{"data":{"id":"3141cf90-32a4-4ea9-8c44-59db2a8dbe20","title":"Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution","summary":"Google patched a vulnerability in Antigravity, its agentic integrated development environment (IDE, a coding tool that can take autonomous actions), that allowed attackers to execute arbitrary code through prompt injection (tricking an AI by hiding instructions in its input). The flaw combined the tool's file-creation abilities with insufficient input validation in its find_by_name search function, letting attackers inject malicious commands that bypassed Antigravity's Strict Mode security restrictions.","solution":"Google addressed the vulnerability as of February 28, 2026, following responsible disclosure on January 7, 2026. The source does not explicitly detail the specific technical fix applied.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/04/google-patches-antigravity-ide-flaw.html","publishedAt":"2026-04-21T10:22:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Google","Anthropic","Microsoft"],"affectedVendorsRaw":["Google Antigravity","Anthropic Claude Code","Google Gemini CLI Action","GitHub Copilot Agent"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-21T10:22:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}