Google I/O, Gemini Spark, Antigravity
Summary
Google announced Gemini Spark, an upcoming AI agent product that connects with Google apps like Gmail and Drive, which runs on Gemini 3.5 Flash and a tool called Antigravity. To address prompt injection risks (tricking an AI by hiding instructions in its input), Google stated that Spark operates in isolated virtual environments with encrypted credentials, data loss prevention policies, and a secure gateway, though the author expresses concern about whether these protections are sufficient given the sensitive data users may process through it.
Solution / Mitigation
According to Google's documentation, Gemini Spark implements the following security measures: 'Spark operates in a fully managed, secure runtime on Google Cloud' with 'every task executes in a fresh, strictly isolated, ephemeral VM to help ensure data never overlaps between sessions.' Additionally, 'all traffic routes through our secure Agent Gateway that enforces Data Loss Prevention (DLP) policies, while user credentials remain fully encrypted and are never exposed directly to the agent.'
Classification
Affected Vendors
Related Issues
CVE-2026-30308: In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe comman
CVE-2026-40087: LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str
Original source: https://simonwillison.net/2026/May/20/google-io/#atom-everything
First tracked: May 20, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 75%