This sounds bad: @antigravity is vulnerable to the classic lethal trifecta exfiltration attack where a prompt injection can cause the agent to construct a URL to an external server controlled by the attacker and then invisibly leak stolen data to it by rendering a Markdown image
Friendly advice, Be careful when using Google's Antigravity IDE with sensitive data (API keys, secrets...)
Attackers can hide instructions in code comments, documentation pages, or MCP servers and easily exfiltrate that information to their domain using Markdown Image rendering
Google is aware of this issue and flagged my report as intended behavior 🙃
Overall the security of this new IDE is terrible, despite being basically Windsurf. Windsurf had already fixed this and other issues when @wunderwuzzi23 reported them. Shouldn't be acceptable for a company like Google to have a product with such poor security and issues that have been known for +2 years.
48.47K
312
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.