If you told the legal team at any mid-sized or larger company "we're pretty sure only 1 in 1000 lines of code our developers write breaches someone else's copyright" there'd be some serious hell to pay.

No, no. 1 out of every 1000 lines of code has the potential to breach some form of license.

If someone is motivated to search through our entire (proprietary, private) codebase. They match it with repositories that are freely available. They’re properly motivated to make a problem out of it (some twitter randos?), and most importantly they gain some benefit out of spending hundreds of thousands of dollars engaging with our legal team.

By the time you satisfy all the conditions required for it to be an issue you are talking nation-state actors.

Yes but if you have a large team you'll be using it hundreds of times a day. I will not be surprised if Copilot indemnity insurance is a thing in M&A in a five years.

Yep - it would be useful if more people had literacy of using the tool for these conversations. I don't blame them, that shouldn't be expected or required, but there is a large gap between how bad this looks and how materially bad it is when you take into account the actual way Copilot is usually used.