GitHub Ships CodeQL 2.26.0 With AI Prompt-Injection Detection for JavaScript/TypeScript
GitHub (CodeQL release notes)·medium signal
GitHub released CodeQL 2.26.0 on July 11, 2026, adding static-analysis queries that flag AI prompt-injection vulnerabilities in JavaScript and TypeScript, plus Kotlin 2.4.0 support and broader multi-language analysis improvements. Pulling prompt-injection detection into the standard code-scanning pipeline signals that untrusted-input-into-LLM flows are now treated as a first-class security defect class. Builders wiring LLM calls into JS/TS apps can now catch injection sinks in CI instead of at runtime.