Every developer knows this pain: you open an issue, and before you can write a single line of code, you’re hunting. You’re digging through old pull requests, searching for that design doc from three months ago, trying to remember which file has the security guidelines.

That hunting phase? It takes forever. And it’s not even the actual work. And even if you want to bring AI into the picture, GitHub Copilot still needs the same thing you do: context. Without it, you get generic answers that don’t understand your codebase.

GitHub Copilot Spaces fixes that.

Spaces gives GitHub Copilot the project knowledge it needs—files, pull requests, issues, repos—so its responses are grounded in your actual code, not guesses.

Are you a visual learner? Watch the full demo below. 👇

How to debug issues with spaces:

1. Start with an issue

A contributor opened an issue reporting an unsafe usage of check_call in your project.

As a maintainer, you might not know the best way to fix it immediately. On your own, you’d start by searching the repo, checking past pull requests, and combing through security guidelines just to figure out where to begin.

With Spaces, you don’t have to do that manually. Create a space, add the issue and the key files or docs, and let Copilot reason across everything at once.

2. Create a space for your project

Inside the space, add:

• Design patterns (e.g., /docs/security/check-patterns.md, /docs/design/architecture-overview.md)
• Security guidelines
• Accessibility recommendations
• The entire repository (for broad coverage) or a curated set of the most relevant files for your specific use case. Spaces work best when you’re intentional about what you include.
• The URL to the issue itself

3. Add Instructions for Copilot

Each space includes an Instructions panel. This is where you tell Copilot how you want it to work inside your project.

Here are some example instructions that will help with our task at hand: 

You are an experienced engineer working on this codebase.
Always ground your answers in the linked docs and sources in this space.
Before writing code, produce a 3–5 step plan that includes:
  - The goal
  - The approach
  - The execution steps
Cite the exact files that justify your recommendations.
After I approve a plan, use the Copilot coding agent to propose a PR.

These instructions keep Copilot consistent. It won’t hallucinate patterns that don’t exist in your repo because you’ve told it to cite its sources.

4. Ask Copilot to debug the issue

With everything set up, ask Copilot: “Help me debug this issue.”

Copilot already knows which issue you mean because it’s linked to the space. It parses through all the sources, then returns a clear plan:

Goal: Fix unsafe usage of runBinaryCheck to ensure input paths are validated.

Approach:

1. Search the repo for usages of runBinaryCheck
2. Compare each usage to the safe pattern in the security docs
3. Identify the required refactor
4. Prepare a diff for each file with unsafe usage

This isn’t a generic LLM answer. It’s grounded in the actual project context.

5. Generate the pull request

Once you approve the plan, tell Copilot: “Propose code changes using Copilot coding agent.”

The agent generates a pull request with:

• The before version and the after version
• An explanation of what changed
• References to the exact files that informed the fix
• The instructions that guided its choices

Every file in the pull request shows which source informed the suggestion. You can audit the reasoning before you merge.

6. Iterate if you need to

Not happy with something? Mention @copilot in the pull request comments to iterate on the existing pull request, or go back to the space to generate a fresh one. Keep working with Copilot until you get exactly what you need.

7. Share your space with your team

Spaces are private by default. But you can share them with specific individuals, your entire team, or your whole organization (if admins allow it).

Enterprise admins control who can share what, so you stay aligned with your company’s security policies.

Use GitHub Copilot Spaces from your IDE

Spaces are now available in your IDE via the GitHub MCP Server.

Install the MCP server, and you can call your spaces directly from your editor. Same curated context, same grounded answers, but right where you’re already working.

Being able to call a space from the IDE has been a game changer for me. It lets me stay focused without switching between the browser and my editor, which cuts out a ton of friction in debugging.

Coming soon

Here’s what’s on the roadmap:

• Public API
• Image support 
• Additional file types like doc/docx and PDFs

Three ways teams are using spaces right now

1. Code generation and debugging. Use spaces with Copilot coding agent to generate pull requests aligned with your patterns, security rules, and architecture.

2. Planning features. Link issues, design docs, and repos to plan features and draft requirements. Ask Copilot for a technical plan and it generates a pull request.

3. Knowledge sharing and onboarding. Spaces become living knowledge bases. New engineers onboard faster. Existing engineers stop answering the same questions repeatedly.

Try it on your next issue

Here’s my challenge to you:

1. Create a GitHub Copilot Space.
2. Add one issue and three to four key files.
3. Add simple instructions.
4. Ask Copilot to analyze the issue and propose a debugging plan.
5. Approve the plan.
6. Trigger the coding agent to generate a pull request.

You’ll see exactly how much time you save when Copilot actually knows your project. Your AI assistant should never lack the right context. That’s what spaces are for. 

The post How to use GitHub Copilot Spaces to debug issues faster appeared first on The GitHub Blog.

Today, we’re rolling out Gemini 3 Deep Think mode to Google AI Ultra subscribers in the Gemini app. This new mode delivers a meaningful improvement in reasoning capabili…

Microsoft has been publishing data about the gender, race, and ethnic breakdown of its employees for more than a decade. Since 2019 it's been publishing a full diversity and inclusion report annually, and at the same time made reporting on diversity a requirement for employee performance reviews.

Now it's scrapping its diversity report and dropping diversity and inclusion as a companywide core priority for performance reviews, just months after President Donald Trump issued an executive order to try and eradicate workforce diversity, equity, and inclusion (DEI) initiatives.

Game File reported last week that Microsoft will cease publicati …

Read the full story at The Verge.

Amazon has finally given a release date for its new Kindle Scribe Colorsoft and Kindle Scribe: They’ll be available to purchase starting on December 10th, Amazon spokesperson Rachel Erickson tells The Verge. They’ll cost the same as what Amazon announced back in September: $629.99 for the Colorsoft and $499.99 for the Scribe, which includes a front light. The company won’t be taking preorders. 

Amazon’s updated Scribes have larger 11-inch screens, weigh 400 grams, and are 5.4mm thin (which is thinner than an iPhone Air). The screens use a “new texture-molded glass to improve the friction when the pen glides across the screen,” according to Amazon, and the versions with front lighting have a new system that uses miniaturized LEDs. The updated Scribes also come with a new pen with stronger magnets for snapping to the side of the device.

However, the more affordable $429.99 Scribe without a front light won’t be available on December 10th; that’s still set to launch sometime in 2026.

The Deputy CISO blog series is where Microsoft  Deputy Chief Information Security Officers (CISOs) share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start (and stop) deploying, forward-looking commentary on where the industry is going, and more. In this article, Damon Becknel, Vice President and Deputy CISO for Regulated Industries at Microsoft, outlines four things to prioritize doing now.

When a particularly damaging online cyberattack is successfully carried out in a novel way, it makes the news. In a way, that’s good: everyone knows there’s a new cyberthreat out there. The problem is that most successful online cyberattacks are far more mundane and far more preventable, but they’re not being stopped. They’re also not being covered by the media, so it’s easy to imagine that they’ve simply gone away. They haven’t. There are multiple established best practices and low-cost solutions that address the majority of these cyberattacks, but a lot of people out there simply haven’t implemented them. Instead, we all too often see people making the same bad security decisions that open them up to cyberattacks. While there is no recipe for guaranteed success, there are recipes for guaranteed failure. Our goal needs to be to stop making it easy for the cyberattacker and to instead make it as expensive as feasible for the cyberattacker to achieve success. 

On a basic level, there are four things everyone needs to prioritize right now. None of these will shock you, but it’s important to understand that we see these patterns all too often in struggling organizations. Here’s what you have to do:  

• Prioritize essential cyber hygiene basics.

• Prioritize modern security standards, products, and protocols.

• Prioritize fingerprinting to identify bad actors. 

• Prioritize collaboration and learning,

Prioritize essential cyber hygiene basics

Don’t forget the basics. Just because a product isn’t new doesn’t mean it isn’t necessary. Just because a technology isn’t making headlines doesn’t mean it isn’t mission critical. Here are a few basics folks should start doing now:

• Keep an accurate network inventory. A solid inventory of all assets (including software, cloud applications, and hardware) helps ensure comprehensive security management. This is the most fundamental requirement as you can’t protect what you don’t know about. Work with your finance and contracting teams to make sure that you have a firm understanding of all IT capabilities in your environment, as departments may inadvertently purchase capabilities that fall into blinds spots of your monitoring. 

• Use network segmentation on your internal networks and enforce traffic patterns to prevent unexpected or unwanted network traffic. Very little traffic needs to be permitted from one workstation to another. Direct access to production systems and key databases should be infeasible. Force that traffic through a jump box instead. 

• Block unnecessary IP addresses from accessing your public-facing systems. Block Tor nodes, implement country blocks, and block other known cyberattacker spaces to restrict the problem space. 

• Maintain effective logging and monitoring. The better your logs and monitoring, the better you’ll be able to detect issues in a timely manner. Shoot to keep a year’s worth of data in order to facilitate better detection development and incident response. Make sure that all needed data elements are present in a machine-readable fashion and include events from successful or allowed and failed or blocked activities. Also, find and enforce correlating data elements to enable linking multiple data sources for the same events.  

• Use a virtual private network (VPN). VPNs help to remove direct access from the Internet and simplify network blocking infrastructure by forcing users to a known, good location. This makes it easier to patch and secure your network. Be aware that real-time streaming content like voice and video may need a more direct path. 

• Implement basic identity hardening everywhere. Use elevated accounts sparingly. Your everyday account for productivity should not be an administrative account on your machine; rather, leverage a separate credential for when administrative tasks are needed. Also, ensure that every human account has multifactor authentication (MFA) enforced. Phishing-resistant multifactor authentication like YubiKeys or Passkeys significantly reduce the risk of unauthorized access and protects against the vast majority of identity-based attacks. Avoid utilizing MFA factors that use SMS and email one-time passwords (OTP), as well as simple time-based one-time passwords applications, as these are easily subverted by cyberattackers.  

• Patch everything in a timely manner. Security patching keeps systems current, protects against exploits, and helps ensure resilience against emerging cyberthreats. Environments of any scale will need some help through a patch management solution. Don’t forget that network appliances and auxiliary devices require patching as well. Leverage the inventory from above to ensure that everything is being addressed. 

• Have basic endpoint security tooling. At the very least, some kind of endpoint detection and response (EDR) solution should be enabled. You also need to make use of full drive encryption in order protect local data and prevent unauthorized offline tampering of system files. And make sure that you have some tooling to allow for software inventorying and patching. Finally, configure a host-based firewall to prevent lateral movement between workstations and block most, if not all, incoming connections. 

• Proxy all web traffic and use an email security gateway. The vast majority of cyberattacks begin with email messages or web pages. Modest investments in these capabilities will have high pay off in lowering the probability of successful cyberattacks. Enforce the use of the web proxy by only allowing web traffic via the proxy and blocking everything else. This helps to simplify access control lists (ACLs) as well. 

If you’re looking for the next step beyond the basics, you’ll want to look into data loss prevention (DLP), web proxies, and mail proxies. DLP solutions allow for the creation of policy-based enforcement and automated actions. You can use these to automatically block access to sensitive data or encrypt emails containing confidential information. Web and mail proxies analyze HTTP/S and SMTP traffic to detect malware, phishing, and sensitive data patterns. They can be used to block or quarantine suspicious content before it reaches your users or leaves the network.  

Prioritize modern security standards, products, and protocols

Stop hanging on to old software and protocols. There are times when this can feel bad for business. When your organization’s customers or partners use old technology, it can be tempting to carve out an exemption for them in your otherwise modern security practices. It’s important to evict deprecated technologies, dated installations, and poorly maintained software. There are a few specific technologies that present this kind of elevated risk:

Nowhere is this more crucial than in authentication. Username-and-password has long since been dead. If this is the method you are using for authentication, then I fear for your security. MFA has long since been the best method of authentication, and it has evolved over time. While one-time passwords were widely considered the most scalable and easiest for users, recent cyberthreat activity has demonstrated the theoretical perils that have long been hypothesized; email and text messages should not be considered secure. The key to today’s threat landscape is ensuring the use of phishing-resistant MFA. Of the choices in this class, passkey is the easiest in terms of user experience and offers the ability to eliminate the password altogether. Passkey technology has been available for several years. Mobile devices now offer native integration for using passkey authentication, though far too few authentication services offer it as an option.

Non-secure DNS opens you up to a world of hurt. For one, cyberattackers can insert corrupted DNS data into the cache of a DNS resolver through DNS spoofing, making it return incorrect IP addresses that redirect users to malicious sites without their knowledge. Non-secure DNS also leaves organizations more vulnerable to distributed denial of service (DDoS) attacks and can lead to easier data exfiltration. Implement DNS security extensions, DNS filtering and blocking, monitor and log DNS traffic, and configure DNS servers securely to help minimize these risks. 

Simple Mail Transfer Protocol (SMTP) vulnerabilities: SMTP open relays allow users to send emails without authentication, which increases server vulnerability. Misconfigured servers allow for unauthorized access and sharing of sensitive data. SMTP servers can also be used to send phishing emails or to spoof trusted domains. And because SMTP offers no native encryption, emails sent via SMTP servers are more vulnerable to interception.

Exchange Web Services (EWS): Microsoft is very actively deprecating EWS dependencies across all of its products. This includes Microsoft Office, Outlook, Microsoft Teams, Dynamics 365 and more. Work is also underway to close the remaining parity gaps between EWS and Microsoft Graph affecting specific scenarios for third party applications. If you haven’t yet identified your active EWS applications and started their migration, it’s time to do so. Many application scenarios are already supported by direct mappings between EWS operations and Graph APIs.

Border Gateway Protocol (BGP) best practices need to be updated. BGP is designed to exchange routing information between autonomous systems. Notably, BGP also natively provides little security, and when it isn’t managed securely it leaves organizations open to route hijacking—allowing for data to be exfiltrated by directing it through the cyberattacker’s network mid-stream. Outdated BGP versions also lack modern authentication and can be made vulnerable to denial-of-service attacks. A good place to start would be reading up on the BGP best practices from NIST and the NSA.

Use Domain-based Message Authentication, Reporting, and Conformance (DMARC) and enable blocking. This is an email authentication protocol designed to protect your domains from being used in phishing, spoofing, and other unauthorized uses. Setting up blocking within DMARC is a fairly simple process that enables an enforcement mode capable of actively preventing unauthenticated or spoofed emails from reaching recipients. The challenge is making sure you’ve found, validated, and enrolled all authorized senders.

Prioritize fingerprinting to identify bad actors

Nearly everyone knows to avoid a suspicious address when they see one. It is relatively common practice to block IP network blocks or entire autonomous system numbers that are commonly used by threat actors. However, cyberattackers have adapted to using IP address space that is much more likely to contain legitimate user traffic, making the practice of blocking on IP address alone less useful. It’s also important to understand that these cyberattackers can move through endpoints in ways that make them appear to be legitimate users interacting with systems from expected geographical locations. Account Take Over (ATO) gives cyberattackers the appearance of a legitimate persona with seemingly valid historical activity. Infrastructure compromises and freely available proxies and VPNs allow cyberattackers to appear from nearly any geographic region. Botnets and other machine compromises can even let cyberattackers borrow time on actual user machines. The first two tactics are increasingly common, while the latter makes it difficult for the cyberattacker to achieve scale.

Organizations should pivot to creating and tracking unique identifiers for networks, browsers, devices, and users. This is fingerprinting, and it works in much the same way that its real-world namesake does. Fingerprinting helps you quickly identify known good and bad actors via machine specific identifiers that are hard to fake. Each user should match up with their specific profile on their specific browser and their specific machine. Using fingerprinting as a primary key in correlating user traffic allows for easy identification of questionable activity. Either the user is working from a very popular public machine, like a library or community center computer, or someone is using a machine to transact across a number of user personas. The former can be identified and tracked, while the latter should be blocked. Without a solution like this in place, it is going to get harder to verify user identities.

Because fingerprinting involves multiple factors, it can be used to generate known good fingerprints, known bad fingerprints, and fingerprints that fall somewhere in the middle. This helps companies create flexible detection methods that meet their specific needs. Fingerprints that fall between known good and known bad can be indicators of changes in user behavior that should be looked into—like login attempts across multiple devices or in unusual geographic locations. The best practice in these scenarios is to consider the fingerprint information along with data on the ISP of origin, means of connection, and the user’s access patterns to adjudicate a security action.

There are many types of fingerprinting, and they may already be available features of your existing solutions. Azure Front Door has integrated some fingerprinting into its offering. Note that different solutions have strengths and weaknesses, and teams may find value in deploying multiple fingerprinting solutions.

Prioritize collaboration and learning

Rather than staying quiet about the cyberthreats your organization is facing, it’s better to find ways to collaborate. Talk more openly about the incidents and failures you’ve faced, share threat intelligence more broadly, and you’ll find that you and the organizations that you work with all stand to benefit.

That’s part of why Microsoft participates in multiple major security conferences as well as the Analysis and Resilience Center for Systemic Risk (ARC), the Financial Services Information Sharing and Analysis Center (FSISAC), the Health Information Sharing and Analysis Center (HISAC), and the Trusted Information Security Assessment Exchange (TISAC). Microsoft also recently joined the Global Anti-Scam Alliance (GASA) as a Foundation Member. By granting its knowledge and expertise to an organization dedicated to protecting consumers from scams of all kinds, Microsoft hopes to both share and gain new insights into the activities of threat actors all over the world. Sharing threat intelligence allows organizations to provide real-time updates on emerging cyberthreats, indicators of compromise, and malicious activities. In return, they also gain similar insights, enhancing their detection capabilities. This enables organizations to gain a more comprehensive understanding of the cyberthreat landscape and consequently to detect and respond to a broader range of cyberthreats within their own environments faster.

Establishing a solid security foundation should be a top priority for any organization aiming to protect its digital assets. By focusing on fundamental practices, sharing security signals and learnings, and avoiding unnecessary technological debt, you can answer most of the mundane threats your organization faces. That way, when something newsworthy does show up on your doorstep, your network, your team, and your time will be available to face it.

Learn more with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Cybersecurity strategies to prioritize now​​  appeared first on Microsoft Security Blog.