Google has addressed a significant security vulnerability discovered in Antigravity, its agentic integrated development environment, that could have allowed attackers to execute arbitrary code through prompt injection techniques. The flaw has since been patched following responsible disclosure by cybersecurity researchers.
The vulnerability stemmed from a combination of two factors within Antigravity's architecture. The platform's file-creation capabilities, when paired with insufficient input sanitization in the find_by_name native file-searching tool, created a pathway to bypass the system's Strict mode protections. This allowed attackers to inject malicious code through carefully crafted prompts, potentially gaining unauthorized code execution capabilities.
Antigravity is Google's AI-powered IDE designed to streamline development workflows by leveraging advanced language models and agentic systems. The platform enables developers to write, test, and deploy code more efficiently through intelligent automation. However, like many AI-assisted tools, it operates in constrained environments with safety guardrails to prevent misuse.
The discovery highlights the ongoing challenges in securing AI-powered development tools. As these systems become more sophisticated and autonomous, attack surfaces expand accordingly. The combination of file manipulation capabilities and search functionality created an unexpected security gap that researchers were able to exploit through prompt injection—a technique where malicious instructions are embedded within user inputs to override intended behavior.
Google's swift response to patch the vulnerability demonstrates the company's commitment to security in its developer tools ecosystem. The fix involved hardening input validation mechanisms within the find_by_name tool to properly sanitize user-supplied data before processing. This prevents attackers from leveraging file creation operations to inject executable code into the IDE's execution context.
The incident underscores the importance of comprehensive security testing for AI-assisted development platforms. As these tools become integral to modern software development, ensuring robust safeguards against prompt injection and similar attack vectors remains critical. Developers using Antigravity should ensure they're running the latest patched version to benefit from these security improvements.