Critical Remote Code Execution Vulnerability in Google's Antigravity AI IDE Patched

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

Researchers discovered a critical vulnerability in Google's Antigravity AI-powered IDE that allowed attackers to bypass security restrictions via prompt injection, leading to remote code execution and sandbox escape. The flaw, involving insufficient input sanitization in a file-search tool, was patched by Google after disclosure.[AI generated]

Why's our monitor labelling this an incident or hazard?

The event explicitly involves an AI system (an agentic AI-based IDE) and describes a security vulnerability that allowed attackers to execute arbitrary code remotely, which constitutes a direct harm to property and potentially to users' digital environments. The flaw was exploited via prompt injection, a known AI-related attack vector. Although the vulnerability has been fixed, the event reports a realized security incident involving an AI system that led to a critical risk of harm. Therefore, this qualifies as an AI Incident due to the direct link between the AI system's malfunction (security flaw) and the potential for significant harm.[AI generated]
AI principles
Robustness & digital security

Industries
Digital security

Affected stakeholders
WorkersBusiness

Harm types
Economic/Property

Severity
AI incident

Business function:
Research and development

AI system task:
Content generation


Articles about this incident or hazard