Where GitHub Advanced Security wins
CodeQL’s dataflow analysis is genuinely deep — it can trace how untrusted input flows through a codebase in ways pattern-matching scanners can’t. If you’re already paying for GitHub Advanced Security, CodeQL is a strong, well-integrated default.
Where Prbl is different
Prbl doesn’t require an Advanced Security license, works the same whether your repo lives on GitHub, GitLab, or locally, and is specifically tuned to catch what AI coding tools produce — JWT verification gaps, hardcoded secrets in scaffolding, and missing authorization checks on freshly generated routes.
Run both
If you already have GitHub Advanced Security, keep CodeQL running — it’s not redundant. Add Prbl specifically for the AI-generated slice of your codebase that general semantic analysis wasn’t tuned to prioritize.