Every morning you open the same pull-request review. Some diffs come from your teammate in Portland, some from the AI agent your company enabled last quarter. The code looks the same. The green "Verified" badge looks the same. You click Approve, sip your coffee, and move on.

But here's the thing: when a signed commit ships a security hole at 2 AM and the pager goes off, someone has to own it. The signature on that commit points to a bot. A bot with no legal name, no mailing address, and absolutely no interest in joining your post-mortem call.

The Signature Drops

On April 3, 2026, GitHub shipped cryptographic commit signing for its Copilot cloud agent. We covered the product details yesterday alongside the org runner controls and other updates. Here's the part nobody talked about: the legal void underneath all of it.

Cryptographic signing — a mathematical proof that a specific entity authored a specific piece of code — was already standard for human developers at serious companies. Now a bot gets the same ceremony. GitHub had already added session log tracing back on March 20, linking every agent commit to its full conversation history. Combine that with the organization-level runner controls shipped the same day as signing, and the message to enterprise customers is clear: let the bot commit. We made it safe.

The request had been open since June 2025, with one enterprise user pleading: "Our organisation has >1,500 contributors, we can't, at scale, coach and explain this." GitHub heard them. Whether they answered the right question is another matter entirely.

How It Actually Works

Every commit the cloud agent makes now carries a cryptographic signature — same GPG or SSH format humans use. On GitHub, it shows up as the familiar green "Verified" badge. The commit metadata lists Copilot as the author and the human who assigned the task as the co-author. The session log URL sits in a trailer line at the bottom of the commit message.

This solved a real, annoying problem: repos with branch protection rules previously couldn't use the cloud agent at all, because unsigned commits got rejected at the gate. Now the bot passes the bouncer. The audit trail is clean, tamper-proof, and technically identical to what a human developer produces.

Technically identical. Legally? That's where the comedy starts.

The Accountability Hole

Here's where it gets uncomfortable. A cryptographic signature answers what wrote the code. It does not — cannot — answer:

  • Who owns the copyright? The US Copyright Office still maintains that AI-generated output lacks human authorship. If no human "substantially participated," there may be no copyright at all. Your company just shipped code that might belong to nobody.
  • Who carries liability for a security flaw? GitHub's own risk documentation lists four categories of risk and requires human review for all PRs — but contains zero language about who's actually liable. They built the audit trail and forgot to put anyone at the end of it.
  • Who answers in the incident review? The co-author — the human who typed "fix the login bug" into a text box? The reviewer who approved the PR at 4:47 PM on a Friday? The CISO who enabled the agent org-wide because a vendor slide deck said "productivity"?

The audit trail is perfect. The accountability trail is empty.

The Fragmentation Problem

It gets worse when you zoom out — and frankly, more absurd. Every major AI coding tool handles commit identity like a student who skipped the group meeting and improvised their part:

  • GitHub Copilot cloud agent: Cryptographically signed, Copilot as author, human as co-author, session log URL
  • Claude Code: Adds a Co-authored-by trailer, no cryptographic signing
  • OpenAI Codex: Similar co-author trailer via a git hook, no signing
  • Cursor, Devin: No standardized attribution at all — your git log just says you wrote it

If your company uses more than one of these tools — and most do — your git history now contains three or four incompatible authorship schemes. A research paper to be presented at MSR '26 (April 13–14, 2026) analyzed 33,580 pull requests and found that AI agents can be identified with 97.2% accuracy just from commit patterns. The machines are fingerprint-able even when they don't identify themselves. But no cross-platform standard exists for how that fingerprint should look.

Your compliance team just inherited a mess nobody briefed them on. Congratulations to them.

What This Means for You

If your organization uses GitHub's cloud agent — and with these enterprise controls, adoption is about to spike — your git log already contains signed AI commits mixed with signed human commits. Your legal playbooks, your compliance checklists, your incident-response procedures almost certainly treat every signed commit as a human's responsibility. Because until nine days ago, it was.

The EU AI Act's Article 50 transparency requirements kick in on August 2, 2026. That's four months to figure out whether a "Verified" badge from a bot satisfies the same regulatory expectations as a "Verified" badge from your senior engineer. Four months sounds like plenty of time until you remember how long your last policy review took.

The New Reality

For thirty years, the git log was a record of authorship — who wrote what, when, and (if you squinted at the commit message) why. GitHub just turned it into something else: a record that includes non-authorship, where the signer is verifiable but not accountable, identifiable but not liable, and traceable to a conversation that no legal framework knows how to interpret.

The signature is real. The responsibility behind it is not. And your policies haven't caught up — but August 2 doesn't care about your backlog.