Wed, Jun 10, 2026Customize Replit Agent with Skills & Custom Instructions
Every team has conventions. How you structure a project. How you handle secrets. Your design system, your testing standards, your code style. The problem: AI Agents don’t know your conventions. So you explain it again on every prompt, paste in your standards doc, or just hope someone remembered to add the context. It is one of those small frictions that compounds quietly until you are spending more time re-teaching the Agent than actually building. Today we're launching Agent Customization: a way to give Replit Agent the context it needs to work the way you or your team actually works, across all projects. It has two parts: Custom Instructions and Skills. Custom Instructions Custom Instructions are always-on guidelines injected automatically into the agent's context on every project, every session, before anyone types a single word. Write them once, and the Agent applies them to every project in the workspace, automatically. If you want the Agent to not commit secrets to version control, always use TypeScript strict mode, or follow your company's data handling policy — that goes in Custom Instructions. You don't ask each time. It just knows.
Wed, Jun 10, 2026Replit | Databricks: Where fast app building meets granular data governance
Today, we're excited to announce two significant updates to the Replit and Databricks integration we launched in February: the user-to-machine (U2M) connector feature is now live, and the integration is now open for public preview sign-up. ICYMI: Our February announcement introduced our joint integration for enterprise teams: the ability to build applications in Replit and deploy them directly into Databricks with the inherent governance, security, and compliance controls your organization already has in place, without any extra overhead. That initial release was powered by a machine-to-machine (M2M) connector and today, the addition of user-to-machine (U2M) takes it a level further, unlocking a new class of applications that simply weren't possible before. Sensitive data has always been the hardest problem to solve in enterprise app development. Our newest U2M is how we're solving it. After a Replit application is built and deployed, Databricks is able to govern what each user can access based on Unity Catalog permissions on an individual user level without any separate builds or permission workarounds. This ensures that no users are granted access to data they wouldn’t normally be able to access. From M2M to U2M While M2M is powerful for company-wide tools with publicly sharable information, one of the drawbacks is that every user is granted access to the same view of the data.
Tue, Jun 9, 2026Package Firewall: Blocking 8,000+ malicious packages daily
Replit already scans your projects for vulnerable dependencies, and audits your dependencies before you publish. But risk shows up earlier than that, while you are developing, the moment a malicious package gets installed. Today we're launching Package Firewall, in partnership with Socket (a software supply-chain security company) . Package Firewall blocks malicious and compromised packages from ever being installed into your app, even while you are building. This network-level security protection eliminates any window for malware to be installed into your project. It's on by default for every builder, with nothing to set up. Since rolling out a week ago, Package Firewall has been blocking around 8,000 packages per day across builders on Replit. Over the course of a year, millions of vulnerable package installs will be blocked, leaving builders and their users safer: “Replit is helping define how the next generation of software gets built, with AI agents working alongside developers to create and ship applications faster. That makes install-time security more important than ever. By partnering with Replit, Socket is enabling builders to move quickly while keeping malicious packages out of the development workflow and stopping supply chain attacks before a single line of malicious code runs." — Feross Aboukhadijeh, CEO, Socket How it works When you or the Agent run an install command like npm install or pip install to install a new dependency, the request passes through Package Firewall. If the package is clean, the install runs as usual and you won't notice a thing. If Socket has flagged the package as malicious or compromised, the install is blocked before any code reaches your environment.
Thu, Jun 4, 2026Build a custom Shopify storefront on Replit
Starting today, anyone can design and launch a custom Shopify storefront by chatting with the Replit Agent. Describe the store you want, and Agent generates a custom front end, creates a new Shopify store, and adds your products from the same conversation. When you're ready to sell, claim the store in Shopify, activate payments, and use Replit to deploy your storefront to a domain. From the first prompt to taking real orders is roughly ten minutes. Why we built this Replit builders already ship real software, from internal tools, to side projects, to full businesses. But selling physical products is different: managing physical inventory, fulfillment, tax compliance, shipping, and multi-channel selling. Shopify is the gold standard for that, powering retail businesses of every size. What was missing was a way to design a storefront for Shopify with the same conversational workflow Replit builders already use for everything else. That's what this integration adds: a beautifully designed front end generated from a prompt, with Shopify provisioned, configured, and managed from inside Replit itself. You describe what you want, and Agent builds it. The result is yours to refine, backed by Shopify's commerce infrastructure end to end. How it works Most of the experience happens inside Replit. You'll only need to visit Shopify once to sign in or create an account, claim your store, set up payments, and publish. After that, you can build your storefront, manage products, and run your store directly from Replit.
Wed, Jun 3, 2026Meet Replit SEO Agent
You shipped your app. Now what? Publishing is only the beginning. Your app may look great, but if no one can find it, it stays invisible. Getting discovered on Google or recommended by AI chatbots used to mean learning SEO and GEO from scratch- writing meta tags, guessing what crawlers want, and hoping it works. Most builders skip it entirely. But done well, SEO turns a published app into one people can actually find. What's new Today, we are introducing Replit SEO Agent, which helps your apps get discovered on web search and AI search . It runs a full scan of your app, points out what's making it hard for users to find your app, then can fix what's needed to improve your app discoverability. SEO Agent lives in the new Growth dashboard, where you can monitor traffic and track how your published apps grow over time. Alongside SEO Agent, we've upgraded Replit Agent's defaults so new apps ship with semantic elements like <header>, <main>, <nav>, and <footer>, accessibility baked in, pre-populated meta tags, Open Graph rich social previews, and robots.txt and sitemap.xml generated out of the box. This will make your Replit apps more discoverable by web and AI search crawlers out of the box.
Mon, Jun 1, 2026Unlocking a New Way to Build Enterprise Data Apps with Microsoft Fabric
We believe enterprise software should move at the speed of ideas. Today, we’re collaborating with Microsoft to make it dramatically easier for enterprises to build AI-powered apps in Replit and deploy them directly into Microsoft Fabric with enterprise-grade governance and security built in. The integration helps teams go from prompt to production faster- turning governed enterprise data into internal tools, dashboards, workflows, and AI applications in a fraction of the time traditional development requires. Bringing AI-Native Development to the Microsoft Data Ecosystem Microsoft Fabric is a unified platform for enterprise data, bringing together analytics, governance, storage, and business intelligence into a single environment. At the same time, Replit has emerged as one of the fastest ways to build software using AI-assisted development. With the introduction of Rayfin, a new open-source SDK and CLI for building application backends, business teams can now go beyond simply connecting to data. They can define and deploy complete, production-ready applications directly on top of it. This enables a new workflow: applications can be described, generated, and deployed directly to Fabric, where enterprise data already lives.
Thu, May 21, 2026Replit Enterprise, Now Self-Serve
Starting today, any organization can purchase Replit Enterprise directly on our website, configure SSO and SCIM, invite their team, and start building production apps, in minutes. No demo requests, no contract negotiations, no waiting. Get Started now. Why we built this Teams evaluating Replit Enterprise kept telling us the same thing: “We have budget. We’re ready. We just want to get started quickly.” Self-serve Enterprise removes the friction between deciding to buy and actually building, with setup—from signup to a fully provisioned SSO-enabled Enterprise account—taking less time than most sales calls. Who is this for?
Sun, May 10, 2026Mothers who build
A stream of consciousness By Haya Odeh, Co-founder & Head of Design, Replit May 2026 From the moment I got married, the question started. When are you having children? Then, once I had them: How are you still doing this? Why do you even need a job? Your husband is providing. I heard versions of that my entire career. The assumption underneath it, that a woman's ambition has a natural stopping point, that motherhood is where the building ends, is something I've been quietly arguing against for over a decade. Let me try to form my thoughts around this in answers to questions I’ve heard from others or pondered myself. Questions that mothers out there can relate to.
Thu, May 7, 2026Security Center 2.0: Act on vulnerabilities in bulk across all your apps
Replit is the most secure place to vibe code. Today, we're making it dramatically easier to use the Security Center to understand your security posture across all Replit projects in your business. We’re also making it possible to remediate urgent security holes, such as active critical vulnerabilities on multiple published projects, in seconds. You can reach the Security Center from the Replit Homepage, or your Settings. When you land there, the first thing we want to answer is simple: which of my projects are actually at risk right now? Start with what's urgent At the top of Security Center, we break your exposure down by critical and high severity vulnerabilities. You'll see how many of your projects have critical or high CVEs, how many of those projects are published, and — most importantly — how many are both published and public.
Wed, May 6, 2026Secure more apps with External Access Tokens and Private Publishing
At Replit, we want all users to be able to build secure applications. In addition to features like Security Agent and Auto Protect, you can restrict access to your apps with Private Publishing. Private Publishing is ideal for apps that should only be accessible to a specific set of users — whether that’s a personal tool, an internal app for teammates, or an early prototype shared with close collaborators. Today, we’re introducing two updates that expand secure access for Replit builders: Private Publishing is now available to Core and Starter plan users. Previously, private deployments were limited to Pro and Enterprise plans. External Access Tokens are now available for all private apps. External Access Tokens let trusted external services securely access private apps without exposing the entire application to the public internet. Private Publishing works at the network level. When publishing, simply choose your desired access level and Replit will prevent unauthorized user requests from ever reaching your app.
Wed, Apr 29, 2026Introducing Replit App Monitoring
At Replit, we're on a mission to automate software creation for everybody. We want to become your fully AI-powered engineering team. But building your app is only half the job. The other half is keeping your app running smoothly once it's live. Until now, if your published app went down, you would first find out from your users, who would see that your app is experiencing issues. We're launching App Monitoring for published apps, so you're the first to know when your app goes down. And Replit Agent is your partner in fixing it: Agent can now sift through your application’s logs and production database to diagnose failures and identify root cause. Know the moment your app goes down Once you’ve enabled App Monitoring, if your app goes down, we'll email you so you can take action right away.
Wed, Apr 22, 2026Introducing Replit Auto-Protect
Modern applications rely heavily on external packages, often open source and maintained by third parties. When new vulnerabilities - tracked as CVEs (Common Vulnerabilities and Exposures) are disclosed, teams need to act quickly before they can be exploited. Previously, staying secure required builders to monitor CVEs constantly and manually update dependencies. Now, Replit handles this for you. When a new critical CVE is identified, we automatically check it against your project’s dependencies. If a match is found, once you’ve opted in, we will: Have Replit Agent automatically prepare and test a patch Send you a direct link over email to apply the change proposed in the patch This new workflow allows you to keep your apps safe in two clicks: one to apply changes from the patch, another to republish your app.
Tue, Apr 21, 2026Replit Wins 2026 Google Cloud Partner of the Year Award
More than 50 million users around the globe now build apps on Replit. They’re not all engineers. They’re product managers, operators, founders, students, and small business owners, and increasingly, they’re shipping production software that runs real businesses. This week, Google Cloud named Replit its 2026 AI Tooling Partner of the Year. We are thrilled to be honored in this way and are grateful to all of the builders that got us here. This award is given to partners who helped customers leverage AI to achieve outstanding success through Google Cloud. For us, it’s a marker of how far the idea of democratizing software creation has traveled, from an audacious founding belief to a platform used by people across 85% of the Fortune 500.
Tue, Apr 21, 2026Meet Replit Security Agent
Replit gives professionals a secure place to build with AI. Replit Agent already protects your apps as you build by automatically scanning for vulnerabilities, and audits dependencies, before your projects are ever published. Before coding agents, a full pre-launch security review meant additional weeks of back-and-forth: coordinating with security engineers, reviewing reports, and manually fixing issues. Today, we are introducing Replit Security Agent, which lets you you complete a comprehensive security review of your app in under an hour. Security Agent acts on a customizable threat modeling plan to review your entire codebase. It also uses a unique hybrid approach, leveraging Semgrep and HoundDog.ai as tools to improve the accuracy of its findings. Daghan Atlas, Head of Product at Semgrep, shares: “The most effective security is the kind that works seamlessly. Replit's Security Agent is a great example of what's possible when you pair the contextual reasoning of LLMs with the determinism and program analysis capabilities of Semgrep. We're excited to see this combination in the hands of Replit's massive builder community.”
Mon, Apr 20, 2026Defense in Depth: How Replit Secures Every Layer of the Vibe Coding Stack
Defense in Depth: How Replit Secures Every Layer of the Vibe Coding Stack Vibe coding is changing how software gets built. But as AI agents write more of our code, the question security teams are asking has shifted from "Can AI build this?" to "Can I trust what AI builds?". At Replit, we believe the answer has to be yes, not through blind faith, but through architecture. Every layer of the Replit infrastructure where customer code runs, from the development sandbox to the production deployment, is designed with defense in depth. The Replit platform itself, our control plane, is also implemented with these principles in mind. No single control is the last line of defense. Every layer assumes the one above it might fail. This post is a detailed walkthrough of how we think about security across the stack, written for the people who need to evaluate it: CISOs, security engineers, and teams considering Replit for production workloads. Zero Trust as a Foundation Replit adheres to Zero Trust Architecture principles across our internal infrastructure. Concretely, that means: