GitHub CodeQL 2.26.0 Adds Native AI Prompt Injection Detection
What's new
- js/system-prompt-injection query: detects untrusted user-provided values flowing into AI model system prompts, enabling attackers to manipulate model behavior
- SDK coverage: OpenAI (Sora prompts, Realtime session instructions), Anthropic (completions), Google GenAI (cached content)
- Kotlin 2.4.0 support: full analysis for the latest Kotlin version
- C# Razor Pages: handler method parameter tracking (previously a blind spot)
- IPv6 SSRF detection: experimental detection of server-side request forgery via IPv6 in JS/TS
- Reduced false positives: improved Go file-closing and Python
locals()dictionary analysis
Why it matters
This is the first time CodeQL — the most widely used SAST tool for open-source projects — natively detects AI-specific attack surfaces. Projects using Anthropic, OpenAI, or Google AI SDKs can automatically scan for prompt injection as part of their CI/CD pipeline via GitHub Advanced Security.
How to try it
Update CodeQL to version 2.26.0 in GitHub Actions; the js/system-prompt-injection query is part of the standard security suite for JavaScript/TypeScript.
Open original source
GitHub