Repeated Outages and Hacker Attacks! Eight Years After Microsoft’s Acquisition, GitHub is Falling Apart

```

Nearly eight years after Microsoft spent $7.5 billion to acquire GitHub, the world’s largest code hosting platform is now facing a survival crisis. Repeated outages, security vulnerabilities, and the departure of key talent have combined, while the rapidly evolving competitive landscape of AI programming tools threatens its strategic position.

In the past few weeks, GitHub has suffered multiple major service interruptions and disclosed a severe remote code execution vulnerability. This week, it was reported that 3,800 internal code repositories were breached after an employee installed a VS Code plugin embedded with malware. According to multiple current and former GitHub employees interviewed by The Verge, the company has fallen into a leadership vacuum and has completely lost direction.

The turmoil began last summer with the departure of former CEO Thomas Dohmke. Microsoft has since made no arrangements for a successor, forcing GitHub’s leaders to report directly to Microsoft’s CoreAI team. This structural change has led to ongoing talent loss—senior executives like Julia Liuson, Elizabeth Pemmerl, and Jared Palmer have all announced departures or transfers, with one employee bluntly stating “there’s basically no GitHub as a company anymore.”

GitHub’s predicament is being viewed by competitors as an opportunity. Cursor and Claude Code have begun to eat into GitHub Copilot’s market share; according to The Information, Jay Parikh, head of Microsoft’s CoreAI team overseeing GitHub, has privately warned colleagues that GitHub “faces severe threats.” Meanwhile, developers who were wary of Microsoft’s acquisition are now expressing their dissatisfaction—Ghostty terminal developer Mitchell Hashimoto announced he is moving his project off GitHub, stating “after 18 years, I have to leave.”

Leadership vacuum, talent outflow accelerates

GitHub’s current plight is largely traceable to Thomas Dohmke’s departure last summer. Microsoft subsequently consolidated GitHub under the CoreAI team led by Jay Parikh, a former Meta engineering leader personally recruited by Microsoft CEO Satya Nadella. Media reports quoting insiders say Parikh is not well regarded internally at Microsoft, and the decision not to appoint a new CEO was his own.

GitHub employees have long taken pride in their independent culture and call themselves “Hubbers,” but now must report directly to teams within the Microsoft structure—the transition has been difficult. With revenue functions folded into Microsoft MCAPS (Customer and Partner Solutions) and product work split among developer divisions, some internal members feel the company is already a shell. “There’s basically no GitHub as a company anymore,” one employee told The Verge last month:

“Everything is Microsoft, the company is collapsing—whether you look at the outages severely damaging the company’s reputation, or at the continued exodus of leadership.”

The executive exodus is widening. Julia Liuson, with 34 years at Microsoft and previously responsible for GitHub’s revenue and engineering, announced her departure last month. Former GitHub Chief Revenue Officer Elizabeth Pemmerl submitted her resignation in the same month and is replaced by Dan Stein, former head of Microsoft MCAPS. Jared Palmer, who only joined GitHub last October as Senior VP, has already left for Xbox as VP of Engineering and technical advisor to Xbox CEO Asha Sharma—interestingly, Sharma has been recruiting several former Microsoft CoreAI executives, widely interpreted by outsiders as a sign of staff urgently seeking to leave Parikh’s leadership.

The loss of talent has also created direct competitive threats. After leaving, Thomas Dohmke founded a new developer platform, Entire, which now has 30 employees—at least 11 of whom are former GitHub staff, with its product directly competing with GitHub.

Frequent outages, CTO apologizes publicly

Service stability issues have been especially acute in the past year, to the point where GitHub CTO Vladimir Fedorov last month had to publicly apologize for the latest series of incidents. Fedorov admitted that the surge in pull requests, code commits, and new repository creation has placed heavy strain on GitHub’s infrastructure. “Our priorities are clear: first is availability, then capacity, and only then new features,” he said. “We’re cutting unnecessary work, improving caching, isolating critical services, eliminating single points of failure, and migrating performance-sensitive paths to systems designed for those workloads.”

Fedorov joined GitHub last year after nearly eight years at Microsoft and over twelve at Facebook. Soon after joining, he initiated the migration of GitHub to Azure servers to address data center capacity limitations, but the complex MySQL clusters managed by GitHub have made eliminating outage risk impossible during migration.

Repeated outages have worn down the patience of outside developers. Mitchell Hashimoto, developer of the Ghostty terminal, wrote in an open letter last month: “GitHub lets me down every day, and it’s very personal… I want to keep writing code, but I can’t write it on GitHub anymore. After 18 years, I have to leave.” Ghostty promptly announced its migration out of GitHub.

Apart from service stability, security issues are also pressuring GitHub. In March this year, security firm Wiz Research used AI models to discover a severe vulnerability in GitHub’s internal git infrastructure that could let attackers access millions of public and private repos. GitHub managed to patch it in less than six hours.

This week’s security incident is even more serious: 3,800 internal code repositories at GitHub were breached, caused by an employee installing a maliciously tampered VS Code plugin. A Microsoft employee noted that VS Code frequently pushes plugin install prompts to users, and previously a plugin with hundreds of thousands of installs was removed from the VS Code marketplace after being discovered with embedded cryptocurrency mining code.

Copilot loses competitiveness, new pricing triggers backlash

GitHub Copilot once had a first-mover advantage in AI coding assistants, but in the past year it has clearly fallen behind competitors. According to The Information, Parikh has issued an internal warning about this. Microsoft reportedly considered acquiring Cursor to close the gap, and has canceled numerous Claude Code internal licenses to drive its own developers to use GitHub Copilot and accelerate product improvement.

Meanwhile, GitHub is about to switch Copilot to usage-based pricing, triggering a fresh wave of resistance from developers. Under the new scheme, each subscription plan includes a monthly allotment of AI credits, with extra usage charged additionally; unlike the current system where overage triggers an automatic downgrade to a lower-capability model, the new system will cut off access, raising the pay threshold and causing dissatisfaction among some developers.

As Microsoft faces internal turmoil, competitors are rapidly targeting GitHub’s developer ecosystem. Entire, Cursor, and Claude Code are all boosting product capabilities, viewing GitHub’s crisis as a window to reshape the market landscape.

For Microsoft, GitHub’s strategic value far exceeds that of a mere product. Decades of investment in the developer ecosystem have laid the foundation for Microsoft’s status as a software giant. If CoreAI cannot effectively reverse the current decline, Microsoft may continue to lose this key group underpinning its core competitive advantage.

Risk warning and disclaimerThe market involves risks, and investors should exercise caution. This article does not constitute personal investment advice and does not take into account individual users' specific investment goals, financial situations, or needs. Users should consider whether any opinions, viewpoints, or conclusions in this article are appropriate for their circumstances. Investing based on this article is at your own risk. ```