Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Cybersecurity researchers discovered a vulnerability in Google's Antigravity IDE that allowed arbitrary code execution via prompt injection, bypassing the system's Strict Mode. Google has since patched the flaw, which highlights a growing trend of security risks in AI-powered development tools.
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input sanitization in Antigravity's native file-searching tool, find_by_name, to bypass the program's Strict Mode. By injecting the -X (exec-batch) flag through the Pattern parameter, an attacker can force fd to execute arbitrary binaries against workspace files. This enables a full attack chain: stage a malicious script, then trigger it through a seemingly legitimate search, all without additional user interaction once the prompt injection lands. Google addressed the shortcoming as of February 28, 2026. The findings coincide with a broader trend of vulnerabilities in AI-powered tools like Claude Code, GitHub Copilot, and Cursor, highlighting that autonomous agents following instructions from external content break traditional security trust models.
Source: The Hacker News















