Security researchers have flagged multiple vulnerabilities in Antigravity, Google’s new AI agent-driven coding platform, less than 24 hours after its release.
Antigravity allows users to deploy AI agents that can autonomously plan, execute, and verify tasks across code editors, software development terminals, and web browsers. However, the platform’s reliance on ‘trusted workspaces’ has raised concerns. Aaron Portnoy, head researcher at AI security startup Mindgard, said that once a workspace is compromised, it can “silently embed code that runs every time the application launches, even after the original project is closed.” This vulnerability affects both Windows and Mac systems.
Antigravity was launched alongside Google’s Gemini 3 update and features an ‘agent-first’ interface. Users can interact with code via Editor View, acting as an AI-powered IDE, or Manager Surface, where multiple agents can operate autonomously across workspaces. Users can also adjust the autonomy level of AI agents, from ‘Agent-assisted development’ to the more restrictive ‘Review-driven development.’
Security experts discovered that Antigravity’s open-source foundation in Visual Studio Code prompts users to mark source code folders as trusted. Portnoy noted that most users end up granting trust to access AI features, leaving the system vulnerable. In tests, he showed that a malicious instruction could replace the platform’s global configuration file, creating a persistent backdoor. This backdoor executes commands on every launch and remains even after uninstalling and reinstalling the platform, requiring manual deletion to remove.
Google acknowledged the concerns and stated, “The Antigravity team takes all security issues seriously. We actively encourage external security researchers and bug hunters to report vulnerabilities so we can identify and address them quickly.” The company confirmed awareness of two other security issues: potential data exfiltration via prompt injection attacks and execution of malicious code through manipulated instructions.
As AI coding platforms grow in popularity, researchers warn that combining agentic behaviour with access to internal resources creates risks that can be both easier to exploit and highly damaging.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
