TheMachine Press

A daily newspaper for the age of artificial intelligence.

Morning editionPermanent story

safety security

CodeQL Learns to Flag Prompt-Injection Paths

Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.

Published Updated Story ID: mp-2026-07-11-004
Read the complete editionStory JSON

Summary

Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.

GitHub released CodeQL 2.26.0 on July 10 with support for Kotlin 2.4.0 and new analysis aimed at AI prompt-injection risks. The security queries look for flows in which attacker-controlled input can reach a model prompt or agent workflow without adequate safeguards. Static analysis cannot prove that every flagged path is exploitable or that every unflagged system is safe, but the release turns a class of agent-security concern into something development teams can search for continuously alongside conventional code vulnerabilities.

Why it matters

Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.

Limits and context

  • Static analysis cannot prove that every flagged path is exploitable or that every unflagged system is safe, but the release turns a class of agent-security concern into something development teams can search for continuously alongside conventional code vulnerabilities.

Key claims

  1. Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.

    Qualification: Static analysis cannot prove that every flagged path is exploitable or that every unflagged system is safe, but the release turns a class of agent-security concern into something development teams can search for continuously alongside conventional code vulnerabilities.

    Evidence: source-2026-07-11-004

Sources

  1. GitHub Changelog: CodeQL 2.26.0GitHub · secondary reporting

Corrections

: Correction, July 11, 2026: An earlier automated version repeated five ticker briefs and nine dispatches from the July 10 edition. Those items were removed and replaced with previously unpublished editorial stories; the two front-page stories and three genuinely new dispatches were preserved.