Arn't they yoinking an OAuth token for replay in the Claw app?

If so, I don't think anybody who knows how auth works could feign complete innocence.

I mean, the "exploit" is really "we have an access key with overly-broad permissions and poor monitoring", but that's ... also kind of like 70% of old hacker stories?

"The gate code is 1234" "If you punch in this code it tricks the phone network into thinking you're an operator" "The credentials 'guest'/'guest' work on this network".

You probably could have had five, ten people using the Antigravity API key for whatever and even if someone noticed it probably wouldn't have been worth the time to fix.

But it's like you learn the gate code for the employee parking lot and instead of just quietly enjoying free parking you start punching in the code and waving more and more cars into the lot until it's jammed full, and then complain when the code's changed and they post a guard outside checking IDs.

Google changed the ToS to disallow this usage? I'm pretty sure it was disallowed from the beginning

> What weakness? What exploit? People have been using it in a way that was technically possible. And they paid for it, many purchased the product specifically because of it.

It's technically possible, but Google didn't provide a feature allowing the creation of Antigravity or Gemini CLI API keys for use outside the respective apps.

> they call people calling out Google for their monopolistic behavior whining.

Google's monopoly is not in AI, it's advertisement. When you accuse them of ridiculous and unfounded crimes, you're diluting the chance of Google being held accountable. As someone that wants to see Google ripped apart by the FTC, we can't just lie and say everything Google does is criminal.