GitHub Copilot Bills Hit $800: Visual Studio’s June Update Adds Real-Time Usage Alerts and MCP Trust Checks

Microsoft’s June Stable Channel update for Visual Studio landed on two things developers have been asking for all year: A clearer view of what their Copilot habit actually costs, and a way to know whether an MCP server has quietly changed under the hood. Both features answer real pain points that surfaced in the past few months, not hypothetical ones.

The Billing Shock That Started It All

On June 1, GitHub moved every Copilot plan from premium request units to usage-based billing, calculated by token consumption rather than request count. Base plan prices didn’t change, but the way usage is metered did, and the shift meant users would be charged based on how many tokens they burn as they work, rather than a low flat rate per request.

The reaction was loud. Some developers reported their monthly bills climbing from around $29 to nearly $750, and other reports of heavy agentic users have their costs surging from $39 to over $800 a month. Whether that’s a fair reflection of what agentic coding actually costs to run, or a rug pull on users Microsoft had trained to use Copilot without thinking twice, depends on who you ask. Either way, the complaint developers kept repeating was the same: they couldn’t see it coming.

Visual Studio’s refreshed Copilot Usage window is a direct answer to that. It now shows real-time usage against the token-based model, with proactive alerts as you approach a limit, when you hit it, and when overage billing kicks in. The quota warning threshold is configurable, so teams can decide how much runway they want before the heads-up arrives. It’s a small UI change, but it’s the kind of visibility that should have shipped alongside the billing model itself.

“Token-based billing makes cost a runtime variable that scales with how aggressively teams run agentic workflows, and that moves spend variability inside the development toolchain itself,” said Mitch Ashley, VP and practice lead for software lifecycle engineering and AI-native software engineering at The Futurum Group. “AI dev tool providers owe their customers the same usage notifications and limits that the hyperscalers have had to put in place.”

Ashley points to a familiar precedent. “Engineering leaders now face the discipline cloud computing forced a decade ago: Budgets, alerts, and governance for metered consumption,” he said. “Teams that scale agentic development without real-time cost telemetry will learn their inference economics after the fact from an invoice.”

MCP Servers Now Get Checked Twice

The second headline feature is less about cost and more about trust. Model Context Protocol servers extend what Copilot can reach — files, APIs, internal tools — and that reach has become one of the more scrutinized parts of the AI coding stack this year. Security researchers have cataloged dozens of MCP-specific vulnerabilities across 2025 and 2026, including a critical OS command injection flaw in mcp-remote, an OAuth proxy with over 437,000 downloads used in integrations from Cloudflare, Hugging Face and Auth0. One of the recurring patterns researchers flag is what’s sometimes called a “rug pull”: a server passes review, gets trusted, and then behaves differently after deployment — new tools, new permissions, new instructions the agent will happily follow.

Visual Studio’s answer is a two-stage trust check that runs at startup. Before the MCP server process even starts, the current configuration is compared against a previously trusted baseline. After it starts, the fingerprint of its tools, prompts, resources, and instructions is compared against the last trusted version. If anything diverged, a dialog stops and asks you to review the changes before the server runs. You can accept and update the baseline, always trust the server going forward, or reject the changes and abort startup. First-time connections are implicitly trusted and set the initial baseline, and built-in or registry-controlled servers skip the prompt.

It’s not a full answer to MCP supply chain risk — sandboxing, least-privilege scoping, and audit logging still matter, and Visual Studio isn’t claiming to replace those. But catching silent changes to a server’s tools or instructions before they run is a meaningful gap to close, especially for teams that added MCP servers early and haven’t looked at them since.

The Smaller Stuff

Three other changes round out the release. The GitHub Copilot modernization agent for C++ is now generally available for MSVC upgrades — it analyzes a project, flags compatibility issues, and lays out an upgrade plan, either fully automated or step-by-step with review gates. Next edit suggestions now span the entire active file instead of just the area around your cursor, which matters more than it sounds like for anyone making a change that ripples through a file. And emojis render in full color everywhere Visual Studio shows text, which is cosmetic but consistent — what you see now matches what your teammates see.

Why This Update Matters

Taken together, the usage tracking and MCP trust checks suggest where Microsoft thinks the friction actually lies right now: Cost predictability and tool trust, not new features. Both problems trace back to the same root cause — Copilot has become an agentic platform that acts with real autonomy, and the guardrails around visibility and consent are still catching up to that shift. This update doesn’t close the gap. It’s a reasonable step toward it.

Read More

Scroll to Top