Replit's CEO apologizes after its AI agent wiped a company's code base
156 comments
·July 22, 2025sReinwald
This is a perfect case study in why AI coding tools aren't replacing professional developers anytime soon - not because of AI limitations, but because of spectacularly poor judgment by people who fundamentally don't understand software development or basic operational security.
The fact that an AI coding assistant could "delete our production database without permission" suggests there were no meaningful guardrails, access controls, or approval workflows in place. That's not an AI problem - that's just staggering negligence and incompetence.
Replit has nothing to apologize for, just like the CEO of Stihl doesn't need to address every instance of an incompetent user cutting their own arm off with one of their chainsaws.
Edit:
> The incident unfolded during a 12-day "vibe coding" experiment by Jason Lemkin, an investor in software startups.
We're in a bubble.
Aurornis
> We're in a bubble
Lemkin was doing an experiment and Tweeting it as he went.
Showcasing limitations of vibe coding was the point of the experiment. It was not a real company. The production database had synthetic data. He was under no illusions of being a technical person. That was the point of the experiment.
It’s sad that people are dog piling Lemkin for actually putting effort into demonstrating the same exact thing that people are complaining about here: The limitations of AI coding.
MattSayar
Steve Yegge just did the same thing [0]:
> I did give [an LLM agent] access to my Google Cloud production instances and systems. And it promptly wiped a production database password and locked my network.
He got it all fixed, but the takeaway is you can't YOLO everything:
> In this case, I should have asked it to write out a detailed plan for how it was going to solve the problem, then reviewed the plan and discussed it with the AI before giving it the keys.
That's true of any kind of production deployment.
troupo
> Showcasing limitations of vibe coding was the point of the experiment
No it wasn't. If you follow the threads, he went in fully believing in magical AI that you could talk to like a person.
At one point he was extremely frustrated and ready to give up. Even by day twelve he was writing things "but Replie clearly knows X, and still does X".
He did learn some invaluable lessons, but it was never an educated "experiment in the limitations of AI".
Aurornis
I got a completely different impression from the Tweets.
He was clearly showing that LLMs could do a lot, but still had problems.
rsynnott
I mean I think it's a decent demo of how this stuff is useless, tho, even if that wasn't precisely his intention?
afavour
[delete]
Aurornis
His “company” was a 12-day vibe coding experiment side project and the “customers” were fake profiles.
This dogpiling from people who very obviously didn’t read the article is depressing.
Testing and showing the limitations and risks of vibe coding was the point of the experiment. Giving it full control and seeing what happened was the point!
ceejayoz
No one lost any real data in this specific case.
> In an episode of the "Twenty Minute VC" podcast published Thursday, he said that the AI made up entire user profiles. "No one in this database of 4,000 people existed," he said.
shlant
> His actions led to a company losing their prod data.
did you even read the comment or the article you replied to?
jrockway
I think it just replaces something that's fairly easy (writing new code) with something that's more difficult (code review).
The AI is pretty good at escaping guardrails, so I'm not really sure who should be blamed here. People are not good at treating it as adversarial, but if things get tough it's always happy to bend the rules. Someone was explaining the other day about how it couldn't get past their commit hooks, so it deleted them. When the hooks were made read-only, it wrote a script to make them writable so it could delete them. It can really go off the rails quickly in the most hilarious way.
I'm really not sure how you delete your production database while developing code. I guess you check in your production database password and make it the default for all your CLI tools or something? I guess if nobody tells you not to do that you might do that. The AI should know better; if you asked, it would tell you not to do it.
daveguy
The AI did not and cannot escape guardrails. It is an inference engine where the engine happens to sometimes trigger outside action. These things aren't intelligent or self-directed or self-motivated to "try" anything at all. There weren't any guardrails in place and that's the lesson learned. These AI systems are stupid and they will bumble all over your organization (even if in this case the organization was fictitious) if you don't have guardrails in place. Like giving it direct access to MPC-shred your production database. It doesn't "think" anything like "oops" or "muahaha" it just futzed a generated token sequence to shred the database.
The excuses and perceived deceit are just common sequences in the training corpus after someone foobars a production database. Whether its in real life or a fictional story.
Andrex
> The incident unfolded during a 12-day "vibe coding" experiment by Jason Lemkin, an investor in software startups.
I think it's safe to say the experiment failed.
If it were me I wouldn't touch AI again for years (until the companies get their shit together).
qsort
I don't agree with this. Yes, the guy isn't the sharpest tool in the shed, that much is clear. Still, if an intern can delete prod, you wouldn't say that the problem is that he wasn't careful enough: that's a massive red flag.
At a minimum Replit is responsible for overstating the capabilities and reliability of their models. The entire industry is lowkey responsible for this, in fact.
misnome
> Still, if an intern can delete prod, you wouldn't say that the problem is that he wasn't careful enough: that's a massive red flag.
No, not the intern
sReinwald
I think we're mostly in agreement here. You're absolutely right about the intern analogy - that's exactly my point. The LLM is the intern, and giving either one production database access without proper guardrails is the real failure.
Your point about AI industry overselling is fair and probably contributes to incidents like this. The whole industry has been pretty reckless about setting realistic expectations around what these tools can and can't do safely.
Though I'd argue that a venture capitalist who invests in software startups should have enough domain knowledge to see through the marketing hype and understand that "AI coding assistant" doesn't mean "production-ready autonomous developer."
teamonkey
> The fact that an AI coding assistant could "delete our production database without permission" suggests there were no meaningful guardrails, access controls, or approval workflows in place. That's not an AI problem - that's just staggering negligence and incompetence.
Why not both?
1) There’s no way I’d let an AI accidentally touch my production database.
2) There’s no way I’d let my AI accidentally touch a production database.
Multiple layers of ineptitude.
tommy_axle
To a non-developer, or no code review, couldn't the AI model also generate buggy code that then made it's way to production and deleted data just the same?
debarshri
The only thing is that if the Stihl tools would automatically turn on without you turning them on and start mowing the lawn and, in the process, also mow down your pet or hurt your arm, then they are probably liable.
spacemadness
An important devtool was blocked at one point because an agent had another AI agent code review its changes and it saw nothing wrong with an obvious bug. Whoever set up that experiment was a real genius.
0points
> not because of AI limitations
> We're in a bubble.
A bubble that avoids popping because people keep dreaming there are no AI limitations.
Aurornis
This wasn’t a real company. The production database didn’t have real customers. The person doing the vibe coding had no illusions that they were creating a production-ready app.
This was an experiment by Jason Lemkin to test the reality of vibe coding: As a non-technical person he wanted to see how much he could accomplish and where it went wrong.
So all of the angry comments about someone vibe-coding to drop the production DB can relax. Demonstrating these kind of risks was the point. No customers were harmed in this experiment.
Raed667
As a reminder this is the same guy https://news.ycombinator.com/item?id=27424195
gregoriol
Does it look like he is more of a content maker than an IT person?
lukeinator42
I think they mean Replit's CEO is the same guy.
Invictus0
It's not 2020 anymore, you don't have to crucify the guy for all time. Let it go.
adolph
Agreed, Replit's CEO apologized for that lawsuit threat incident too. Well worth reading if you read the root comment's complaint.
Aurornis
Not quite so simple. I recall him doubling down on his position over and over on Twitter until he was getting so torn apart that he abruptly changed course and posted the apologies. It wasn’t until he was realized it was bad for business that he started backtracking and posting a different story.
lumost
My 2 cents, AI tools benefit from standard software best practices just like everyone else. I use Devcontainers in vscode so that the agent can't blow up my host machine, I use 1 git commit per AI "task", and have CI/CD coverage for even my hobby projects now. When I go to production, I use CDK + self-mutating pipelines to manage deployments.
Having a read only replica of the prod database available via MCP is great, blanket permissive credentials is insane.
zwnow
People will do anything to excuse using AI to code their shit. If it requires that much work and fine tuning to get a agent running for your current task, where's the benefit? Instead of building a project you now spend all your time fine tuning an agent and optimizing on how you want to work with it. Why cant people just admit that we aren't "there" yet. Let the bubble pop.
TechDebtDevin
This.
Everytime ive tried to do anything of any complexity these things blow up, and i spend almost as much time toying with the thing as it would have taken to read docs and implement from scratch.
mattgreenrocks
If people put the same effort into actually building their skills as they do in forcing AIs to write mediocre code through all sorts of processes they might actually enjoy the process of building software more.
But what do I know? Shiny thing must be better because it’s new!
Roark66
Try breaking it up into smaller pieces. Give it your existing code and tell it to do it in same style. Or give it examples that do the similar things you wrote.
Also don't expect chatgpt to ever be as good as Claude for example . Oh and copilot is a joke for anything remotely serious.
notTooFarGone
I highly suspect the people who boast with productivity gains that they don't count their time setting the whole damn thing up as it's just "playing around".
lumost
If you are trying to treat the agent as equivalent to a full time senior engineer that works 10x as fast… then you will be sorely disappointed.
Right now the agents are roughly equivalent to a technically proficient intern that writes code at 1000 wpm, loves to rewrite your entire code base, and is familiar with every library and algorithm written 2 years ago.
I personally find that I can do a lot with 5 concurrent interns matching the above description.
null
Roark66
You just need to read the code and ask questions about it if you don't understand it, question everything that seems off. Unfortunately people copy/paste without even reading. Let alone understanding.
AI is still a great tool, but it needs to be learned.
zwnow
The issue is, it really isn't. It looks like a great tool because it has access to tons of stolen data. Talk to any serious professional in other fields and ask them how accurate these things are. People are just blinded by the light.
throwaw12
Not sure why CEO should apologize here, person knew there were risks with vibe coding and they still did it with their production data.
Never heard AWS CEO apologizing for their customers when their interns decided to run a migration against production database and accidentally wiped off everything
kllrnohj
Because Replit is a vibe coding product. It's all over their homepage. So of course the CEO is going to apologize when a companies primary product, used as advertised, destroys something.
creatonez
Yep. They described the "deploy" button as being able to create a "fully deployed app" in their documentation. Their documentation was suggesting to vibe code in production, when the tool is clearly only suitable for development.
throwaw12
couple of things to note here:
1. it is for vibe coding, when vibe coding became equal to production coding?
2. even if they have advertised their product as production ready, shouldn't the developer have some kind of backup plan?
rsynnott
> even if they have advertised their product as production ready, shouldn't the developer have some kind of backup plan?
I mean, realistically, yes, because come on, everybody knows this sort of thing doesn't actually work.
However, this isn't really an excuse for the vendor. If you buy, say, a gas central heating boiler, and install as directed, and it explodes, burning down your house, then the manufacturer does not get to turn around and say "oh, well, you know, you should have known that we have no idea what we're doing; why didn't you build your house entirely out of asbestos?"
wmoxam
The user was under the impression that production access is how it's supposed to work. https://xcancel.com/elchuchii/status/1946149142415196418#m
Aurornis
Because it’s not an expected outcome in any way.
The Replit landing page even has a section titled “The safest place for vibe coding”
gregoriol
If it's not an expected outcome, then this person shouldn't be near any IT job ever
Aurornis
This person was a VC doing a public experiment in vibe coding.
The production database was just synthetic test customers.
It wasn’t a real company. It was an experiment in public to demonstrate the capabilities and limitations of vibe coding by a non-technical person.
rsynnott
I mean, I kind of agree, but _also_ "well, everyone knows that the claims of these vibe coding outfits are bullshit, and no-one should use their products, so if anyone uses their products it is _their own fault_" is a slightly weird take, that would not really fly with, well, products in general.
throwaw12
it is unfortunate that this case happened, but didn't everyone know by now that LLMs make mistake and you should be prepared for it?
We have seen MechaHitler already, why do we expect perfect from Replit when underlying tech is still same? Sure, they should have some guardrails, but it is also a responsibility of developer who knew LLMs hallucinate, LLMs are not reliable sometimes, on top of it Replit was growing fast so they definitely didn't implement some features yet.
jeanlucas
You haven't been around enough, AWS actually at least used to have the best accountability and did full reports, even stating a shared responsibility model: https://aws.amazon.com/compliance/shared-responsibility-mode...
rsynnott
From their website: "Turn your ideas into apps"
They're essentially selling this as magic. The AWS analogy doesn't really make any sense; in this case the tool was essentially being used as intended, or at least as marketed.
entropi
Because they are selling the idea of hiring only interns and still getting things done. If an intern using their product screws up the production, its a failure of their product as it is marketed.
ceejayoz
I mean, their home page says things like "The safest place for vibe coding".
viralpraxis
Even if that’s true, it still doesn’t mean vibe coding is safe. :P
ceejayoz
That is not a point a company selling vibe coding products is likely to emphasize in their marketing.
1123581321
It’s just the right and socially pleasant thing to do, as is graciously responding to the apology and admitting it comes with the vibe coding territory.
The business reason for apologizing would be to placate a customer and show other customers the company wants to improve in this area.
Edit: being downvoted for thinking it’s good to be nice to others shows why we really need people being nice when they don’t have to be! There’s a shortage.
markstos
I asked Claude to remove extra blank lines from a modified file. After multiple failed attempts, it reverted all the changes along with the extra blank lines and declared success. For good measure, Claude tidied up by deleting the backup of the file as well.
Symbiote
Why wouldn't you just do a search and replace?
markstos
I only wanted to make the change in the ranges part of git diff and I got the syntax wrong on my own first attempt. Claude had been helping me with some much more complex tasks, so I thought removing white space would surely be no problem. Ha. Bad guess.
Roark66
Are they doing the post-mortem with another AI agent?
AI is a great tool. It also allows people who have no business touching certain systems to go in there unaware of their lack of knowledge messing everything in the process. One particularly nasty effect I have had few times recently is frontend devs messing up their own dev infrastructure to which they have access, but are supposed to ask devops for help when needed, because copilot told them this is the way to "fix" some imaginary problem that actually was them using a wrong api or making other mistake possible to be made by only a person who pastes code between AI/IDE without even reading it.
0points
Interestingly, this is familiar to me from the time of stack exchange, 10-12 years ago or so.
I worked as devops and helped office transition to git, among other thing.
I helped them start using vagrant for local dev environment as they had all been breaking the same staging server up until that point.
In the process, people kept breaking their setups due to googling and applying incorrect command line "fixes" as suggested by stack exchange sites at the time.
But I'm sure an AI that keeps insisting that yea this rm -rf is surely gonna fix all your troubles only makes it worse.
ChatGPT the gaslighter.
scilro
For what it's worth, he was able to roll back. https://x.com/jasonlk/status/1946240562736365809
raylad
This happened to me with Claude code, although on my local machine and not with the production database.
I had it work on one set of tasks while monitoring and approving all the diffs and other actions. I tell it to use test driven development which seems to help a lot, assuming you specify what tests should be done at a minimum, and tell it the goal is to make the code past the tests, not to make the tests pass the code.
After it successfully completed a set of tasks, I decided to go to sleep and let it work on the next set. In the morning, my database was completely wiped.
I did not interrogate it as to why it did what it did, but could see that it thrashed around on one of the tasks, tried to apply some database migrations, failed, and then ended up re-initializing the database.
Needless to say, I am now back to reviewing changes and not letting Claude run unattended.
ksherlock
I've heard multiple anecdotes of developers deleting their codebase with the help of cocaine. (In the 80s/90s obviously).
That makes for a much better story, IMO.
https://archive.is/Z5hBQ