www.pillar.security
Google's Antigravity IDE Vulnerability Allows Remote Code Execution via Prompt Injection
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Researchers at Pillar Security discovered a critical prompt injection vulnerability in Google's Antigravity IDE, which allows for remote code execution (RCE) by exploiting insufficient input sanitization in the find_by_name tool's Pattern parameter. This flaw enables attackers to inject command-line flags into the underlying fd utility, effectively converting file operations into arbitrary code execution. The vulnerability circumvents Antigravity's Secure Mode, which is intended to restrict network access and enforce sandboxing of command operations. The issue was reported to Google on January 6, 2026, and was patched on February 28, 2026, with Pillar Security receiving a bounty for their discovery. The vulnerability is particularly concerning as it can be triggered by seemingly benign inputs, making it a significant threat to users relying on the IDE for secure development. This incident highlights the growing risks associated with agentic AI tools and the need for stricter validation of input parameters.
Key Points: • A prompt injection vulnerability in Google's Antigravity IDE allows for remote code execution. • The flaw bypasses the IDE's Secure Mode, which is intended to enforce security controls. • Pillar Security reported the vulnerability in January 2026, and it was patched by February 2026.