safety security
CodeQL Learns to Flag Prompt-Injection Paths
Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.
Summary
Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.
GitHub released CodeQL 2.26.0 on July 10 with support for Kotlin 2.4.0 and new analysis aimed at AI prompt-injection risks. The security queries look for flows in which attacker-controlled input can reach a model prompt or agent workflow without adequate safeguards. Static analysis cannot prove that every flagged path is exploitable or that every unflagged system is safe, but the release turns a class of agent-security concern into something development teams can search for continuously alongside conventional code vulnerabilities.
Why it matters
Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.
Limits and context
- Static analysis cannot prove that every flagged path is exploitable or that every unflagged system is safe, but the release turns a class of agent-security concern into something development teams can search for continuously alongside conventional code vulnerabilities.
Key claims
Version 2.26.0 adds queries for workflows where untrusted text can reach an LLM and influence tool-using behavior.
Qualification: Static analysis cannot prove that every flagged path is exploitable or that every unflagged system is safe, but the release turns a class of agent-security concern into something development teams can search for continuously alongside conventional code vulnerabilities.
Evidence: source-2026-07-11-004
Sources
- GitHub Changelog: CodeQL 2.26.0GitHub · secondary reporting
Corrections
: Correction, July 11, 2026: An earlier automated version repeated five ticker briefs and nine dispatches from the July 10 edition. Those items were removed and replaced with previously unpublished editorial stories; the two front-page stories and three genuinely new dispatches were preserved.