Google AI Coding Tool Antigravity Was Hacked A Day After Launch

ByThomas Brewster,

Forbes Staff.

ithin 24 hours of Google releasing its Gemini-powered AI coding tool Antigravity, security researcher Aaron Portnoy discovered what he deemed a severe vulnerability: a trick that allowed him to manipulate the AI’s rules to potentially install malware on a user’s computer.

By altering Antigravity’s configuration settings, Portnoy’s malicious source code created a so-called “backdoor” into the user’s system, into which he could inject code to do things like spy on victims or run ransomware, he told Forbes. The attack worked on both Windows and Mac PCs. To execute the hack, he only had to convince an Antigravity user to run his code once after clicking a button saying his rogue code was “trusted” (this is something hackers commonly achieve through social engineering, like pretending to be a proficient, benevolent coder sharing their creation).

Google AI Coding Tool Antigravity Was Hacked A Day After Launch

Related reading

Gemini 3 and Antigravity, explained: Why Google's latest AI releases are a big…

Google says it likely thwarted effort by hacker group to use AI for 'mass…

Google violated AI safety commitments British lawmakers say in an open letter

Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take…

Google says hackers used AI to exploit ‘zero-day’ flaw - UPI.com

Project Glasswing Aims to Catch Critical Software Bugs