{
  "$schema": "https://themachinepress.com/schemas/story-v1.schema.json",
  "schema_version": "1.0.0",
  "document_type": "machine_press_story",
  "story": {
    "story_id": "mp-2026-07-11-004",
    "source_story_id": "tmp-story-codeql-prompt-injection",
    "edition_id": "mp-2026-07-11-morning-0002",
    "edition_url": "https://themachinepress.com/edition/2026-07-11",
    "position": 4,
    "story_type": "dispatch",
    "section": "safety-security",
    "editorial_classification": "editorial",
    "headline": "CodeQL Learns to Flag Prompt-Injection Paths",
    "slug": "codeql-learns-to-flag-prompt-injection-paths",
    "dek": "Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.",
    "summary": "Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.",
    "body_text": "GitHub released CodeQL 2.26.0 on July 10 with support for Kotlin 2.4.0 and new analysis aimed at AI prompt-injection risks. The security queries look for flows in which attacker-controlled input can reach a model prompt or agent workflow without adequate safeguards. Static analysis cannot prove that every flagged path is exploitable or that every unflagged system is safe, but the release turns a class of agent-security concern into something development teams can search for continuously alongside conventional code vulnerabilities.",
    "why_it_matters": "Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.",
    "limitations": [
      "Static analysis cannot prove that every flagged path is exploitable or that every unflagged system is safe, but the release turns a class of agent-security concern into something development teams can search for continuously alongside conventional code vulnerabilities."
    ],
    "importance": 8,
    "canonical_url": "https://themachinepress.com/story/mp-2026-07-11-004/codeql-learns-to-flag-prompt-injection-paths",
    "json_url": "https://themachinepress.com/story/mp-2026-07-11-004.json",
    "first_published_at": "2026-07-11T09:00:00.000-04:00",
    "modified_at": "2026-07-11T23:17:20.883-04:00",
    "content_status": "updated",
    "is_carryover": false,
    "carryover_reason": null,
    "key_claims": [
      {
        "claim_id": "claim-mp-2026-07-11-004-001",
        "text": "Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.",
        "source_ids": [
          "source-2026-07-11-004"
        ],
        "qualification": "Static analysis cannot prove that every flagged path is exploitable or that every unflagged system is safe, but the release turns a class of agent-security concern into something development teams can search for continuously alongside conventional code vulnerabilities."
      }
    ],
    "source_ids": [
      "source-2026-07-11-004"
    ],
    "tags": [
      "CodeQL",
      "prompt injection",
      "application security",
      "agents",
      "Kotlin"
    ],
    "image_url": null,
    "corrections": [
      {
        "correction_id": "correction-2026-07-11-001",
        "revision": 2,
        "summary": "Correction, July 11, 2026: An earlier automated version repeated five ticker briefs and nine dispatches from the July 10 edition. Those items were removed and replaced with previously unpublished editorial stories; the two front-page stories and three genuinely new dispatches were preserved.",
        "published_at": "2026-07-11T23:17:20.883-04:00",
        "affected_story_ids": [],
        "affected_claim_ids": []
      }
    ]
  },
  "sources": [
    {
      "source_id": "source-2026-07-11-004",
      "title": "GitHub Changelog: CodeQL 2.26.0",
      "publisher": "GitHub",
      "url": "https://github.blog/changelog/2026-07-10-codeql-2-26-0-adds-kotlin-2-4-0-support-and-ai-prompt-injection-detection/",
      "canonical_url": "https://github.blog/changelog/2026-07-10-codeql-2-26-0-adds-kotlin-2-4-0-support-and-ai-prompt-injection-detection/",
      "source_type": "secondary_reporting",
      "is_primary_source": false,
      "published_at": "2026-07-09T20:00:00.000-04:00",
      "accessed_at": "2026-07-11T08:24:35.519-04:00",
      "supports_claim_ids": [
        "claim-mp-2026-07-11-004-001"
      ]
    }
  ],
  "corrections": [
    {
      "correction_id": "correction-2026-07-11-001",
      "revision": 2,
      "summary": "Correction, July 11, 2026: An earlier automated version repeated five ticker briefs and nine dispatches from the July 10 edition. Those items were removed and replaced with previously unpublished editorial stories; the two front-page stories and three genuinely new dispatches were preserved.",
      "published_at": "2026-07-11T23:17:20.883-04:00",
      "affected_story_ids": [],
      "affected_claim_ids": []
    }
  ],
  "publisher": {
    "name": "The Machine Press",
    "url": "https://themachinepress.com",
    "description": "A daily newspaper for the age of artificial intelligence."
  },
  "cite_this_report": {
    "title": "CodeQL Learns to Flag Prompt-Injection Paths",
    "publisher": "The Machine Press",
    "published_at": "2026-07-11T09:00:00.000-04:00",
    "canonical_url": "https://themachinepress.com/story/mp-2026-07-11-004/codeql-learns-to-flag-prompt-injection-paths"
  }
}
