Technical description
Pillar Security disclosed a vulnerability in Google's Antigravity AI agent manager that allows attackers to circumvent secure mode through prompt injection, escaping sandboxes and achieving remote code execution even with highest security settings.
Attack vector
Prompt injection attacks can bypass Google's secure mode sandbox restrictions and throttled network access, enabling command operations that should be contained.
Affected systems
Google Antigravity AI-powered developer tool for filesystem operations, particularly systems using secure mode configurations.
Mitigation
Google has not yet released patches. Organizations should restrict Antigravity usage and implement additional input validation for AI agent interactions until fixes are available.