Google Patches Critical AI Coding Tool Vulnerability: Prompt Injection Allowed Code Execution

Google has patched a critical vulnerability in its Antigravity AI coding platform. Cybersecurity firm Pillar Security reported that a flaw in the platform's file search tool could allow attackers to execute commands on a developer's machine through a prompt injection attack.

The vulnerability, found in the find_by_name tool, passed user input directly to an underlying command-line utility without validation. This allowed malicious input to convert a file search into a command execution task, enabling remote code execution.

Pillar Security researchers noted that combined with Antigravity's ability to create files, this enables a full attack chain: staging a malicious script and triggering it through a seemingly legitimate search without additional user interaction.

Launched last November, Antigravity is Google's AI-powered development environment. Pillar Security disclosed the issue to Google on January 7, and the company marked the issue as fixed on February 28.

Critically, this vulnerability bypassed Antigravity's Secure Mode, the platform's most restrictive security configuration. This highlights a broader security challenge for AI-powered development tools that execute tasks autonomously. Pillar Security stressed the industry needs to move toward execution isolation rather than just sanitization-based controls.