If they just stick to using permissive-licensed source code then i'm not sure what the actual 'harm' is with co-pilot.
If they auto-generate an acknowledgement file for all source repos used in co-pilot, and then asked clients of co-pilot to ship that file with their product, would that be enough? Call it "The Extended Github Co-Pilot Derivative Use License" or something.
