7.2.1. Duplication Detection and Security Warnings
💡 First Principle: These safeguards are the proxy's outbound post-processing (Phase 4) exposed as toggles: the duplication-detection filter suppresses suggestions matching public code, and vulnerability/security warnings flag or block insecure patterns — both reducing risk before suggestions reach you.
Two safeguards to know precisely:
- Duplication detection (suggestions matching public code) — when enabled, this filter blocks or flags suggestions that match publicly available code, reducing IP and licensing risk. It's a configurable policy controlled by admins, not an always-on absolute. On Business/Enterprise, enabling it is also the condition for IP indemnity.
- Security warnings / vulnerability filtering — Copilot can block or warn on insecure patterns (hardcoded credentials, injection-prone code) in real time, as part of post-processing. Related capabilities like Autofix help explain and fix vulnerabilities, though built-in filtering is not a substitute for independent review.
| Safeguard | What it does | Who controls it |
|---|---|---|
| Public-code matching filter | Suppresses/flags suggestions matching public code | Admin policy (org/enterprise) |
| Vulnerability/security warnings | Blocks or warns on insecure patterns | Built-in post-processing |
| Content exclusions | Keeps files out of context entirely | Repo/org admins |
💡 Key Point: Duplication detection is opt-in policy, not a default guarantee — and on Business/Enterprise it's the prerequisite for IP indemnity. That linkage is a favorite exam detail.
⚠️ Exam Trap: "Duplication detection automatically blocks all matching code by default" is wrong on two counts: it must be enabled (admin policy), and even enabled, it's a filter that suppresses/flags rather than a perfect guarantee.
Reflection Question: What does the public-code matching filter do, who enables it, and why does its status matter for IP indemnity on Business and Enterprise plans?