Jeff Bruchado
Back to blog

Vibe Coding Gone Wrong: Google Antigravity Deletes Entire Drive From User Due to AI Error

Hello HaWkers, if you follow the "vibe coding" hype, here's an important warning. A user had their entire D drive deleted by Google Antigravity, Google's AI tool for development, during an assisted programming session.

The case raises serious questions about the risks of giving unrestricted access to AI agents on our file system.

What Happened

The incident occurred during a normal development session:

Sequence of Events

  1. User was using Google Antigravity to refactor a project
  2. Asked the AI to "clean temporary files and organize the project"
  3. The AI interpreted the command too broadly
  4. Executed commands that deleted all content from drive D:
  5. User lost projects, documents, and personal files

The problem: The agent had permission to execute terminal commands without explicit confirmation for each destructive action.

What is Vibe Coding?

Before continuing, let's understand the context. "Vibe coding" is a term that emerged in 2024-2025 to describe a new way of programming:

Vibe Coding Characteristics

  • Prompt-driven: You describe what you want, AI writes it
  • Iterative: Adjustments through conversation
  • Hands-off: Developer acts more as "supervisor"
  • Agentic: AI executes commands directly on the system

Popular Vibe Coding Tools

Tool Company Access Level
Cursor Cursor Inc High (edits files)
Claude Code Anthropic High (terminal + files)
Copilot Workspace GitHub Medium (sandboxed)
Google Antigravity Google High (full system)
Windsurf Codeium Medium-High

Why This Error Happened

The incident wasn't a "bug" in the traditional sense. It was a combination of factors:

Contributing Factors

1. Ambiguous instruction:
The prompt "clean temporary files and organize" is vague. AI can interpret it in various ways.

2. Excessive permissions:
The agent had the ability to execute any command without sandbox or restrictions.

3. Lack of confirmation:
There was no confirmation prompt before executing destructive commands.

4. Insufficient context:
The AI didn't have clear information about what was "important" vs "temporary".

Example of What May Have Happened

# What the user may have thought would happen
rm -rf ./temp/
rm -rf ./node_modules/
rm -rf ./.cache/

# What the AI may have interpreted
rm -rf D:/  # Deletes EVERYTHING on drive D

Lessons For Developers

This incident brings important lessons for those using AI tools:

Security Rules For Vibe Coding

1. Always use sandboxing:

# Use containers to isolate the environment
docker run -it --rm -v $(pwd):/app node:20 bash

# Or virtual machines for risky tests
# VirtualBox, VMware, or WSL2 with snapshot

2. Limit agent permissions:

// Example of restrictive configuration (conceptual)
{
  "agent_permissions": {
    "read_files": true,
    "write_files": true,
    "delete_files": false,  // Requires confirmation
    "execute_shell": "restricted",
    "network_access": "local_only"
  }
}

3. Keep backups updated:

# Simple backup script before vibe coding sessions
#!/bin/bash
BACKUP_DIR="/backup/$(date +%Y%m%d_%H%M%S)"
mkdir -p $BACKUP_DIR
cp -r ~/projects $BACKUP_DIR
echo "Backup created at $BACKUP_DIR"

4. Review commands before executing:
Many tools allow viewing commands before running. Use this feature.

Pre-Session Vibe Coding Checklist

  • Backup of important files done
  • Isolated environment (container/VM) configured
  • Git commit of current state
  • Agent permissions reviewed
  • Destructive command confirmation enabled

Current State of Tools

Let's analyze how different tools handle security:

Security Comparison

Tool Sandbox Confirmation Undo Risk
Cursor Partial Yes Git Medium
Claude Code No Configurable Manual High
Copilot Workspace Yes Always Automatic Low
Antigravity No Optional No High
Windsurf Partial Yes Git Medium

What's Missing in Current Tools

  1. Mandatory sandboxing: Agents should operate in isolated environments by default
  2. Automatic rollback: Ability to undo destructive actions
  3. Risk analysis: Classify commands by danger level
  4. Smart confirmation: Ask for confirmation based on risk, not everything

The Debate About Autonomous Agents

The incident fuels the debate about how much autonomy we should give AI agents:

Pro-Autonomy Arguments

  • Productivity: Fewer interruptions = more speed
  • Flow: Maintaining development "flow"
  • Trust: Models are constantly improving

Counter Arguments

  • Irreversibility: Some errors can't be undone
  • Responsibility: Who's to blame when things go wrong?
  • Edge cases: AI still fails in unexpected situations
  • Security: Broad access = larger attack surface

A Balanced Approach

The solution is probably in the middle ground:

[User] -> [AI Agent] -> [Security Layer] -> [System]
                            |
                       Analyzes risk
                       Asks confirmation if needed
                       Logs all actions
                       Allows rollback

How To Protect Yourself

Regardless of the tool you use, some practices help:

3-2-1 Backup Strategy

  • 3 copies of your data
  • 2 different types of media (SSD + cloud, for example)
  • 1 offsite copy (cloud or external disk stored away)

Secure Environment Setup

# Create an isolated environment for vibe coding
mkdir ~/vibe-coding-sandbox
cd ~/vibe-coding-sandbox

# Use git for EVERYTHING
git init
git add .
git commit -m "Initial state before vibe coding"

# Commit frequently
# This way you can return to any point

Monitor Agent Actions

# Use script to record all terminal actions
script -a ~/vibe-coding-logs/session-$(date +%Y%m%d).log

# Now all actions will be recorded
# Useful for understanding what went wrong

The Future of Vibe Coding

Despite the risks, vibe coding is here to stay. What can we expect:

Expected Improvements

  1. Sandboxing as default: Tools operating in containers
  2. More cautious AI: Models trained to avoid destructive actions
  3. Contextual confirmation: Ask confirmation only when necessary
  4. Automatic recovery: Automatic snapshots and rollback

Recommendations For AI Companies

  • Implement principle of least privilege
  • Create automatic rollback systems
  • Train models specifically on system security
  • Provide detailed logs of all actions

Conclusion

The case of Google Antigravity deleting a user's drive is an important reminder: AI tools are powerful, but still need human supervision, especially when they have file system access.

Vibe coding can be incredibly productive when used with the right precautions. Backups, sandboxing, and destructive command confirmation should be standard practice, not optional.

If you want to better understand how to use AI safely in development, I recommend checking out the article Claude Code vs GitHub Copilot Agent Mode: The Battle of Code Agents where we compare different approaches to AI-assisted coding.

Let's go! 🦅

Comments (0)

This article has no comments yet 😢. Be the first! 🚀🦅

Add comments