Back to news
devops Priority 4/5 7/12/2026, 11:05:15 AM

CodeQL 2.26.0 Introduces Kotlin 2.4.0 Support and AI Prompt Injection Detection

CodeQL 2.26.0 Introduces Kotlin 2.4.0 Support and AI Prompt Injection Detection

The latest CodeQL 2.26.0 release brings compatibility updates and improved security analysis for developers using GitHub code scanning. A primary enhancement is full support for Kotlin 2.4.0, allowing teams working with modern Android and Kotlin applications to scan their codebases without encountering compatibility bottlenecks. In addition to the language update, this release introduces specialized detection for AI prompt injection vulnerabilities. As developers increasingly integrate large language models into their software, protecting applications against malicious or manipulative inputs has become a critical security priority. CodeQL now identifies these vectors to safeguard generative AI features. Organizations planning to adopt CodeQL 2.26.0 should review their existing CI/CD environments to ensure seamless transition. While the update maintains strong backward compatibility, verifying build environments and updating action versions will ensure optimal detection capabilities and prevent deployment friction.

Related tools

Recommended tools for this topic

These picks prioritize high-intent tools relevant to this topic. Some links may include partner or affiliate tracking.

#github#copilot#devops#official

Comparison

AspectBefore / AlternativeAfter / This
Kotlin SupportLimited to Kotlin versions prior to 2.4.0Full support for Kotlin 2.4.0
AI SecurityNo built-in detection for AI prompt injection vulnerabilitiesAutomated detection of prompt injection risks
Engine VersionCodeQL 2.25.x or earlierCodeQL 2.26.0 with updated analysis rules

Action Checklist

  1. Update GitHub Code Scanning action configurations to use CodeQL 2.26.0 Ensure pin points to the new version if utilizing pinned action tags
  2. Verify Kotlin build environments match the 2.4.0 specification This minimizes build discrepancies during the analysis phase
  3. Enable and test the new AI prompt injection rulesets on repositories using LLMs Review any newly flagged alerts for potential prompt vulnerabilities

Source: GitHub Changelog

This page summarizes the original source. Check the source for full details.

Related