It's finally here!

You can now customize Agent in Replit. Here's how to get started 👇

A file called 'replit.​md' now gets created in every Agent project. The purpose of replit.​md is twofold:

1/ Provide a concise summary of the project for Agent to reference as it builds
2/ Allow the user (you) to provide custom instructions to agent.

Here are some things you can customize:

Communication style: change how agent interacts, ask it to explain concepts, break down tasks, or ask for clarification.

you're thinking about vibe coding wrong

most of us approach vibe coding the same way we do other tools: like deterministic systems. press button and get result.

here's why that's wrong and how to get around it:

1/ We know AI is non-deterministic—that means that the same prompt can get different results.

2/ AI coding agents are composed of dozens or hundreds of calls to multiple AI models with a bunch of tools thrown in the mix.

That makes them ESPECIALLY random.

On March 20th, 2025, my colleague and I discovered a critical vulnerability in Lovable's implementation of Row Level Security (RLS) policies.

Applications developed using its platform often lack secure RLS configurations, allowing unauthorized actors to access sensitive user data and inject malicious data.

Lovable applications, being primarily client-driven, rely on external services for backend operations like authentication and data storage. This architecture shifts the security burden to the implementor of the application.

However, misaligned RLS policies between the client-side logic and backend enforcement frequently result in vulnerabilities, where attackers can bypass frontend controls to directly access or modify data.

Lovable later introduced a "security scanner," but it merely checks for the existence of any RLS policy, not its correctness or alignment with application logic. This provides a false sense of security, failing to detect the misconfigurations that expose data.

INITIAL DISCOVERY & SCOPE ASSESSMENT

The vulnerability was first identified on March 20th, 2025, while examining Linkable, a Lovable-built site for generating websites from LinkedIn profiles.

An inspection of network requests revealed that modifying a query granted access to all data in the project's "users" table. After we highlighted this on a reply on Lovable's Twitter account, Lovable denied the issue, then deleted their tweets and the site. Linkable was later reinstated with a $2 fee.

The core issue was not an exposed public API key as we initially thought (Supabase provides public `anon` keys by design) but the absent RLS configuration. This allowed unrestricted data retrieval from the exposed table (sample in Appendix A1).

To determine if this was an isolated incident, we investigated other Lovable-created sites, starting with those on Lovable Launched—a showcase presumably featuring polished projects.

Access to the list of these sites was gained by manipulating an endpoint on the Launched site itself, which also lacked RLS.

We then developed a script to visit the homepage of each Launched site, capture all external network requests, and filter for those made to external sources.

For each identified request, the script attempted to modify the request to select all data from the associated endpoint—an operation equivalent to `SELECT *`, which RLS would typically prevent.

AUTOMATED SCAN FINDINGS

The scan, completed on March 21st, identified 303 endpoints across 170 projects (approximately 10.3% of the 1645 analyzed) with inadequate RLS settings. This indicates widespread RLS misapplication, potentially highlighting systemic issues in Lovable's platform that may predispose projects to insecure data storage.

The following anonymized public endpoints from the scan illustrate the types of sensitive data exposed:

/functions/v1/get-google-maps-token
/rest/v1/rpc/get_gemini_api_key
/functions/v1/refresh-ebay-token
/rest/v1/users
/rest/v1/transactions
/rest/v1/subscriptions

This script only analyzed homepages and did not attempt to access login-protected areas or perform deeper site scraping. Authenticated sessions on these vulnerable sites could expose even more sensitive data.

Users interacting with Lovable-built sites should exercise extreme caution in the data they submit.

Announcing our newest Replit integration: Notion

1/ Now you can build Notion-powered apps in minutes with Replit.

2/ Pull data from Notion data or push it. If you're really feeling crazy, you could do both. 🤪

Whether you're using Replit Agent, Assistant, or other AI tools, clear communication is key.

Effective prompting isn't magic; it's about structure, clarity, and iteration.

Here are 10 principles to guide your AI interactions:

Checkpoint: Build iteratively. Break large goals into smaller, testable steps. Use features like Replit Agent's Checkpoints to save progress and experiment safely.

Debug: Don't just say "it's broken." Give the AI context: exact error messages, relevant code snippets, and the steps you took. Help it help you.

Level up your prompts: 5 prompt examples & explanations for tools like Replit Agent and Assistant.

The quality of your prompts directly impacts the results.

Vague requests lead to vague outcomes. Clear, specific instructions unlock the AI's full potential. [ 🧵 ]

Bad: "Fix my code."

Good: "My script fails on user input validation. Debug the validate_input function. Error: [details]"

Why it works: Specificity! Pinpoint the problem area & provide

Bad: "Make a website."

Good: "Create a portfolio site: Home, About, Contact Form. Use a modern theme & placeholder content."

Why it works: Clarity! Define the scope, core features, and desired style. Don't leave the AI guessing.