Topic

#prompt-injection

Loot, blog posts and adjacent themes connected to this topic. Follow the tag to keep it in your orbit.

#prompt-injection
Loot

More from this topic

Explore all loot

Scan AI Apps for System Prompt Injection with CodeQL 2.26.0

0
GitHub's CodeQL 2.26.0 adds a JavaScript/TypeScript query that detects untrusted user values flowing into AI system prompts. CodeQL 2.26.0 is useful for teams shipping AI features in JavaScript or TypeScript. The release adds js/system-prompt-injection, a query for cases where untrusted user-provided values flow into an AI model's system prompt and can manipulate model behavior.\n\nWhy bookmark it: GitHub says every new CodeQL version is automatically deployed to GitHub code scanning users on github.com, so many teams can get the new query through existing security workflows instead of adding a separate scanner. The release also adds prompt-injection sinks for OpenAI, Anthropic, and Google GenAI SDK APIs, plus Kotlin 2.4.0 support and several query accuracy improvements.\n\nUse it for: AI app pull requests, agent backends, prompt-template libraries, Realtime session setup, and GenAI SDK integrations where user content might cross into system-level instructions.\n\nCheck before relying on it: whether your repo uses GitHub code scanning on github.com or a GitHub Enterprise Server version that includes CodeQL 2.26.0, whether the affected language pack runs in your workflow, and whether custom prompt-building helpers need extra modeling.
View
Free
Open
Blog

Related reads

Browse blog