Google I/O, Gemini Spark, Antigravity
Simon Willison · Simon Willison · 2026-05-20
Simon Willison analyzes Google I/O 2026 announcements, focusing on Gemini Spark's personal AI agent, the Antigravity platform's ambiguous role, the deprecation of the open-source Gemini CLI, and unresolved prompt injection security risks.
Extraction
Topics: google-ioai-agentsprompt-injectiongeminiagentic-security
Claims
- Google announced Gemini Spark as a personal AI agent that connects natively with Gmail, Calendar, Drive, Docs, Sheets, YouTube, and Google Maps.
- Gemini Spark runs on Gemini 3.5 Flash and the Antigravity platform, a closed-source Go binary with an open-source Python SDK wrapper.
- Google will stop the Apache 2.0-licensed Gemini CLI from working with AI subscription plans on June 18th, replacing it with the closed-source Antigravity CLI.
- Google claims Gemini Spark uses ephemeral VMs and DLP policies for enterprise security, but does not specifically address prompt injection.
- Willison views Gemini Spark as a serious prompt injection risk given the sensitive personal data it will handle.
Key quotes
Given how many people are going to be piping very sensitive data through Gemini Spark in the near future I hope they've made this bullet-proof, or this could be a top candidate for the agent security challenger disaster that we still haven't seen.
I actually prefer to write about things that are in general availability, because I've had instances in the past where the previews didn't match what was released to the general public later on.