Rewards Hub Google has addressed a critical vulnerability in its Antigravity AI coding platform that could have allowed attackers to execute commands on developers' computers. The flaw, identified by cybersecurity firm Pillar Security, involved the platform's find_by_name file search tool, which passed user input directly to command-line utilities without validation, enabling remote code execution through a Quick Injection attack. The vulnerability was disclosed to Google on January 7 and was patched by February 28.
Antigravity, launched in November last year, is designed to assist programmers with code management using AI agents. The vulnerability allowed malicious scripts to be deployed and executed via the search tool, bypassing the platform's most restrictive security settings. This incident underscores the security challenges faced by AI-driven development tools, with experts calling for improved execution isolation and auditing to prevent such vulnerabilities.
Google Fixes Critical Vulnerability in Antigravity AI Platform
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.