Google Patches Critical RCE in Antigravity AI Development Tool

Google has shipped a fix for a critical remote code execution vulnerability in Antigravity, its AI-powered development platform. The flaw allowed attackers to execute arbitrary code on systems running the tool, a serious exposure given Antigravity’s role in agentic coding workflows where it operates with elevated access to developer environments and repositories.

The disclosure lands amid growing scrutiny of AI coding agents as a new class of attack surface. Tools like Antigravity sit in a privileged position — reading source, executing commands, and invoking external services on behalf of users — so an RCE in the agent itself collapses the boundary between prompt injection and full system compromise. Patching alone does not resolve the structural concern: the same trust model that makes these agents useful also makes each vulnerability disproportionately damaging.

Organizations running Antigravity should apply the update immediately and audit any sessions or artifacts produced by unpatched versions. The incident reinforces that AI-native developer tooling needs the same vulnerability management discipline as any other production dependency, not the looser posture typically applied to experimental tooling.