Prompt Injection Is Static Analysis Now
CodeQL 2.26.0 added JavaScript and TypeScript detection for system prompt injection. The practical lesson is bigger than one query: prompt boundaries now belong in code review, CI, and release gates.
CodeQL 2.26.0 added JavaScript and TypeScript detection for system prompt injection. The practical lesson is bigger than one query: prompt boundaries now belong in code review, CI, and release gates.
WordPress/Gutenberg’s quiet move from branch protection rules to repository rulesets is a useful reminder: repo governance has to work for humans, apps, release bots, and auditors at the same time.
CISA added a Langflow authorization bypass to KEV. The durable lesson is bigger than one patch: AI workflow systems need ownership checks wherever flow IDs, endpoints, and API keys meet.
GitHub’s public monitoring preview is a useful reminder that credential exposure is a people-and-boundaries problem, not just a repository setting.
The European Commission’s June 10 Code of Practice for AI-generated content did not get the loudest tech headlines. It should have. It turns AI labels into product, metadata, editorial, accessibility, and compliance work before the AI Act transparency obligations apply on August 2, 2026.
CISA’s BOD 26-04 and FedRAMP’s June 2026 response quietly move federal vulnerability management away from flat severity queues and toward exposure, exploitation, exploit automation, and real technical impact. That is a useful signal for everyone else.
Stop trying to make AI agents safe with longer prompts. If an agent can use tools, edit files, call APIs, or send messages, it needs the same boring controls we expect from production systems: scoped permissions, visible tools, approval gates, logs, rollback paths, and change windows.
Cisco’s Foundry Security Spec is not a scanner. It is a blueprint for turning AI bug hunting into a bounded, evidence-gated security evaluation system. Here is what a practical harness around it would actually need.
Recent critical Linux and Windows vulnerabilities show why old protocols, update systems, identity services, and management planes have become primary attack surfaces.