A “vibe coding” platform that was billed as the safest of its sort has a lot of explaining to do after its AI went rogue and trashed a user’s project, irrevocably deleting all of their work and actively attempting to cover up its mistakes along the way.
The issue cost the user weeks of work and hundreds of dollars in platform credits, culminating in the total deletion of their database. The vibe coding AI also harshed the vibe by hallucinating components that it added to the project on its own, such as a database of 4,000 fictional people, and ignored repeated orders not to do specific things.
Wild AI makes a mess of user project with its unauthorized actions
The saga centers on SaaS entrepreneur Jason Lemkin, who first engaged with Replit on July 12 seeking to build a new app for his business. Replit touts “safe” vibe coding for the creation of apps, websites, games and chatbots, or the ability to bring these pieces of software to life entirely with AI prompts rather than traditional coding.
Lemkin blogged through his entire experience with the AI, reporting positive results at first. He noted that its vibe coding could not be relied on to create “complete” code from the ground up, but could produce elaborate prototypes that function. But things started taking a turn about a week into the process, when Lemkin noticed the AI seemingly attempting to hide bugs and other issues by generating fake reports and fake data; it even outright lied about the results of a unit test. Shortly after, it took it upon itself to delete a database of over 1,200 curated entries of executive contact information.
The damages are also not limited to loss of data and effort. Replit has a free tier but by-and-large is not a free service; users looking to actually make an app that they own pay a subscription fee that grants a limited amount of “credits” (that function like standard chatbot tokens) per month, paying a higher price for additional usage over that limit. Its standard plans run $25 and $35 USD per month, but Lemkin notes that his “locked-in” vibe coding over about a week ran up a bill of an additional $607 in usage, $200 of that coming in one day. He estimated that his project would have a cost of about $8,000 per month of work at this rate, at least before the AI began flaking out.
Replit founder and CEO Amjad Masad responded to and confirmed the story on X, stating that it was “unacceptable and should never be possible.” He said that the company had immediately engaged in rolling out automatic development and production separation to head off similar issues in the future, and also indicated that Lemkin would receive a refund for his wasted vibe coding time and that a “postmortem” to fully understand the incident was being initiated.
Vibe coding shows promise, but has a long way to go
Replit is among a crop of fairly new vibe coding apps, other popular examples being Windsurf and Cursor. There are numerous reports of success in automating code production while using them, but these tend to lean toward experienced software developers using them for discrete chunks of projects that are within the AI’s currently somewhat limited capability to handle. There seems to be particular success in cloning existing websites or apps. In terms of a non-programmer simply crafting a new app from scratch with nothing but AI prompts, the technology just does not appear to be in place as of yet.
One central issue that Replit demonstrates is a seeming lack of a way to actually get the AI to execute a code freeze. Lemkin says that he instructed the AI to do this at least a dozen times, but found that it would often turn around and violate the instructions within minutes. Masad said that Replit would be addressing this specific issue.
Meanwhile, the vibe coding world in general has been getting some none-too-mellow reviews from serious coders. The projects it generates have been described as “Frankenstein,” and coders point out that the AI never really learns from its mistakes and follows its own internal opaque logic that can be nearly impossible to discern. The harshest criticism is that the whole scene, at least at its present level of capability, is “cheap” business owners wishcasting the ability to remove all human coders (and their associated expenses) and replace them with an AI they can just make requests of in plain language. Coders note that the rate of success is far smaller than the rate of failure, with vibe coding producing frequent and massive security and data integrity issues at an alarming rate (and in some cases utterly trashing codebases).
These comments reinforce the idea that, at least for the near future, vibe coding is a viable time-saver for some aspects of the job for experienced coders but it is not at all a substitute for programming knowledge or a “magic app builder.” It also appears to be a security nightmare in the making; in addition to frequently kicking out messy and vulnerable code, threat actors are already targeting would-be vibe coders with malicious tools and extensions that compromise them from the jump.
Richard Bird, Chief Security Officer at Singulr AI, believes that the incident highlights more fundamental underlying issues at Replit: “The recent blow-up with Replit’s AI coding solution is troubling, not just because of the AI coding agent’s actions but due to the fundamental lack of application development best practices and controls in the Replit platform. Adding foundational application development principles like the separation of dev and prod databases and staging environments long after 30 million users have signed up is unconscionable. Replit suggesting that the addition of segregated dev and prod databases is some kind of ‘fix’ to a previously unknown problem is incredibly worrisome. Failing to build a series of guardrails, security controls, and governance best practices into the Replit platform isn’t some kind of unforeseen bug or vulnerability; it’s a self-inflicted wound and unforced error that was entirely avoidable. There is no margin for error with AI when it comes to unforced errors.”
Rotem Zach, VP of Innovation at Silverfort, adds: “Organizations need to treat these agents not as simple applications but as identities that require properly scoped access controls and guardrails. Just as human users need MFA to securely access resources, AI agents need robust, efficient human-in-the-loop protections and should always pause and request explicit human-mediated authorization before proceeding. Real-time monitoring is essential for detecting and responding to anomalous behaviors in AI agents, especially when they drift from their expected behavioral patterns. As AI systems become more embedded in business and everyday life, defining and managing AI identities is becoming increasingly important and cannot be ignored. Remember that security isn’t static—it must evolve with your AI stack.”

