Google Flags Surge in Malicious Use of Antigravity Backend, Signals Access Clampdown
Google acknowledges that some users may have unknowingly violated the platform’s terms of service.
A Google executive has flagged a sharp rise in malicious activity targeting the Antigravity backend, warning that abuse of the system has significantly degraded service quality for legitimate users. Google released Antigravity last year as its agent-first coding platform built around its newly released Gemini 3 Pro model.
In a post on X, Varun Mohan, an engineer at Google DeepMind, said the team has observed a “massive increase in malicious usage” of the Antigravity backend, prompting urgent corrective action. “We needed to find a path to quickly shut off access to these users that are not using the product as intended,” he wrote.
Mohan acknowledged that some users may have unknowingly violated the platform’s terms of service. “We understand that a subset of these users were not aware that this was against our ToS and will get a path for them to come back on,” he said, adding that the company faces capacity constraints.
The move signals a stricter enforcement approach as Google works to protect infrastructure reliability and ensure fair access for compliant users. Mohan emphasised that with limited resources, priority would be given to “our actual users,” underscoring the company’s focus on safeguarding performance and service integrity.
Before joining Google, Mohan founded and served as the CEO of Windsurf, the company behind the popular AI coding tool Cursor.
Soon after the launch of Antigravity in November 2025, security researchers at PromptArmor have uncovered a major vulnerability in Antigravity, that allows attackers to exfiltrate credentials and private code — even when standard safeguards are enabled.
"An indirect prompt injection in an implementation blog can manipulate Antigravity to invoke a malicious browser subagent in order to steal credentials and sensitive code from a user’s IDE," the company said.
