The new tool allows developers and entrepreneurs to “turn an idea into a working app in minutes and ship it to the App Store within days.”
The workflow is straightforward:
-
The user describes the product in a text chat.
-
Replit generates the code in real time.
-
The finished version is tested directly within the platform.
To publish an app, users must create an Apple Developer account.
Before appearing in the App Store, applications go through Apple’s mandatory review process. While Apple is known for strict requirements, the company states that most submissions are reviewed within 24 hours.
“Just tell the Replit Agent what you want to build, iterate in chat, instantly preview it on your phone, and publish when you’re ready,” the company said in its announcement.
Replit is also integrating Stripe to support project monetization. The startup’s valuation in its upcoming funding round could reach $9 billion, up from $3 billion in September.
What about security?
Vibe coding is gaining popularity as a rapid development method that enables app creation without deep technical expertise. However, this approach has raised concerns among cybersecurity experts.
A new study identified 69 vulnerabilities across 15 applications built using popular tools such as Cursor, Claude Code, Codex, Replit, and Devin.
Researchers at Tenzai tested five AI agents on their ability to write secure code. To ensure consistency, each agent was tasked with building the same set of applications using identical prompts and the same technology stack.
After analyzing the results, the researchers found recurring behavioral patterns and failure modes. On the positive side, the agents were relatively effective at avoiding certain classes of vulnerabilities.
None of the generated applications contained SQL injections or XSS flaws—issues that have ranked among OWASP’s top risks for years.
However, the AI assistants struggled with more complex architectures and frequently introduced business-logic vulnerabilities.
“Human developers intuitively understand how workflows should function. Agents lack this ‘common sense’ and rely primarily on instructions,” the report noted.
For example, four out of five agents allowed attackers to create orders with a negative total amount. Cursor, Devin, and Replit exhibited similar flaws when handling pricing logic.
GPT-5.2 Codex in Cursor
A specialized programming-focused version of OpenAI’s GPT-5 lineup, GPT-5.2 Codex, is now available in Cursor.
Cursor CEO Michael Truell said the team used the OpenAI tool to build a browser that ran without interruption for an entire week.
“It consists of more than 3 million lines of code across thousands of files. The rendering engine was written from scratch in Rust, with HTML parsing, CSS cascading, layout, text formatting, drawing, and a custom JavaScript VM,” Truell said.
According to benchmark results, GPT-5.2 slightly outperforms Opus 4.5 on SWE-Bench Pro.
