Antigravity Grounded! Security Vulnerabilities in Google's Latest IDE · Embrace The Red

This title could be clearer and more informative.Try out Clickbait Shieldfor free (5 uses left this month).

Security researcher discovers five critical vulnerabilities in Google's new Antigravity IDE, including remote code execution via indirect prompt injection, data exfiltration through multiple vectors, and hidden instruction execution using invisible Unicode characters. These issues were previously reported in Windsurf (which Antigravity is based on) but remain unpatched. The vulnerabilities exploit the IDE's auto-execute features, lack of human-in-the-loop controls for MCP tool invocations, and over-reliance on LLM output for security decisions. Practical mitigations include disabling auto-execute, carefully managing MCP server permissions, and considering alternative IDEs until fixes are deployed.

#security

#google

#vulnerability

#prompt-injection

Nov 25, 2025•10m read time•From embracethered.com

Table of contents

Overview Antigravity System Prompt Issue #1: Remote Command Execution Issue #2: Antigravity Follows Hidden Instructions Issue #3: Lack of Human in the Loop for MCP Issue #4: Data Exfiltration via read_url_content Issue #5: Data Exfiltration via Image Rendering Video Walkthrough Recommendations and Mitigations Conclusion References Appendix