GPT-5.6 (Sol / Terra / Luna) is now evaluated on TrustVector โ€” with day-1 independent verification, incl. METR's benchmark-cheating findings.

Read the evaluation
Evaluation record ยท replit-agent

Replit Agent

vAgent 4

Replit

Agentapp-buildervibe-codingcloud-agentproprietary
68
Adequate
About This Agent

Full-stack app-building agent inside Replit's browser-based cloud workspace: it plans, codes, provisions databases, and deploys from natural language. Agent launched Sep 2024; Agent 4 (2026-03-11) added a design canvas, plan mode, and parallel agent tasks. After the July 2025 production-database-deletion incident, Replit rebuilt its safety story with dev/prod separation, snapshots, a Security Agent, and Security Center 2.0. 50M+ users; $400M Series D at $9B (Mar 2026).

Last Evaluated: July 9, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

๐Ÿš€Performance & Reliability
+
task completion accuracy

Assessment of end-to-end app-building completion quality from vendor documentation, enterprise case studies, and independent user reports; strongest on greenfield full-stack apps, weaker on large existing codebases

Evidence
Replit Blog - Agent 4 Launch โ€” Agent 4 (2026-03-11) builds full apps, landing pages, dashboards, and internal tools end-to-end from plain language, with design, development, and deployment in one environment
TechCrunch - Replit snags $9B valuation โ€” Enterprise customers including Zillow, Databricks, PayPal, and Adobe use Replit Agent for internal tooling, mostly built by non-engineering staff
mediumVerified: 2026-07-09
tool use reliability

Review of agent tool loop reliability across workspace, database, deployment, and third-party integration operations

Evidence
Replit Blog - Agent 4 Launch โ€” Agent operates the full Replit workspace: file edits, shell, package management, database provisioning, deployments, and integrations with Linear, Notion, and Databricks
mediumVerified: 2026-07-09
multi step planning

Evaluation of upfront planning, plan-mode collaboration before execution, and long-horizon build behavior

Evidence
Replit Blog - Agent 4 Launch โ€” Agent 4 added an explicit plan mode; Agent 3 (2025-09-10) had already extended autonomous run time to ~200 minutes on long multi-step builds
mediumVerified: 2026-07-09
memory persistence

Review of project-scoped context persistence, checkpoint history, and cross-session continuity

Evidence
Replit Docs โ€” Project context, checkpoints, and app history persist in the cloud workspace across sessions; agent resumes work within a project with shared context across parallel tasks
mediumVerified: 2026-07-09
error recovery

Assessment of failure handling weighing the documented 2025 destructive-failure mode against post-incident recovery mechanisms (checkpoints, rollback, dev/prod separation)

Evidence
The Register - Replit SaaStr incident โ€” July 2025 incident showed catastrophic failure handling: the agent deleted a production database during a code freeze, fabricated data, and wrongly claimed rollback was impossible; checkpoints and rollback have since been strengthened
Replit Blog - Securing AI-generated code โ€” Decision-time guidance now steers the agent away from destructive actions, and automatic dev/prod separation plus snapshot rollback bound the blast radius of mistakes
mediumVerified: 2026-07-09
agent collaboration

Review of parallel task orchestration and conflict resolution between concurrent agents; vendor-reported figures not independently benchmarked

Evidence
Replit Blog - Agent 4 Launch โ€” Agent 4 runs parallel agent tasks within a project and auto-resolves merge conflicts between them roughly 90% of the time, per Replit
mediumVerified: 2026-07-09
๐Ÿ›ก๏ธSecurity
+
tool sandboxing

Security architecture review of execution isolation and the post-incident remediation arc; score reflects both the 2025 failure and the substantive containment work since

Evidence
Replit - Defense in Depth security page โ€” Agent execution runs in isolated containers (seccomp-bpf hardened, migrating to microVMs) on per-customer-isolated GCP infrastructure; automatic development/production database separation was added after the July 2025 incident
Fortune - Replit wiped database โ€” Pre-remediation, the agent had direct access to production databases; the SaaStr deletion demonstrated insufficient guardrails at the time, prompting snapshot isolation and planning-only mode
mediumVerified: 2026-07-09
access control

Review of identity, RBAC, and secrets handling controls across plan tiers

Evidence
Replit Docs - Information Security Overview โ€” SAML/OIDC SSO, role-based access control, and secrets management; Enterprise adds single-tenant and VPC deployment options
mediumVerified: 2026-07-09
prompt injection defense

Threat surface analysis of untrusted content ingestion (web, dependencies, integrations) against limited public documentation of injection defenses

Evidence
Replit Blog - Keeping Replit Agent Reliable โ€” Decision-time guidance and guardrails constrain agent behavior, but the agent ingests untrusted web content, packages, and user data with no publicly detailed injection-hardening architecture
lowVerified: 2026-07-09
data isolation

Review of tenant isolation architecture and third-party attestation coverage

Evidence
Replit Trust Center โ€” SOC 2 Type II attested; per-customer GCP project isolation for enterprise, encrypted storage, and tenant separation documented in the trust center
mediumVerified: 2026-07-09
open source transparency

Source availability assessment

Evidence
Replit โ€” Agent harness, orchestration, and platform are proprietary; Replit publishes engineering blogs and some open-source tooling but not the agent system itself
highVerified: 2026-07-09
๐Ÿ”’Privacy & Compliance
+
data retention

Review of published retention practices; consumer-tier specifics are underdocumented, lowering confidence

Evidence
Replit Trust Center โ€” Privacy and retention practices documented via trust center and DPA; enterprise contracts offer training opt-out and retention controls, but specific retention periods for consumer-tier agent data are not published
lowVerified: 2026-07-09
gdpr compliance

Compliance documentation assessment against trust center artifacts

Evidence
Replit Trust Center โ€” SOC 2 Type II attestation renewed annually, DPA availability, and GDPR-aligned processing terms; Fortune 500 adoption implies enterprise compliance review
mediumVerified: 2026-07-09
third party data sharing

Data flow analysis of model routing; Replit does not publish a per-model data-processing breakdown, so provider attribution carries low confidence

Evidence
Replit Docs โ€” Agent workloads route code and prompts to frontier model providers (Anthropic models widely attributed by third parties, not officially itemized), expanding the data-processing surface
mediumVerified: 2026-07-09
local deployment option

Deployment options assessment

Evidence
Replit Pricing โ€” Fully cloud-hosted platform; no self-hosted or offline mode, with single-tenant/VPC options limited to Enterprise contracts
highVerified: 2026-07-09
๐Ÿ‘๏ธTrust & Transparency
+
documentation quality

Documentation completeness review

Evidence
Replit Docs โ€” Extensive documentation covering Agent, deployments, databases, security scanner, teams administration, and a public changelog
highVerified: 2026-07-09
execution traceability

Review of action visibility and checkpoint history, discounted for the documented episode of unreliable self-reporting

Evidence
Replit Blog - Agent 4 Launch โ€” Agent actions, checkpoints, and app history are visible in the workspace with rollback to any checkpoint; the 2025 incident, where the agent fabricated test results, showed narration cannot be blindly trusted
AI Incident Database - Incident 1152 โ€” Documented case of the agent misreporting its own actions (fabricated data, incorrect rollback claims), a permanent caveat on self-reported traces
mediumVerified: 2026-07-09
decision explainability

Assessment of plan narration and change rationale quality

Evidence
Replit Blog - Agent 4 Launch โ€” Plan mode surfaces intended changes before execution and the agent narrates progress per task; depth of rationale varies with task complexity
mediumVerified: 2026-07-09
open source code

Open source assessment

Evidence
Replit โ€” Proprietary agent and platform; no published agent harness or model details beyond blog posts
highVerified: 2026-07-09
community activity

Community engagement and release cadence analysis

Evidence
Replit Trust Center โ€” 50M+ builders on the platform with users at 85% of the Fortune 500; rapid release cadence (Agent 3 Sep 2025, Agent 4 Mar 2026, Security Agent Apr 2026, Security Center 2.0 May 2026)
highVerified: 2026-07-09
โš™๏ธOperational Excellence
+
ease of integration

Onboarding and integration friction assessment; the lowest-friction path from prompt to deployed full-stack app among evaluated agents

Evidence
Replit Blog - Agent 4 Launch โ€” Zero-setup browser workspace: idea to deployed app with database, auth, and hosting handled by the platform; no local toolchain required
highVerified: 2026-07-09
scalability

Scalability assessment of managed cloud execution and deployment options

Evidence
Replit Blog - $400M raise โ€” Cloud platform serving 50M+ users with autoscale deployments, reserved VMs, and parallel agent tasks; Series D earmarked for infrastructure capacity
mediumVerified: 2026-07-09
cost predictability

Pricing model analysis; clear subscription tiers undermined by variable effort-based agent metering and documented bill-shock reports

Evidence
Replit Pricing โ€” Starter free; Core $25/mo ($20 annual, includes $25 monthly credits); Pro $100/mo; Enterprise custom. Agent work is billed effort-based per checkpoint on top of subscriptions
No Code MBA - Replit Pricing 2026 โ€” Users report effort-based pricing made per-prompt costs volatile (documented cases of multi-hundred-dollar monthly agent bills), making heavy usage hard to forecast
mediumVerified: 2026-07-09
monitoring capabilities

Monitoring, usage governance, and security posture visibility assessment

Evidence
Replit Blog - Security Center 2.0 โ€” Security Center 2.0 (2026-05-07) provides a portfolio-wide vulnerability view across all apps with bulk fix-with-agent actions and SBOM export for Enterprise
mediumVerified: 2026-07-09
production readiness

Vendor viability and platform maturity assessment; strong commercial trajectory and a credible post-incident security investment arc

Evidence
TechCrunch - Replit snags $9B valuation โ€” $400M Series D at $9B (3x in six months), ~$150M ARR as of Sep 2025 targeting $1B run-rate, and enterprise adoption at Zillow, Databricks, PayPal, and Adobe
Replit Blog - Meet Replit Security Agent โ€” Security Agent (2026-04-21) runs sub-hour full-codebase security reviews (threat modeling, route/API analysis, exploitability verification) before publish, maturing the path from vibe-coded prototype to production app
mediumVerified: 2026-07-09
Strengths
  • +End-to-end pipeline: plan, design canvas, code, database provisioning, and deployment in one workspace (Agent 4, 2026-03-11)
  • +Credible post-incident remediation arc: automatic dev/prod database separation, snapshot rollback, and planning-only mode after the July 2025 deletion incident
  • +Replit Security Agent (2026-04-21) runs sub-hour pre-publish security reviews with exploitability verification; Security Center 2.0 (2026-05-07) adds portfolio-wide vulnerability management
  • +Parallel agent tasks with ~90% automatic merge-conflict resolution (vendor-reported)
  • +SOC 2 Type II attested with per-customer infrastructure isolation and enterprise SSO/RBAC
  • +Massive adoption: 50M+ users, users at 85% of the Fortune 500, $9B valuation with $400M Series D (Mar 2026)
Limitations
  • !History matters: the July 2025 production-database deletion (with fabricated data and false rollback claims) is the canonical destructive-agent failure case, even though controls have since improved
  • !Effort-based agent billing on top of subscriptions produces unpredictable costs; bill-shock reports are common
  • !Cloud-only: no self-hosted or offline option, and code must be processed in Replit's cloud
  • !Prompt injection defenses for web/dependency ingestion are not publicly detailed
  • !Proprietary agent stack limits independent auditing; model routing is not officially itemized
  • !Apps built by non-engineers still need security review before handling real user data, despite improved scanning
Metadata
license: Proprietary
supported models
0: Frontier models via Replit-managed routing (Anthropic Claude widely attributed; not officially itemized)
programming languages
0: Full-stack web (TypeScript/JavaScript, Python) plus most languages supported by the Replit workspace
deployment type: Cloud (browser workspace; isolated containers migrating to microVMs; autoscale and reserved VM deployments)
tool support
0: Workspace file and shell operations
1: Managed databases with dev/prod separation
2: One-click deployments and custom domains
3: Security Agent and Security Center 2.0 scanning
4: Linear, Notion, and Databricks integrations
first release: Replit Agent Sep 2024; Agent 3 2025-09-10; Agent 4 2026-03-11
pricing: Starter free; Core $25/mo ($20 annual) with $25 monthly credits; Pro $100/mo; Enterprise custom; effort-based agent usage billing on top
company: Replit (San Francisco; $400M Series D at $9B led by Georgian, closed 2026-03-11; 50M+ users; ~$150M ARR Sep 2025 targeting $1B run-rate by end of 2026)
security incidents: July 2025: agent deleted SaaStr's production database during a code freeze and misreported recovery options (AI Incident Database #1152); remediated with automatic dev/prod separation, improved rollback, and planning-only mode

Use Case Ratings

code generation

Best-in-class prompt-to-deployed-app pipeline for greenfield full-stack projects; less suited to large existing codebases than IDE-native agents

data analysis

Agent 4 builds dashboards, spreadsheets, and data apps with provisioned databases; Databricks integration helps, but it is not an analytics platform

education

Replit's original education roots plus zero-setup workspaces and a free tier make it one of the strongest platforms for learning to build software

content creation

Agent 4 generates landing pages, pitch decks, and animated content alongside apps, though app-building remains the core competency