It's interesting because the Copilot for PRs preview uses an app that does say "Owned and Operated by GitHub". Probably just an oversight, but I'm pretty sensitive about what access GitHub apps have, especially given the list of major attacks that have happened in recent years that were initiated by someone sneaking malicious payloads in somewhere along the development pipeline.
Curious why they'd use a totally different domain in the first place–how much access do you think you could get to private repos just by cloning that page onto githubfuture.com (available) and spearphishing interesting targets?
Signing up for the technical preview of Copilot Chat also worked as expected, it was just a checkmark and a button on github.com, not even an oauth dialog.
Curious why they'd use a totally different domain in the first place–how much access do you think you could get to private repos just by cloning that page onto githubfuture.com (available) and spearphishing interesting targets?