The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.
Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool
Summary + source link. No paywalls, no tracking.