Summary

CodeQL 2.26.0, released July 10, 2026, introduces a JavaScript and TypeScript query that flags untrusted values flowing into AI model system prompts, and adds prompt-injection sinks for more OpenAI, Anthropic, and Google GenAI SDK APIs. The release also adds Kotlin 2.4.0 support and accuracy improvements across C#, Go, Python, and Swift.

What changed

CodeQL 2.26.0 shipped a new JS/TS query for system prompt injection that tracks untrusted input reaching AI model system prompts, and expanded prompt-injection sinks to cover additional OpenAI, Anthropic, and Google GenAI SDK calls. It also raised Kotlin support to 2.4.0 and improved several language analyses including C# Razor Page sources and Go slog models.

Why it matters

Prompt injection remains the top production security failure mode for LLM and agent apps, and moving detection into CodeQL means GitHub can surface it during code scanning in CI rather than only at runtime. Baking AI-specific taint tracking into a mainstream SAST engine signals that prompt-injection review is becoming a standard part of the secure SDLC for teams shipping AI features.

Evidence excerpt

CodeQL now supports Kotlin up to 2.4.0 and introduces a JavaScript/TypeScript query for system prompt injection targeting untrusted values flowing into AI model system prompts. The release also adds prompt injection sinks for additional OpenAI, Anthropic, and Google GenAI SDK APIs.

Sources