When Microsoft announced its acquisition of GitHub for $7.5 billion in 2018, the developer community was deeply divided. Many feared that Microsoft would eventually absorb the beloved platform into its corporate machinery, while others hoped the tech giant would provide resources and stability. Nearly eight years later, those fears appear to be materializing. GitHub is now fighting for its survival amid a surge of outages, security issues, and intense pressure from competitors.

In recent weeks alone, GitHub experienced multiple major outages, a critical remote code execution vulnerability, and a breach of its internal code repositories due to a poisoned VS Code extension installed by an employee. Current and former employees describe a company struggling with a lack of leadership and mounting pressure from rivals. The problems trace back to last summer, when former GitHub CEO Thomas Dohmke resigned, triggering a fundamental shakeup in how GitHub operates under Microsoft control.

Leadership vacuum and cultural clash

Microsoft chose not to replace Dohmke with a new CEO. Instead, GitHub’s leadership team now reports directly to Microsoft’s CoreAI division, led by former Meta engineering chief Jay Parikh. Parikh was personally recruited by Microsoft CEO Satya Nadella to drive the company’s AI transformation. However, internal sources say Parikh is not well-liked by Microsoft employees, and his decision to leave the CEO spot vacant has caused confusion and frustration among GitHub staff, known as Hubbers. The company had a proud independent streak, and the loss of a dedicated leader has eroded morale.

Since Dohmke’s departure, there has been a steady exodus of top talent. Many employees have followed Dohmke to his new startup, Entire, a developer platform that competes directly with GitHub. Out of 30 employees listed at Entire, at least 11 previously worked at GitHub. This brain drain is compounded by the departure of other key figures. Veteran Microsoft executive Julia Liuson, who had been overseeing GitHub revenue, engineering, and support, announced her retirement after 34 years. Jared Palmer, who joined GitHub as senior vice president in October, is leaving after just months to join Xbox as VP of engineering. Elizabeth Pemmerl, GitHub’s former chief revenue officer, also resigned last month. Dan Stein replaced her, but with GitHub’s revenue now reporting into Microsoft Customer and Partner Solutions (MCAPS), and product work split into Microsoft’s Developer Division, many feel the platform has lost its identity entirely.

“There’s basically no more GitHub at all anymore,” one employee told reporters. “It’s all Microsoft, and the company is collapsing, both in outages that are reallllly bad and have torched the company reputation… and in an exodus of leadership.”

Outages and security woes

The technical problems have been severe. GitHub’s CTO, Vladimir Fedorov, personally apologized for a series of incidents last month. He acknowledged that the platform is struggling with a huge growth spike in recent years, driven by increases in pull requests, commits, and new repositories. “Our priorities are clear: availability first, then capacity, then new features,” said Fedorov. “We are reducing unnecessary work, improving caching, isolating critical services, removing single points of failure, and moving performance-sensitive paths into systems designed for these workloads.”

Fedorov joined GitHub just a year ago, after eight years at Microsoft and 12 years at Facebook. His tenure has been marked by an ongoing migration of GitHub’s infrastructure to Azure servers, a project he kicked off shortly after arriving to address data center capacity constraints. The migration involves complex MySQL clusters, and observers warned it could lead to outages. Those warnings have proven prescient: the incidents have angered developers both inside and outside Microsoft. Mitchell Hashimoto, the creator of the Ghostty terminal emulator, publicly announced his departure from GitHub, writing, “GitHub is failing me, every single day, and it is personal. I want it to be better, but I also want to code. And I can’t code with GitHub anymore. I’m sorry. After 18 years, I’ve got to go.”

Beyond outages, security has become a major concern. In March, researchers at Wiz leveraged AI models to uncover a critical vulnerability in GitHub’s internal git infrastructure, which could have allowed attackers to access millions of public and private code repositories. GitHub rushed to fix the issue in under six hours. More recently, 3,800 internal GitHub code repositories were compromised after an employee installed a malicious VS Code extension. Microsoft employees note that VS Code often prompts users to install new extensions, and some with hundreds of thousands of installs have been pulled from the marketplace after infecting users with cryptomining tools.

Competitive pressures mount

While Microsoft struggles to stabilize GitHub, rivals are gaining ground. Jay Parikh has reportedly warned colleagues that GitHub “faces a critical threat” from competitors like Cursor and Claude Code. GitHub Copilot, once the leader in AI-powered code generation, has fallen behind over the past year. Microsoft had even considered acquiring Cursor to close the gap, according to reports. Last week, it was reported that Microsoft is canceling many of its own Claude Code licenses in an effort to force developers to improve GitHub Copilot instead.

The company is also facing backlash over its shift to usage-based billing for Copilot. Starting next month, every Copilot plan will include a monthly allotment of AI credits, with options to purchase additional usage. Previously, users could experiment without worrying about costs, as GitHub would simply move them to a less capable AI model once limits were reached. The new system means users will be cut off unless they pay for more credits, angering many developers who relied on the generous free tier.

Historical context and the road ahead

GitHub’s current struggles are particularly ironic given its history. Founded in 2008, the platform grew rapidly to become the world’s largest code repository, hosting millions of open-source projects. Its acquisition by Microsoft in 2018 was seen by some as a validation of the developer ecosystem, but also as a risk. Under Dohmke, GitHub maintained a degree of autonomy and continued to innovate, launching Copilot in 2021 and expanding its offerings. However, the integration into Microsoft’s product portfolio has accelerated, and some argue the company has lost sight of what made GitHub special.

The leadership changes also reflect broader shifts at Microsoft. The creation of the CoreAI division underscores Nadella’s commitment to embedding AI across all products, but it has come at the cost of pushing out experienced executives. The departure of Julia Liuson, a 34-year Microsoft veteran who had overseen GitHub’s integration, leaves a gap in institutional knowledge. The appointment of Dan Stein as chief revenue officer signals a move to align GitHub more closely with Microsoft’s enterprise sales machine, but this may alienate the individual developers and small teams that form the platform’s core user base.

Microsoft’s own developer ecosystem is also feeling the strain. Xbox, another Microsoft property, has seen an exodus of talent from CoreAI, with many former executives joining the game division under new CEO Asha Sharma. The Xbox team has hired multiple former CoreAI leaders, including Jared Palmer, who seems eager to escape Parikh’s leadership. This internal dynamic suggests that the issues at GitHub are not isolated; they reflect a broader discontent with the way Microsoft is structuring its AI efforts.

On the security front, the breach involving VS Code extensions highlights a systemic problem. The VS Code Marketplace has long struggled with malicious extensions, and despite Microsoft’s efforts to improve vetting, incidents continue. The breach of GitHub’s own internal repos is a stark reminder that no organization is immune to sophisticated supply-chain attacks. The incident also raises questions about Microsoft’s ability to secure its development tools, which are used by millions of developers worldwide.

Meanwhile, the migration to Azure continues, but the outages have damaged GitHub’s reputation. Developers rely on GitHub for continuous integration, code review, and collaboration. When the platform goes down, productivity suffers. The past year has seen an unusual frequency of downtime, leading to frustration and, in some cases, migration to alternatives. The Ghostty project’s move is just one example; if the trend accelerates, GitHub could lose its dominant position.

Competitors are sensing opportunity. Entire, founded by Dohmke, is building a new developer platform that promises greater reliability and independence. Cursor and Claude Code are pushing the boundaries of AI-assisted coding, offering features that GitHub Copilot has not yet matched. Even GitLab, which has long been a rival, is capitalizing on GitHub’s troubles by promoting its own integrated DevSecOps platform.

The pressure is now squarely on Jay Parikh and the CoreAI leadership team. They must stabilize GitHub’s infrastructure, stem the talent exodus, and fend off competition, all while maintaining the trust of the developer community. If they fail, Microsoft could lose the very “developers, developers, developers” that helped turn it into a software giant. The clock is ticking.

Source: The Verge News