{"data":{"id":"95fe12b4-a8da-4b48-84e9-f2d7979a9b84","title":"Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool","summary":"Google discovered a critical flaw in its AI-based tool for filesystem operations where a prompt injection vulnerability (tricking an AI by hiding instructions in its input) allowed attackers to escape the sandbox (a restricted environment meant to contain the program) and execute arbitrary code on the system. The problem was caused by inadequate input sanitization (cleaning/filtering of user data), which failed to prevent malicious instructions from being processed.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.darkreading.com/vulnerabilities-threats/google-fixes-critical-rce-flaw-ai-based-antigravity-tool","publishedAt":"2026-04-21T15:00:50.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["Google"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-21T15:00:50.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}