Copilot sometimes reproduces code verbatim. You can't use open source code except under the terms of the license. Authors whose code may be reproduced by Copilot need to grant a license to downstream consumers, and republishers of Copilot-generated code need to adhere to the terms of that license.
Copilot is inserting ticking time-bombs into its users' codebases.
The buck stops with the user, when they use code from any source at all, whether it's their head, the internet, some internal library, lecture notes, a coworker, a random dude of the street, or who knows what else, it their own responsibility to ensure the code they're using has been released under a license they can use. They don't get to go back and point fingers just because they didn't do their own due-diligence.
The exception would be if a vendor provides code under a legal contract providing liability and an agreed license, that has not happened in this case so there's no reason to expect any legal protections.
It doesn't seem to me as though the distinction between "Copilot reproduced the code and the engineer copy/pasted/saved it" versus "Copilot inserted the code" is crucial.
There's a separate question about Microsoft's own liability. When Copilot reproduces open source code without adhering to the terms of the license, that's redistribution and thus copyright infringement. A copyright owner might not be able to get substantial monetary damages, but they ought to be able to get a copyright injunction.
I wonder what happens to Copilot should a Github user secure injunctive relief, forcing Microsoft to exclude their code from Copilot.
Is Google responsible when they index licensed code, then others steal it? It's surely the liability of the programmer to "check" (Not really sure how this would work, either).