is a strategy businesses adopt to reduce the carbon footprint of their pipelines. This article examines how a Carbon-Aware DevOps strategy can help optimize CI/CD pipelines for sustainability by reducing their carbon footprint while also decreasing costs and meeting the increasing demand for innovative, eco-friendly solutions.   Understanding the Problem   Today’s organizations take advantage of CI/CD pipelines to streamline and accelerate their software delivery. However, these CI/CD pipelines can become a hindrance to sustainability because of the resources required to create, build, test and ultimately deploy software into production.   Typically, CI/CD pipelines run tens of thousands of automated builds, tests and deployments daily, thereby consuming significant compute and energy resources. If you don’t take the steps necessary to reduce the emissions generated by these ...