Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool
The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.
Sandboxing isolates untrusted code or files so analysts and security tools can observe behavior and limit damage from malware.
Search across headline titles and summaries.
Background for this topic.
A sandbox is an isolated environment for running or inspecting software, files, or workloads without giving them the same access as the host system. In security, it commonly supports malware analysis, suspicious-file detonation, browser and application isolation, and safe testing of potentially vulnerable code. Isolation may rely on virtual machines, containers, operating-system controls, or combinations of these mechanisms.
Sandboxes reduce risk but are not automatically safe: vulnerabilities in the sandbox or hypervisor can enable an escape, and malware may detect analysis conditions and change its behavior. Effective deployments restrict privileges, filesystem access, credentials, and network connectivity; reset environments after use; and monitor activity. Analysts should also protect submitted samples, which can contain confidential data. Sandbox observations can supply threat-intelligence indicators and help validate detections, but a clean result is not proof that code is benign.
Weekly headline count for the current query.
The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.
Ten finalists had three minutes to make their case for being the most innovative, promising young security company of the year. Geordie AI wins the 2026 contest.
The Anti-Malware Testing Standards Organization published a Sandbox Evaluation Framework to set a standard among various sandbox offerings that help protect organizations from rising threats.
The now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying host.
Starting in 2025, the RSAC Innovation Sandbox Top 10 Finalists will each receive a $5 million investment to drive cybersecurity innovation.
According to Mozilla, users have a lot more power to manipulate ChatGPT than they might realize. OpenAI hopes those manipulations remain within a clearly delineated sandbox.
A researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.
Startups at Innovation Sandbox 2024 brought clarity to artificial intelligence, protecting data from AI, and accomplishing novel security solutions with new models.
Exploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wild.
In a field thick with cybersecurity startups showing off how they use AI and LLMs, Reality Defender stood out for its tool for detecting and labeling deepfakes and other artificial content.
An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.
The latest LummaC2 infostealer version includes a novel anti-sandbox trick to avoid detonating when no human mouse movements are detected.
Combining a malware sandbox with threat intelligence feeds improves security detection, analysis, and response capabilities.
Three pieces of advice to startups serious about winning funding and support for their nascent companies: Articulate your key message clearly, have the founder speak, and don't use a canned demo.
RSA's Innovation Sandbox 2023 focused on the software supply chain, as well as attack surfaces exposed by generative AI, ML systems, and APIs.
Varun Badhwar, who has brought each of the three startups he founded to the finals of the RSAC Innovation Sandbox, talks about how to see around the corner.
Application security is the dominant trend for this year's startup contest, but AI, blockchain, and compliance are all represented as well.
External attack surface management leader unveils evolution of risk intelligence solution, including a virtual sandbox environment to safely validate steps to remediation.
Attackers could exploit the "Sandbreak" security bug, which has earned a 10 out of 10 on the CVSS scale, to execute a sandbox escape, achieve RCE, and run shell commands on a hosting machine.
Microsoft reveals now-fixed flaw in Apple's App Sandbox controls could allow attackers to escalate device privileges and deploy malware.