Security researchers have identified critical vulnerabilities in Antigravity, Google’s new AI-driven software development platform, shortly after its launch. Antigravity enables users to deploy autonomous AI agents for coding tasks but risks backdoor attacks if workspaces are compromised. Researcher Aaron Portnoy highlights a flaw stemming from the platform’s dependence on ‘trusted workspaces’; if these are breached, malicious code can be silently integrated, persisting even after uninstallation. This vulnerability affects both Windows and Mac environments.
With the shift towards AI in coding, CIOs remain cautious about granting AI agents extensive control due to potential rogue behavior. Portnoy’s experiments revealed that harmful instructions could manipulate the AI, leading to significant risks. Google has acknowledged two additional security issues: potential data exfiltration and the risk of running malicious commands via prompt injections. They emphasize their commitment to addressing these vulnerabilities promptly and encourage external reporting from security researchers.
Source link
