GitHub: CodeQL 2.26 Introduces AI Prompt Injection Detection — First Mainstream SAST Tool to Treat AI Attacks on Par with Classic Ones
CodeQL 2.26.0 is the new version of GitHub's static security analysis tool, introducing detection of AI prompt injection attacks as a new analysis type, along with support for Kotlin 2.4.0. It is the first integration of an AI-specific attack vector into a mainstream SAST tool, bringing prompt injection into the same security workflows as XSS and SQL injection.
This article was generated using artificial intelligence from primary sources.
On July 10, 2026, GitHub released CodeQL 2.26.0, a version of its static security analysis tool that introduces detection of AI prompt injection attacks for the first time. CodeQL treats code as a database and runs security queries against it, finding vulnerabilities before they reach production — and as of this version, the list of covered attacks includes AI-specific vectors.
Why is this a turning point?
Prompt injection — inserting hidden instructions into a language model’s input to redirect its behavior — has until now been treated as a ‘soft’ AI problem, separate from classical software security. By entering CodeQL, a tool used by millions of repositories through GitHub Advanced Security, prompt injection gains the same status as XSS or SQL injection: it is automatically scanned on every pull request. This signals that the industry is beginning to treat AI attacks as a mainstream security risk rather than a research curiosity.
What exactly does it detect?
The new analysis type tracks data flows where untrusted input reaches a language model call without appropriate sanitization — a pattern that arises when an application passes user input directly into a prompt. This is especially relevant for the growing wave of applications embedding LLMs and agents, where the boundary between data and instructions becomes blurred.
Other highlights
Alongside the security news, CodeQL 2.26.0 adds support for Kotlin 2.4.0 and improves analysis for C#, Go, and JavaScript/TypeScript. The release arrives on the same day an arXiv paper on ‘Overthinking’ reveals a new class of extraction attacks on reasoning models — a dual reminder that the security of AI systems is becoming a serious, standalone discipline in 2026.
Frequently Asked Questions
- What is CodeQL?
- CodeQL is GitHub's static security analysis (SAST) tool that treats code as a database and queries it to find vulnerabilities before they reach production.
- What is prompt injection?
- Prompt injection is an attack where hidden instructions are inserted into an AI model's input to redirect its behavior — the AI equivalent of SQL injection, growing more dangerous as applications embed language models.
- What else does CodeQL 2.26.0 bring?
- Support for Kotlin 2.4.0 and improvements to analysis for C#, Go, and JavaScript/TypeScript, alongside the new prompt injection detection.
Sources
Related news
arXiv:2607.08173: 'Overthinking' — Amplified Reasoning Forces Reasoning Models to Reveal Learned Secrets, New Extraction Attack at ICML 2026
OpenAI: first Bio Bug Bounty — researchers invited to find biosecurity vulnerabilities in the GPT-5.5 model
DT-Guard: 4B-Parameter Model Outperforms 8B Guardrails by Separating Reasoning Supervision from Inference Speed