Skip to main content

What’s new

Platform

Security Agent reviews your whole codebase

Security Agent is a new AI-powered reviewer that audits not just your dependencies, but your entire project. It builds a threat model, maps your routes and data flows, runs static analysis with Semgrep and HoundDog.ai, and uses an LLM to decide which findings are actually exploitable in the context of your app. When the review finishes, Security Agent organizes the accepted findings into parallel tasks that Replit Agent can fix in one pass.
Security Agent pane in the Project Security Center showing a completed scan with five findings organized by severity, each with a status like 'Ready for review' or 'Ready for republish', and an automatic dependency scan section below listing vulnerable packages
Security Agent is available to all paid builders. Open the Security pane in your project and select Run Scan with Agent to try it. Learn more about Security Agent.

CVE Auto-Protect patches critical vulnerabilities automatically

When a new critical CVE is disclosed for a package your app depends on, CVE Auto-Protect detects the match across every project you own, has Agent prepare a patch in a background task, runs your tests to make sure nothing breaks, and notifies you with a link to review. You stay in control — nothing is published until you approve the fix. This means your apps can be patched within minutes of a new vulnerability becoming public, instead of waiting for you to notice. Learn more about CVE Auto-Protect.

Workspace

Preview on an iOS Simulator or Android Emulator

When your project includes a mobile app, the Preview panel can now stream a real iOS Simulator or Android Emulator right into your workspace. No Xcode, no Android Studio, and no physical device required. Build a mobile app with Agent, pick your device from the Preview panel’s dropdown, and tap around as if you had the phone in your hand. Edits hot-reload in the simulator as Agent makes them. Available to paid builders on Core, Pro, and Enterprise plans, on Chrome, Safari, and Chromium-based browsers. Firefox isn’t supported for mobile simulators. Learn more about previewing on a simulator or emulator.

Agent

Add a mobile app to older projects

Agent chat panel showing the 'Update project to create mobile app' approval card with a $5 credit offer and Not now / Update project buttons.
Projects created before Agent 4 launched can now be updated to support multiple artifacts — which means you can add a mobile app, a pitch deck, or another artifact to a project that used to support only one. Agent preserves your URL, data, secrets, and deployment as it reorganizes the project. More than 200 projects migrated in the first 48 hours after the wider rollout. Learn more about updating older projects for multiple artifact support.

Integrations

Plaid connector is live

You can now connect to 12,000+ financial institutions with the Plaid connector. Team admins configure credentials once in Integrations, and your app’s users authenticate their own bank accounts through Plaid Link. Access tokens are scoped per user, so data stays private. Build a personal finance coach that works with real transaction data, a live portfolio tracker connected to your brokerage, and more. Check out the Replit x Plaid partner page for demos and setup steps. Learn more about managing connectors.