
The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.
Researchers discovered a critical vulnerability in Google's Antigravity AI-powered IDE that allowed attackers to bypass security restrictions via prompt injection, leading to remote code execution and sandbox escape. The flaw, involving insufficient input sanitization in a file-search tool, was patched by Google after disclosure.[AI generated]
Why's our monitor labelling this an incident or hazard?
The event explicitly involves an AI system (an agentic AI-based IDE) and describes a security vulnerability that allowed attackers to execute arbitrary code remotely, which constitutes a direct harm to property and potentially to users' digital environments. The flaw was exploited via prompt injection, a known AI-related attack vector. Although the vulnerability has been fixed, the event reports a realized security incident involving an AI system that led to a critical risk of harm. Therefore, this qualifies as an AI Incident due to the direct link between the AI system's malfunction (security flaw) and the potential for significant harm.[AI generated]