The Problem: I’ve been dealing with the same multi-day quota lockout bug that everyone else is facing right now. But while trying to troubleshoot my drained quota with Google One support, I stumbled onto a pretty massive security oversight.
Currently, there is zero visibility into what devices or sessions are actually using our Antigravity tokens. Support confirmed that if your Antigravity session token gets stolen (e.g., by malware) and used on another machine, it does not show up in the standard Google Account device list. That list only tracks direct Google logins, not Antigravity session tokens.
The Feature Request: We desperately need a dedicated dashboard or interface for Antigravity session management. It should include:
-
Active Devices/Sessions: A clear list of every machine or IP currently authenticated with our Antigravity token.
-
Token Usage Breakdown: Visibility into how much quota/how many tokens each specific session is burning.
-
Revoke Access: A simple way to kill specific sessions or a “Revoke All” button to force a fresh sign-in everywhere.
Why this matters: With quotas being as strict (and bugged) as they are right now, we need to know for a fact that we are the ones draining our own limits. If a token gets compromised, someone could easily sit there quietly burning through our Pro limits or AI credits, and we’d have absolutely no way to trace it, verify it, or stop it.
Disclaimer: If my understanding of how these specific Antigravity tokens work under the hood is incorrect—for example, if they can’t actually be hijacked or used remotely in this way—I apologize! Please feel free to ignore or close this post if that’s the case. I just wanted to raise the flag because, based on what support told me, this feels like a missing security layer.