&gt; +1. I see all these posts about tokens, and I&#x27;m like &quot;who&#x27;s paying by the token?&quot;When you use the API

Most LLM usage?There’s some exceptions eg Claude Max

+1. I see all these posts about tokens, and I&#x27;m like &quot;who&#x27;s paying by the token?&quot;

Cat&#x27;s out of the bag now, and it seems they&#x27;ll probably patch it, but:Use other flows under standard billing to do iterative planning, spec building, and resource loading for a substantive change set. EG, something 5k+ loc, 10+ file.Then throw that spec document as your single prompt to the copilot per-request-billed agent. Include in the prompt a caveat that We are being billed per user request. Try to go as far as possible given the prompt. If you encounter difficult underspecified decision points, as far as possible, implement multiple options and indicate in the completion document where selections must be made by the user. Implement specified test structures, and run against your implementation until full passing.Most of my major chunks of code are written this way, and I never manage to use up the 100 available prompts.

For $10 flat per request up to 128k tokens they’re losing money. 100 * 100k is 10m tokens. At current api pricing that’s $50 input tokens, not even accounting for output!

So 100 Opus requests a month? That&#x27;s not a lot.

It hasn&#x27;t done that to me. It&#x27;s worked according to their docs:&gt; Copilot Chat uses one premium request per user prompt, multiplied by the model&#x27;s rate.&gt; Each prompt to Copilot CLI uses one premium request with the default model. For other models, this is multiplied by the model&#x27;s rate.&gt; Copilot coding agent uses one premium request per session, multiplied by the model&#x27;s rate. A session begins when you ask Copilot to create a pull request or make one or more changes to an existing pull request.<a href="https:&#x2F;&#x2F;docs.github.com&#x2F;en&#x2F;copilot&#x2F;concepts&#x2F;billing&#x2F;copilot-requests" rel="nofollow">https:&#x2F;&#x2F;docs.github.com&#x2F;en&#x2F;copilot&#x2F;concepts&#x2F;billing&#x2F;copilot-...</a>

I&#x27;ve had single prompt to Opus consume as many as 13 premium messages. The Copilot harness is so gimped so they can abstract tokens from messages. Every person that started with Copilot that I know that tried CC were amazed at the power difference. Stepping out of a golf cart and into &lt;your favorite fast car&gt;.

Even without hacks, Copilot is still a cheap way to use Claude models:- $10&#x2F;month- Copilot CLI for Claude Code type CLI, VS Code for GUI- 300 requests (prompts) on Sonnet 4.5, 100 on Opus 4.6 (3x)- One prompt only ever consumes one request, regardless of tokens used- Agents auto plan tasks and create PRs- &quot;New Agent&quot; in VS Code runs agent locally- &quot;New Cloud Agent&quot; runs agent in the cloud (<a href="https:&#x2F;&#x2F;github.com&#x2F;copilot&#x2F;agents" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;copilot&#x2F;agents</a>)- Additional requests cost $0.04 each

&gt; The right script, with the right prompts can be tailored to create a loop, allowing the premium model to continually be invoked unlimited times for no additional cost beyond that of the initial message.Ralph loops for free...

“Not my job” award winner.We use a “Managed Azure DevOps Pool”. This allows you to use Azure VM types of your choosing for build agents, but they can also still use the exact same images as the regular managed build agents which works well for us since we have no desire to manage the OS of our agent (doing updates, etc), but we get to choose beefier hardware specs.An annoying limitation though is that Microsoft’s images only work on “Gen 1” VMs, which limits available VM types.Someone posted on one of Microsoft’s forums or GitHub repositories to please update the images to also work on Gen 2 VMs, I can’t remember for sure right now which forum, was probably the “Azure Managed DecOps Pools” forum.Reply was “we can’t do anything about this, go post in forum for other team, issue closed”.As far as I’m concerned, they’re all Microsoft Azure, why should people have to make another post, at the very least move the issue to the correct place, or even better, internally take it up with the other team since it’s severely crippling your own “product”.Useless and lazy employees.

&gt; Note: Initially submitted this to MSRC (VULN-172488), MSRC insisted bypassing billing is outside of MSRC scope and instructed me multiple times to file as a public bug report.Good job, Microsoft.

I did that weeks ago: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=46757318">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=46757318</a>

Paying per token also encouragages reduced quality only now you pay. If they can subtbtly degrade quality or even probability of 1shot solutions, they get you paying for more tokens. Under current economic models and incentive structures, enshitification is inevitable, since we&#x27;re optimizing for it long term.

The &quot;premium request&quot; billing model where you pay per invocation and not for usage is very obviously not a sustainable approach and creates skewed incentives (e.g. for microsoft to degrade response quality), especially with the shift towards longer running agentic sessions as opposed to simple oneshot chat questions, which the system was presumably designed for. Its just a very obvious fundamental incompatibility and the system is in increasing need of replacement. Usage linked (pay per token) is probably the way to go, as is industry standard.

Have confirmed that many of these AI agents and Agentic IDEs implement business logic and guardrails LOCALLY on the device.(Source: submitted similar issue to different Agentic LLM provider)

&gt; The only thing i liked about that whole exchange was that GPT was readily willing to concede that all the details and observations I included point to a service degradation and failure on Microsoft side.Reminds me of an interaction I was forced to have with a chatbot over the phone for “customer service”. It kept apologizing, saying “I’m sorry to hear that.” in response to my issues.The thing is, it wasn’t sorry to hear that. AI is incapable of feeling “sorry” about anything. It’s anthropomorphisizing itself and aping politeness. I might as well have a “Sorry” button on my desk that I smash every time a corporation worth $TRILL wrongs me. Insert South Park “We’re sorry” meme.Are you sure “readily willing to concede” is worth absolutely anything as a user or consumer?

On the other hand ... I recently had to deal with official Microsoft Support for an Azure service degradation &#x2F; silent failure.Their email responses were broadly all like this -- fully drafted by GPT. The only thing i liked about that whole exchange was that GPT was readily willing to concede that all the details and observations I included point to a service degradation and failure on Microsoft side. A purely human mind would not have so readily conceded the point without some hedging or dilly-dallying or keeping some options open to avoid accepting blame.

That&#x27;s when you use an LLM to respond pointing out all the ways the PM failed at their job. I know it sucks but fight fire with fire.Sites like lmgtfy existed long before AI because people will always take short cuts.

&gt;&gt; The next day, the PM of the other team responded with a _screenshot of an AI conversation_ saying the issue was on my end for misusing a standard CLI tool.You are still on time, to coach a model to create a reply saying the are completely wrong, and send back a print screen of that reply :-)) Bonus points for having the model include disparaging comments...

I wholly agree, the response screams “copied from ChatGPT” to me. “Contributions” like these comments and drive by PRs are a curse on open source and software development in general.As someone who takes pride in being thorough and detail oriented, I cannot stand when people provide the bare minimum of effort in response. Earlier this week I created a bug report for an internal software project on another team. It was a bizarre behavior, so out of curiosity and a desire to be truly helpful, I spent a couple hours whittling the issue down to a small, reproducible test case. I even had someone on my team run through the reproduction steps to confirm it was reproducible on at least one other environment.The next day, the PM of the other team responded with a _screenshot of an AI conversation_ saying the issue was on my end for misusing a standard CLI tool. I was offended on so many levels. For one, I wasn’t using the CLI tool in the way it describes, and even if I was it wouldn’t affect the bug. But the bigger problem is that this person thinks a screenshot of an AI conversation is an acceptable response. Is this what talking to semi technical roles is going to be like from now on? I get to argue with an LLM by proxy of another human? Fuck that.

I come to YCombinator, specifically because for some reason, some of the very brightest minds are here.

Some were already that and even more, because of other reasons. The Cathedral model, described in &quot;The Cathedral and the Bazaar&quot;.

It&#x27;s not a peer review it&#x27;s just AI slop. I do agree they don&#x27;t seem to be intentionally posing as an MS employee.

Let&#x27;s just say they are pretending to be helpful, how about that?&gt; &quot;Peer review&quot;no unless your &quot;peers&quot; are bots who regurgitate LLM slop.

It&#x27;s performative garbage: authority roleplay edition.Let me slop an affirmative comment on this HIGH TRAFFIC issue so I get ENGAGEMENT on it and EYEBALLS on my vibed GitHub PROFILE and get STARS on my repos.

No where in the comment do they assert they are work for Microsoft.This is a peer-review.

Exactly I have seen these know it all comments on my own repos and also tldraw&#x27;s issues when adding issues. They add nothing to the conversation, they just paste the conversation into some coding tool and spit out the info.

&gt; That repo alone has 1.1k open pull requests, madness.The UI can&#x27;t even be bothered to show the number of open issues, 5K+ :)Then they &quot;fix it&quot; by making issues auto-close after 1 week of inactivity, meanwhile PRs submitted 10 years ago remains open.

&gt; I completely understand why some projects are in whitelist-contributors-only mode. It&#x27;s becoming a mess.That repo alone has 1.1k open pull requests, madness.

Everyone is a maintainer of Microsoft. Everyone is testing their buggy products, as they leak information like a wire only umbrella. It is sad that more people who use co-pilot know that they are training it at a cost of millions of gallons of fresh drinking water.It was a mess before, and it will only get worse, but at least I can get some work done 4 times a day.

The laat comment is a person pretending to be a maintainer of Microsoft. I have a gut feeling that these kind of people will only increase, and we&#x27;ll have vibe engineers scouring popular repositories to &quot;&quot;contribute&quot;&quot; (note that the suggested fix is vague).I completely understand why some projects are in whitelist-contributors-only mode. It&#x27;s becoming a mess.

Copilot fairly recently added support for running sub-agents using different models to the model that invoked them.If this report is to be believed, they didn&#x27;t implement billing correctly for the sub-agents allowing more costly models to be run for free as sub-agents.

My guess is either someone raised this internally and was told it was fine, or knew but didn&#x27;t bother raising it since they knew they’d be blown off.

Some part of me says, let their vibing have a cost, since clearly &quot;overall product quality going to shit&quot; hasn&#x27;t had a visible effect on their trajectory

Why would you report this?!A second time. When they already closed your first issue. Just enjoy the free ride.

They tried to report it to MSRC, likely to get a bounty, and when they were stiffed there and advised to make it public they did.I would have done the same.

Who would report this? Are they hoping for a bug bounty or they know their competitors are using the technique?

What&#x27;s the direct cost to Microsoft of someone pirating an OS vs. making requests to a hosted LLM?

They don&#x27;t care, they would rather let you use pirated MS software than move to Linux.Not even sure that&#x27;s true anymore. How else to explain WSL&#x2F;WSL2? They practically lead you to Linux by the hand these days.

Home users are icing on the cake. Suing them for privacy is a bad look (see the RIAA), and using Windows and Office at home reinforces using at work.On the other hand, since they own GitHub they can (in theory) monitor the downloads, check for IPs belonging to businesses, and use it as evidence in piracy cases.

They don&#x27;t care, they would rather let you use pirated MS software than move to Linux. There is a repo on GH with powershell scripts for activating windows&#x2F;office and they let it sit there. Just checked, repo has 165K stars.This could be the same, they know devs mostly prefer to use cursor and&#x2F;or claude than copilot.

Nothing compared to pirated CDs with Office and Windows, 20 yrs back.

Vibes all the way down. &quot;Please check out this other slop issue with 5-600 other tickets pointed to it&quot; -- I was going to ask, how is anyone supposed to make sense of such a mess, but I guess the answer is &quot;no human is supposed to&quot;

the &quot;AI&quot; bot closing the issue here is particularly funny

You must be new here.Microsoft notoriously tolerated pirated Windows and Office installations for about a decade and a half, to solidify their usage as de facto standard and expected. Tolerating unofficial free usage of their latest products is standard procedure for MS.

By recently I assume they mean since Windows 7. Alternatively since Windows 10. 2009-2015.Last decade it was misstep after misstep.

Their software seems like it. Their sales team is brutal.

.NET is actually, unironically good. But yes, this is one of few exceptions, unfortunately.

Azure keeps randomly breaking our resources without any service health notifications or heads up, it&#x27;s very fun living in microsofts world.

Thinking back, you&#x27;re probably correct, but it seems like they where actively trying to create something good back then. That might just be me only seeing the good parts, with .Net and SQLServer. Azure was never good, and we&#x27;ve know why for over a decade, their working conditions suck and people don&#x27;t stay long, resulting things being held together by duct tape.I do think some things in Microsoft ecosystem are salvageable, they just aren&#x27;t trendy. The Windows kernel can still work, .Net and their C++ runtime, Win32 &#x2F; Winforms, ActiveDirectory, Exchange (on-prem) and Office are all still fixable and will last Microsoft a long time. It&#x27;s just boring, and Microsoft apparently won&#x27;t do it, because: No subscription.

To be fair, Windows 7 was quite good in my opinion.Wait, what year is it?

Recently? They&#x27;ve been shipping absolute trash for 15 years, and still haven&#x27;t reached the bottom apparently.

Is it just me or is Microsoft really phoning it in recently?

I&#x27;m sure they&#x27;ll fix this, but it would be funny if the downfall of AI was the ability to use it to hack around its own billing.

That&#x27;s fair - I suppose the agent is making a call with a model parameter that isn&#x27;t being attributed, as you say.

Sure but the exploit here isn’t prompt injection, it is an edge case in their billing that isn’t attributing agent calls correctly.

It reminds me of when I used to write lisp, where code is data. You can abuse reflection (and macros) to great effect, but you never feel safe.See also: string interpolation and SQL injection, (unhygienic) C macros

Allowing phreaking was an intentional decision, because otherwise they could have carried half as many channels on each link.

It&#x27;ll be a sad day for Little Bobby Tables if in-band signaling ever goes out of fashion.

Every time I see something about trying to control an LLM by sending instructions to the LLM, I wonder: have we really learned nothing of the pitfalls of in-band signaling since the days of phreaking?

The access to premium models. This much should have been evident from reading the ticket.

&gt; Copilot Chat Extension Version: 0.37.2026013101&gt; VS Code Version: 1.109.0-insider (Universal) - f3d99dePresumably there is such thing as the freemium pay-able &quot;Copilot Chat Extension&quot; for VS Code product. Interesting, I guess.

Oh that was pithy, mean, and just the right amount of taking-it-personally. Well done!

Was good while it lasted, I hope Microsoft continues their new tradition of vibe coding their billing systems :p

Billing can be bypassed using a combo of subagents with an agent definition