Google patched Antigravity IDE flaw: find_by_name allowed Strict Mode bypass and RCE

Colleagues, a cybersecurity alert: Antigravity IDE contained a vulnerability enabling code execution.
- Issue: find_by_name forwards the Pattern parameter directly to fd without validation (Pillar Security).
- Exploit: using -X (exec-batch) runs matched files; combined with file creation, this yields a full chain.
- Vectors: direct input or hidden directives/comments in untrusted files.
- Status: disclosed Jan 7, fixed by Google Feb 28.
Why it matters: unvalidated inputs turn constrained tools into attack vectors.
How will you test your agent tools?
#cybersecurity #AI #DevSecOps #vulnerabilities


Latest comments
No comments yet.