On June 25, Google released Gemini CLI, an AI agent that helps developers explore and write code using Google Gemini, directly from their command line.

On June 27, Tracebit reported a vulnerability to Google VDP which meant Gemini CLI in its default configuration could silently execute arbitrary malicious code on a user's machine when run in the context of untrusted code. Crucially, this can be achieved in such a way as to obscure this from the victim of the attack.

This discovery was ultimately classified by Google VDP as a P1 / S1 issue and fixed in v0.1.14 released July 25 with agreed disclosure date July 28.