Simon Willison — 2026-05-20#
Highlight#
Simon takes a critical look at Google I/O’s Gemini Spark announcement, digging into the opaque “Antigravity” stack and questioning how Google plans to mitigate prompt injection risks for a tool with deep access to user data. This highlights the growing industry tension between powerful workspace AI agents and fundamental security vulnerabilities.
Posts#
[Google I/O, Gemini Spark, Antigravity] · Source Sticking to his rule of only reviewing generally available tools, Simon breaks down the announcement of Gemini Spark, Google’s new OpenClaw competitor that natively integrates with Workspace apps. He notes a strange FAQ detail claiming Spark runs on “Antigravity”—a moniker applied to a desktop app, a Go-based CLI, and a VS Code fork. Crucially, Simon questions whether Google’s isolated VM approach and Agent Gateway will actually be enough to prevent an “agent security challenger disaster” when handling sensitive data via prompt injection. He also highlights that Google is deprecating its open-source Gemini CLI on June 18th in favor of a closed-source Antigravity CLI.