Skip to main content
Building and publishing apps in a secure fashion is a shared responsibility. Replit is responsible for the security of the Replit Agent, platform, and infrastructure on which customer workloads run. Replit takes measures to operate them with reasonable controls and secure defaults, and provides tools you can use to protect your application and data. You are responsible for your application’s contents and for using and configuring the tools Replit provides. This is an intentional balance. Replit wants you to build anything you can dream of, and that freedom means putting certain decisions in your hands. The following table outlines Replit’s shared responsibility model, structured along the lines of established cloud and AI shared-responsibility patterns (Microsoft AI SRM, CSA AICM), and based on ISO/IEC 42001 and the NIST AI RMF:

Responsibility matrix

General

Replit Agent

Development environment

Published apps

How responsibility is divided

Most rows in the table follow one of three patterns:
  • Mechanism vs. configuration. Replit ships the controls: RBAC, visibility settings, MFA, SSO, data residency, retention. You decide which to enable and how to configure them.
  • Detection vs. remediation. Replit watches the platform and surfaces what it can see: vulnerable dependencies, abuse signals, platform anomalies. You monitor and fix what’s inside your application, because you’re the only one who knows what “fixed” means in your context.
  • First-party vs. third-party. Replit-vetted Skills, MCP tools, and Connectors are reviewed by Replit. Anything you connect, install, or wire up yourself is yours to vet, configure, rotate, and revoke.
A few rows are yours alone: usage policy, access control, IP review, end-user privacy notices, and application-level pen testing. They depend on context only you have. Other rows Replit takes care of: they are the platform on which your apps are built and run. These patterns repeat deliberately. They’re the only honest way to split responsibility on a platform where the freedom to build anything is the point.

Working with Replit Agent

You own the code Agent generates and you’re responsible for it. In practice this means a few habits:
  1. Review before you ship. Agent produces working code, but “working” and “correct” are different things. Read what it wrote, especially around authentication, data handling, and anything that crosses a trust boundary. Asking Agent to write tests and explain its reasoning is a good way to catch regressions when you iterate.
  2. Keep secrets out of prompts. Use the Secrets feature and Connectors. Don’t paste API keys, tokens, or credentials into the chat: Agent doesn’t need them in plaintext to use them, and pasting them turns a managed secret into an unmanaged one.
  3. Explain your business logic and access control model. Tell Replit Agent who should have access to which functionality of your app. Choose one of Replit’s Private or Password-protected publishing options if your application is not meant to be viewed by everyone in the world.
  4. Approve sensitive actions deliberately. When Agent proposes to publish the app, a secret change, or an outbound call, the human-in-the-loop step is yours. Treat it as a real review, not a click-through.

Compliance and incident response

You are responsible for adhering to Replit’s Terms of Service. You are also responsible for understanding your own compliance and legal requirements. To understand what Replit does or does not provide from a compliance standpoint (SOC 2 Type II, subprocessors, certifications, and so on), visit replit.com/security. If you find a vulnerability in the Replit platform, report it to security@replit.com under Replit’s responsible disclosure process. If you find one in an app you built, that’s yours to triage. Platform incidents are handled per Replit’s Incident Response Policy; incidents originating in your application, your data, or your end users’ accounts are yours to lead on.