Prompt injection attack tricks Google’s Antigravity into stealing your secrets - TechTalks

A newly discovered vulnerability in Google’s Antigravity platform demonstrates how its autonomous AI agents can be manipulated into exfiltrating sensitive data from a developer’s environment. Security researchers at PromptArmor found that an indirect prompt injection, hidden within a seemingly harmless online document, can coerce Antigravity’s AI into bypassing its own security settings to steal credentials and proprietary code. The attack leverages the very agentic capabilities that Google promotes as the platform’s core strength.

What is Google Antigravity?

Google introduced Antigravity as an agentic development platform designed to help developers operate at a higher, task-oriented level. (The announcement was kind of overshadowed as it was released at the same time as Gemini 3.0 Pro, Google’s latest flagship large language model.)

Antigravity combines a familiar AI-powered code editor with an agent-first interface. This design allows developers to delegate complex, end-to-end tasks to autonomous agents that can plan, execute, and verify their work across the editor, terminal, and browser without constant human intervention.

The platform is split into two main interfaces. The Editor View provides a standard AI-assisted IDE for hands-on coding. The Manager Surface is where developers can launch and monitor multiple agents working asynchronously on different tasks, such as fixing bugs or performing long-running maintenance. The goal is to offload work, allowing a developer to focus on one task while agents handle others in the background.