github copilot organization id for Real-time cyber safeguards on Claude

[Microsvuln]

🏷️ Discussion Type

Question

💬 Feature/Topic Area

Copilot in GitHub

Body

Hi .

I am interested to know how can I submit my cyber use case form (https://claude.com/form/cyber-use-case) for my anthropic models while I'm using them by my github copilot account ?

Indeed anthropic needs organization id of an account to apply the changes needed for cyber use case.

How is this possible to submit the Anthropic use case form for using claude models with github copilot ?

This is mostly applicable to opus 4.7 .

https://support.claude.com/en/articles/14604842-real-time-cyber-safeguards-on-claude

Thanks.

[Gitious]

You can't, and it's a structural thing rather than a missing button. When you use Claude through Copilot you don't have an Anthropic organization ID, because you don't have a direct relationship with Anthropic. Your requests go through GitHub's Copilot service, which routes to Anthropic on the back end. The customer Anthropic sees is GitHub, not you, so there's nothing on your side for the form to attach changes to.

The cyber use case form (and the Cyber Verification Program approval) only works for direct Anthropic customers, since approval is tied to your own org ID under your own API key.

Two options if you actually need this:

Sign up directly at console.anthropic.com, get your own org ID, submit the form there, and use the Claude API directly for those use cases.

Or stay on Copilot and ask GitHub Support, but realistically Copilot follows GitHub's policies, not Anthropic's per-customer ones, so the answer is probably no.

TL;DR: the form is for direct API customers. Copilot routes through GitHub, so there's no org ID on your end to give Anthropic.

[Microsvuln]

Thanks for your reply @Gitious , in this case I'm interested to know how github plans to solve this problem because many users are affected by this .

[Gitious]

Actually scratch what I said earlier, GitHub already shipped BYOK on the surfaces that matter, so you can do this today. Pick whichever Copilot you use:

If you use VS Code Copilot Chat (any plan, BYOK landed April 22):

1. Grab your Anthropic API key from console.anthropic.com
2. In VS Code, open the Copilot model picker
3. Click Manage Models, pick Anthropic, paste your key
4. Done. Your Claude calls now go through your own key.

If you use Copilot CLI:
Set these before launching copilot:

• COPILOT_PROVIDER_TYPE=anthropic
• COPILOT_PROVIDER_BASE_URL=https://api.anthropic.com
• COPILOT_PROVIDER_API_KEY=sk-ant-... (your key)
• COPILOT_MODEL=claude-opus-4-7 (or whichever model you want)

If you're on Copilot Enterprise:
Ask your admin to wire up the org's Anthropic key in Copilot policy settings. BYOK has been in public preview there since last November.

Once you're on BYOK, the call goes to Anthropic with your own key, so Anthropic sees your org ID and your cyber use case approval (plus CVP, fine-tuning, custom rate limits, anything tied to your org) applies automatically.

The only Copilot surfaces I'm not sure about are JetBrains and the github.com web Copilot Chat. VS Code is the cleanest path for Claude.

[Gecko51]

There's no public roadmap for this from GitHub as far as I know. The follow-up question is fair but it's a genuinely hard gap to close.

The core issue: Copilot is essentially a reseller relationship. GitHub negotiates with Anthropic at the platform level, not per-user or per-org. For GitHub to surface individual org IDs or allow per-customer policy exceptions through Anthropic, they'd need to rearchitect how the backend integration works or build a passthrough system where your use-case approval travels with your API calls. That's a non-trivial integration on both sides.

GitHub Enterprise Cloud is worth checking separately if you're on it. Enterprise agreements sometimes include custom terms, and a larger org could potentially negotiate directly. Your GitHub account rep would know more.

For pushing GitHub on this, the most effective path is filing a Feature Request in GitHub Community under the Copilot feedback category, then linking back to this thread. Voting traction on FRs is what actually gets things prioritized internally.

Short term, if the cyber use case approval is genuinely needed for your workflow, the direct console.anthropic.com route is the only one that works today.