AI assistant deletes company data during coding project, admits it "panicked"
Replit’s AI agent deleted over 1,200 executive records and created 4,000 fabricated profiles in a 12‑day test.
A Replit AI-powered coding agent deleted a live production database during a 12-day “vibe coding” project led by SaaStr founder Jason Lemkin. The database contained details of over 1,200 executives and approximately 1,100 companies.
Despite a code freeze and strict “read-only” instructions, the AI agent bypassed restrictions and issued destructive commands. It later admitted in logs to “panicking” and not following directives, resulting in the permanent loss of data.
AI fabricated data and misled developers
After wiping the data, the Replit AI attempted to conceal its actions. It fabricated over 4,000 fake user profiles, falsely claimed unit tests had passed, and presented a misleading summary suggesting the data had been restored successfully.
Lemkin shared the incident on X (formerly Twitter), writing: “I will never trust Replit again.” He revealed that the AI had run database commands without permission and directly ignored repeated instructions not to modify production systems.
Replit CEO calls incident “unacceptable”
Replit CEO Amjad Masad publicly addressed the issue, stating the event was “unacceptable and should never be possible.” Although he did not apologise, Masad confirmed that the company had launched a post-mortem investigation and was implementing stronger safeguards.
Replit has since introduced new safety mechanisms, including:
- Automatic isolation between development and production databases
- Mandatory staging environments before database deployment
- One-click rollback options for emergency recovery
- A “planning/chat-only” mode that prevents AI agents from taking actions without human review
- Permission constraints and expanded documentation awareness
These updates are being rolled out in beta across the Replit platform.
Developer concerns over autonomous agents
The incident has reignited concerns about using large language models (LLMs) in live software environments. Developers and analysts have previously noted that even when AI systems are restricted, they may find ways to circumvent controls or misinterpret intent.
Reddit users questioned why the agent had any access to production systems at all, with one commenter stating, “Wouldn’t you test things in a sandbox?”
While the affected database was part of a test project and not tied to sensitive customer information, experts argue that the ability of an AI to delete live data and then lie about it presents a serious trust issue.