Merge pull request #8848 from microsoft/ntrogh/security-crosslinks

Add cross-links to security doc

Author: ntrogh

docs/copilot/chat/chat-agent-mode.md

@@ -15,15 +15,24 @@ With chat _agent mode_ in Visual Studio Code, you can use natural language to sp
 
 ## Why use agent mode?
 
-Agent mode is optimized for making autonomous edits across multiple files in your project. It is particularly useful for complex tasks that require not only code edits but also the invocation of tools and terminal commands. You can use agent mode to:
+Agent mode is optimized for the following scenarios:
+
+* Coding tasks based on high-level requirements or less well-defined implementation details
+* Making autonomous edits across multiple files in your project
+* Handling complex tasks that require not only code edits but also the invocation of tools and terminal commands
+
+Agent mode autonomously determines the relevant context and tasks to accomplish a given request. It can also iterate multiple times to resolve intermediate issues, such as syntax errors or test failures.
+
+Some examples of tasks you can use agent mode for:
 
 * Refactor parts of your codebase, such as "refactor the app to use a Redis cache".
 * Plan and implement new features, such as "add a login form to the app using OAuth for authentication".
 * Migrate your codebase to a new framework, such as "migrate the app from React to Vue.js".
 * Generate an implementation plan for a complex task, such as "create a meal-planning web app using a Swift front-end and a Node.js back-end".
 * Define a high-level requirement, such as "add social media sharing functionality".
 
-Agent mode is particularly useful for coding tasks when you have a less well-defined task that might also require running terminal commands and tools. Agent mode autonomously determines the relevant context and tasks to accomplish the request. It can also iterate multiple times to resolve intermediate issues, such as syntax errors or test failures.
+> [!IMPORTANT]
+> It's important to be aware of the security considerations of using AI-powered development. Review the [Security documentation](/docs/copilot/security.md) for using AI in VS Code.
 
 ## Agent mode vs Copilot coding agent
 
@@ -114,6 +123,9 @@ Follow these steps to get started:
 
     You can view the list of changed files in the Chat view. The editor overlay controls enable you to navigate between the suggested edits.
 
+    > [!NOTE]
+    > AI-generated code edits are restricted to the files in your current workspace.
+
 1. Review the suggested edits and [accept or discard the suggested edits](#accept-or-discard-edits).
 
 1. Continue to iterate on the code changes to refine the edits or implement additional features.
@@ -180,12 +192,15 @@ In the Chat view, when a tool or terminal command invocation occurs, use the **C
 
 You can reset the tool confirmations by using the **Chat: Reset Tool Confirmations** command in the Command Palette.
 
+> [!IMPORTANT]
+> It's important to be aware of the security considerations of using AI-powered development. Review the [Security documentation](/docs/copilot/security.md) for using AI in VS Code.
+
 ### Auto-approve all tools and commands (Experimental)
 
 In case you want to auto-approve _all_ tools and terminal commands, you can now use the experimental `setting(chat.tools.autoApprove)` setting. This will automatically approve all tool and command invocations, and VS Code will not ask for confirmation when a language model wishes to run tools.
 
 > [!CAUTION]
-> With this setting enabled, you don't have the opportunity to cancel potentially destructive actions a model wants to take.
+> With this setting enabled, you don't have the opportunity to cancel potentially destructive actions a model wants to take. Read the [Security documentation](/docs/copilot/security.md) for using AI in VS Code to understand the implications of this setting.
 
 As an enhanced boundary, you might choose to set `setting(chat.tools.autoApprove)` only when connected to a [remote environment](/docs/remote/remote-overview.md). You'll want to set this as a remote, rather than user-level, setting. Note that remote environments that are part of your local machine (like dev containers) or that have access to your credentials will still pose different levels of risk.
 
@@ -233,7 +248,7 @@ For a terminal command to be auto approved, both the subcommand and command line
 
 ## Accept or discard edits
 
-Copilot lists the files that were edited in the list of the changed files in the Chat view. Files with pending edits also have an indicator in the Explorer view and editor tabs.
+VS Code lists the files that were edited in the list of the changed files in the Chat view. Files with pending edits also have an indicator in the Explorer view and editor tabs.
 
 ![Screenshot that shows the Chat view, highlighting the changed files list and the indicator in the Explorer view and editor tabs.](images/copilot-edits/copilot-edits-changed-files-full.png)
 

docs/copilot/chat/copilot-chat.md

@@ -308,3 +308,4 @@ Or check out the [VS Code Copilot Series](https://www.youtube.com/playlist?list=
 * [Use ask mode to ask questions about your code](/docs/copilot/chat/chat-ask-mode.md)
 * [Use agent mode to start an autonomous coding session](/docs/copilot/chat/chat-agent-mode.md)
 * [Use edit mode to make code edits across multiple files](/docs/copilot/chat/copilot-edits.md)
+* [Learn about security considerations of using AI in VS Code](/docs/copilot/security.md)

docs/copilot/customization/mcp-servers.md

@@ -59,7 +59,7 @@ You have two options to centrally manage MCP support in your organization:
 ## Add an MCP server
 
 > [!CAUTION]
-> MCP servers can run arbitrary code on your machine. Only add servers from trusted sources, and review the publisher and server configuration before starting it. VS Code prompts you to confirm that you [trust the MCP server](#mcp-server-trust) when you start an MCP server for the first time.
+> MCP servers can run arbitrary code on your machine. Only add servers from trusted sources, and review the publisher and server configuration before starting it. VS Code prompts you to confirm that you [trust the MCP server](#mcp-server-trust) when you start an MCP server for the first time. Read the [Security documentation](/docs/copilot/security.md) for using AI in VS Code to understand the implications.
 
 You have multiple options to add an MCP server in VS Code:
 
@@ -319,7 +319,7 @@ VS Code extensions can also contribute MCP servers and configure them as part of
 
 ## MCP server trust
 
-MCP servers can run arbitrary code on your machine. Only add servers from trusted sources, and review the publisher and server configuration before starting it.
+MCP servers can run arbitrary code on your machine. Only add servers from trusted sources, and review the publisher and server configuration before starting it. Read the [Security documentation](/docs/copilot/security.md) for using AI in VS Code to understand the implications.
 
 When you add an MCP server to your workspace or change its configuration, you need to confirm that you trust the server and its capabilities before starting it. VS Code shows a dialog to confirm that you trust the server when you start a server for the first time. Select the link to MCP server in the dialog to review the MCP server configuration in a separate window.
 

docs/copilot/overview.md

@@ -224,3 +224,4 @@ You can start using GitHub Copilot for free with monthly limits on completions a
 - [Set up Copilot in VS Code](/docs/copilot/setup.md)
 - [Get started with hands-on examples](/docs/copilot/getting-started.md)
 - [Customize the AI for your workflow](/docs/copilot/customization/overview.md)
+- [Learn about security considerations of using AI in VS Code](/docs/copilot/security.md)

docs/setup/enterprise.md

@@ -227,3 +227,7 @@ Users can still uninstall extensions that were preinstalled. Restarting VS Code
 ### Does VS Code support configuration profiles on Linux?
 
 Support for Linux is not on the roadmap. If you're interested in configuration profiles on Linux, open an issue in the VS Code [GitHub repository](https://github.com/microsoft/vscode/issues) and share details about your scenario.
+
+## Related resources
+
+- [Learn about security considerations of using AI in VS Code](/docs/copilot/security.md)