GitHub Copilot shifts to tokens June 1

Show Notes

AI costs are becoming variable, security risks are becoming immediate, and governance is becoming mandatory. This episode breaks down GitHub Copilot's shift to usage-based pricing and what it signals for every AI tool your firm is adopting. For founders and firm leaders, this is about control. Costs that used to be predictable are now tied to behavior. At the same time, a live VPN vulnerability shows how quickly exposure can turn into access. And new Zero Trust guidance and AI governance tools are raising the bar on what "good" looks like in security and compliance. We also cover shifts in buyer intelligence, vulnerability disclosure tensions, automated penetration testing, and a legal ruling that could impact digital client acquisition. Learn more at https://crestvale.io

Transcript

SPEAKER_00 0:00

Your AI tools just got a lot more expensive. Your VPN might already be compromised. And the gap between firms that control AI and those that don't is widening fast. This is the Crestvale Newsroom Daily Podcast. GitHub is flipping the switch on copilot pricing, and this is not a small adjustment. Starting June 1st, Copilot moves from a flat monthly fee to usage-based billing. That means tokens, and tokens behave like cloud compute. Easy to start, hard to predict, and very easy to overspend. Early reports show the impact clearly. Teams that treated Copilot like an always-on generator are seeing costs jump from tens of dollars to hundreds per user. In some cases, more. But disciplined teams are seeing the opposite. When developers use it for targeted tasks, not constant generation, costs stay controlled. This is not a product change. The tool is the same. The economics are not. Microsoft spent the last two years subsidizing heavy usage to drive adoption. That subsidy is ending. Now you are seeing the real cost of AI-assisted work. And this is bigger than Copilot. Any AI tool priced per token will follow the same curve. Adoption looks cheap. Then usage scales quietly. Then finance notices. This is where it starts to matter. If you run a professional services firm, this is now a margin issue, not a tooling decision. Without usage policies, budgets, and visibility, your AI stack will expand in the background and eat into profitability. Slowly at first, then all at once. The firms that treat AI like infrastructure, with controls and oversight, will keep costs predictable. Everyone else will be explaining surprise line items. Now, on the security side, there is a much more immediate problem. The Cybersecurity and Infrastructure Security Agency has flagged a critical vulnerability in Palo Alto Networks, Global Protect VPN. And it is already being exploited. This is not phishing. It is not brute force. Attackers can bypass authentication entirely by forging session cookies and walking straight into the network. They do not need credentials, they just need the right conditions. And those conditions are more common than most teams think. Exploitation has been observed since mid-May. Attackers are gaining internal network access and getting assigned real internal IP addresses. That means they look like legitimate users once they are in. Why this matters is simple. If your firm uses Palo Alto firewalls, or your managed provider does, you need confirmation of patching and configuration changes immediately. This is initial access handed to attackers with almost no resistance, and it is happening now, not in theory. Meanwhile, the National Security Agency is trying to close a different kind of gap. They just turned their zero trust guidance into an interactive platform. For years, zero trust has been clear in concept and painful in execution. Thousands of pages of guidance. Very little operational clarity. That just changed. The new platform walks teams through implementation step by step. Users, devices, data, access, in sequence, it forces structure. It also makes one thing clear. Continuous monitoring and automated enforcement are not optional anymore. They are baseline expectations. Here is the shift. Zero trust is no longer a future state architecture. It is becoming the operating standard. If your security model still leans heavily on perimeter defenses and basic multifactor authentication, you are behind where serious organizations are heading. And finally, AI governance is moving faster than most firms are prepared for. Kiteworks just introduced a control layer that sits between AI tools and your data. It does not try to improve the model. It controls access. It routes tools like Copilot and GPT through a governed layer where you can define who can access what, enforce policy, and log everything. Every prompt, every action, every data touch. And it can be deployed quickly. This is where things are going. Auditability is becoming non-negotiable. Not later. Now. If your firm is using AI without clear logging and data controls, you are creating risk you will not be able to explain when someone asks. And someone will ask. Here is what else is worth knowing today. Futrum Group is acquiring ETR's spending intent data. That points to a shift toward real buyer behavior driving tech decisions and deal timing, not surveys or opinion. Microsoft is escalating against a zero-day researcher. That tension risks pushing vulnerability disclosure further underground, which makes exposure harder to detect early. Armour AI has open sourced a swarm-based penetration testing platform. Offensive security is becoming continuous and automated, which makes annual testing feel outdated. The Delhi High Court ruled against Google in a trademark keyword case. That could raise the cost of paid search strategies for firms that rely on brand protection bidding. Before we close out, here is a quick look at where markets landed. Equities moved higher, with both the S and P500 and the Nasdaq tracking upward into the close. The tone was steady, not aggressive. The 10-year treasury yield edged down, easing slightly after recent pressure. In commodities, gold pushed higher and oil pulled back. Bitcoin also moved up, continuing its recent strength. Here is the takeaway. If you do not actively manage AI usage, access, and cost now, it will quietly turn into both a security risk and a margin problem at the same time. Tomorrow we are watching how firms start enforcing AI budgets and controls as token based pricing spreads beyond development tools. If this was useful, follow the Crestvale Newsroom Daily Podcast so you don't miss it. Thanks for listening. Thanks for