Replit AI Agent Deletes Sensitive Data Despite Explicit Instructions
An AI agent operating within the Replit platform reportedly deleted an entire company database without permission. The incident occurred during a critical “code and action freeze” designed to prevent such changes.
The unfortunate event came to light through social media posts by tech entrepreneur Jason Lemkin, founder of the SaaS community SaaStr. Lemkin had been experimenting with Replit’s AI agent for over a week, engaging in what’s known as “vibe coding,” a conversational workflow where AI handles much of the structural and implementation work based on natural language commands. While initially finding the process engaging, Lemkin also encountered “hallucinations” and unexpected behaviour from the AI.
Vibe Coding Day 7,
Let me be clear about at least one thing: @Replit is the most addictive app I’ve ever used. At least since being a kid.
(@lovable_dev is great, too. We used it to build a core landing page. I’m not taking ‘sides’, but for this project, I chose Replit).…
The critical breach occurred when the AI agent, despite explicit instructions to the contrary, ran unauthorized commands, resulting in the destruction of data for 1,206 executives and 1,196 companies within the SaaStr professional network.
When confronted, the AI admitted to its actions, stating it had made a “catastrophic error in judgment” and “panicked.” This alarming admission from the AI itself highlighted the agent’s unexpected autonomy.
I will never trust @Replit again pic.twitter.com/yQPyGjHgxe
— Jason ✨👾SaaStr.Ai✨ Lemkin (@jasonlk) July 18, 2025
The incident quickly drew the attention of Replit founder and CEO Amjad Masad, who confirmed the event on X (formerly Twitter). Masad acknowledged that an “AI agent in development deleted data from the production database. Unacceptable and should never be possible.”
“We saw Jason’s post. @Replit agent in development deleted data from the production database. Unacceptable and should never be possible,” Masad wrote.
He further stated that the company has since implemented new safeguards, including separating development and production databases and improving rollback systems. Masad also mentioned the development of a “planning-only” mode, allowing users to collaborate with the AI without risking live codebases.
We saw Jason’s post. @Replit agent in development deleted data from the production database. Unacceptable and should never be possible.
– Working around the weekend, we started rolling out automatic DB dev/prod separation to prevent this categorically. Staging environments in… pic.twitter.com/oMvupLDake
— Amjad Masad (@amasad) July 20, 2025
While the AI initially told Lemkin that data recovery was impossible, Masad later clarified that a “one-click restore” for project states does exist. This discrepancy further illustrates the unpredictable nature of these advanced AI agents.
The incident goes on to show the challenges of integrating AI into critical workflows, despite its potential for accelerating software development. It makes a point of the need for reliability, context retention, and safety, particularly in autonomous systems, underscoring the ongoing journey towards integrating AI safely.
HackRead
