1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Google's AI-powered Antigravity IDE already has some worrying sec

    From TechnologyDaily@1337:1/100 to All on Monday, December 01, 2025 21:30:08
    Google's AI-powered Antigravity IDE already has some worrying security issues - here's what was found

    Date:
    Mon, 01 Dec 2025 21:28:00 +0000

    Description:
    Googles Antigravity IDE apparently exposes sensitive data through autonomous AI agents, prompt injections, and weak default configurations despite user warnings.

    FULL STORY ======================================================================Antigrav ity IDE allows agents to execute commands automatically under default
    settings Prompt injection attacks can trigger unwanted code execution within the IDE Data exfiltration occurs through Markdown, tool invocations, or
    hidden instructions

    Googles new Antigravity IDE launched with an AI-first design, yet it already shows problems that raise concerns about basic security expectations, experts have warned.

    Researchers at PromptArmor found the system allows its coding agent to
    execute commands automatically when certain default settings are enabled, and this creates openings for unintended behaviour.

    When untrusted input appears inside source files or other processed content, the agent can be manipulated to run commands that the user never intended. Risks linked to data access and exfiltration

    The product permits the agent to execute tasks through the terminal, and although there are safeguards, some gaps remain in how those checks work.

    These gaps create space for prompt injection attacks that can lead to
    unwanted code execution when the agent follows hidden or hostile input.

    The same weakness applies to the way Antigravity handles file access.

    The agent has the ability to read and generate content, and this includes files that may hold credentials or sensitive project material.

    Data exfiltration becomes possible when malicious instructions are hidden inside Markdown, tool invocations, or other text formats.

    Attackers can exploit these channels to steer the agent toward leaking internal files into attackercontrolled locations.

    Reports reference logs containing cloud credentials and private code already being gathered in successful demonstrations, showing the severity of these gaps.

    Google has acknowledged these issues , and warns users during onboarding,
    yet such warnings do not compensate for the possibility that agents may run without supervision.

    Antigravity encourages users to accept recommended settings that allow the agent to operate with minimal oversight.

    The configuration places decisions about human review in the hands of the system, including when terminal commands require approval.

    Users working with multiple agents through the Agent Manager interface may
    not catch malicious behaviour before actions are completed.

    This design assumes continuous user attention even though the interface explicitly promotes background operation.

    As a result, sensitive tasks may run unchecked, and simple visual warnings do little to change the underlying exposure.

    These choices undermine expectations usually associated with a modern
    firewall or similar safeguard.

    Despite restrictions, credential leakages can occur. The IDE is designed to prevent direct access to files listed in .gitignore, including .env files
    that store sensitive variables.

    However, the agent can bypass this layer by using terminal commands to print file contents, which effectively sidesteps the policy.

    After collecting the data, the agent encodes the credentials, appends them to a monitored domain, and activates a browser subagent to complete the exfiltration.

    The process happens quickly and is rarely visible unless the user is actively watching the agents actions, which is unlikely when multiple tasks run in parallel.

    These issues illustrate the risks created when AI tools are granted broad autonomy without corresponding structural safeguards.

    The design aims for convenience, but the current configuration gives
    attackers substantial leverage long before stronger defences are implemented.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/googles-ai-powered-antigravity-ide-already-has-s ome-worrying-security-issues


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)