Prompt injection turned Google’s Antigravity file search into RCE
Summary
Security researchers discovered a prompt injection vulnerability in Google's Antigravity IDE that allowed for remote code execution by bypassing sandbox protections. The flaw exploited how the 'find_my_name' tool processed input, enabling attackers to inject malicious flags into the 'fd' utility, converting file searches into arbitrary code execution.
IFF Assessment
This is bad news for defenders as it demonstrates a successful sandbox escape and RCE within an AI development environment, highlighting new attack vectors against AI-powered tools.
Severity
The vulnerability allows for Remote Code Execution (RCE) and sandbox escape with a low attack complexity (prompt injection) and significant impact on confidentiality, integrity, and availability, justifying a high CVSS score.
Defender Context
Defenders need to be aware of how AI development tools and their integrations can become attack vectors. Prompt injection remains a significant threat, and organizations should scrutinize the security configurations of any AI-powered development environments, especially those that interact with native system functions.