🛠️

Scan AI Apps for System Prompt Injection with CodeQL 2.26.0

GitHub's CodeQL 2.26.0 adds a JavaScript/TypeScript query that detects untrusted user values flowing into AI system prompts.

Jul 12, 2026
Status & Access
Current access and latest update details.
Access
Free
Updated
Jul 12, 2026, 11:12 AM

CodeQL 2.26.0 is useful for teams shipping AI features in JavaScript or TypeScript. The release adds js/system-prompt-injection, a query for cases where untrusted user-provided values flow into an AI model's system prompt and can manipulate model behavior.\n\nWhy bookmark it: GitHub says every new CodeQL version is automatically deployed to GitHub code scanning users on github.com, so many teams can get the new query through existing security workflows instead of adding a separate scanner. The release also adds prompt-injection sinks for OpenAI, Anthropic, and Google GenAI SDK APIs, plus Kotlin 2.4.0 support and several query accuracy improvements.\n\nUse it for: AI app pull requests, agent backends, prompt-template libraries, Realtime session setup, and GenAI SDK integrations where user content might cross into system-level instructions.\n\nCheck before relying on it: whether your repo uses GitHub code scanning on github.com or a GitHub Enterprise Server version that includes CodeQL 2.26.0, whether the affected language pack runs in your workflow, and whether custom prompt-building helpers need extra modeling.

Discussion

Sign in to join the discussion and vote on comments.

No comments yet. Start the discussion.
Keep exploring

More from this topic

More in Tools & Apps