GitHub Copilot Adds Prompt-Injection Detection in CodeQL 2.26.0
GitHub
CodeQL 2.26.0, shipped July 10, adds Kotlin 2.4.0 language support and introduces new query coverage targeting AI-specific security threats, specifically detecting prompt injection vulnerabilities in code that passes untrusted input to LLM APIs. GitHub Copilot's Mobile sessions interface also received filtering and sorting controls.
Why it matters
Prompt injection is now the leading attack surface in LLM-integrated applications; adding static-analysis detection for it in the industry's most widely deployed SAST tool normalizes secure-by-default LLM coding practices at scale.
Importance: 2/5
First major SAST tool to add prompt injection detection; broad secure-coding impact