Replit — Introducing Replit Auto-Protect

Modern applications rely heavily on external packages, often open source and maintained by third parties. When new vulnerabilities - tracked as CVEs (Common Vulnerabilities and Exposures) are disclosed, teams need to act quickly before they can be exploited.

Previously, staying secure required builders to monitor CVEs constantly and manually update dependencies. Now, Replit handles this for you. When a new critical CVE is identified, we automatically check it against your project’s dependencies. If a match is found, once you’ve opted in, we will:

Have Replit Agent automatically prepare and test a patch
Send you a direct link over email to apply the change proposed in the patch

This new workflow allows you to keep your apps safe in two clicks: one to apply changes from the patch, another to republish your app.

Getting started is straightforward. The email notification links you directly to the “Security Center” pane of the affected project, where you can review and apply the proposed patch immediately.

If you want to inspect the changes before applying them, select “Go to Task” to see the full contents of the patch. Once applied, the patch is merged into the main branch of your preview environment. At this time, your project’s Security pane will reflect vulnerabilities as pending republish. You should always republish to ensure your production application is secure.

To opt-in to Replit Auto-Protect, you need to be an admin in your account. Then:

Go to “Account > Advanced” under Settings. From here, you can select the minimum severity level (low, medium, high, or critical) at which you'd like Replit to automatically prepare security remediations. This setting will be off by default for our initial launch.
Go to “Personalization > Email Notifications” under Settings. From here, you can select the minimum severity level (low, medium, high, or critical) at which you’d like Replit to notify you when there is a newly reported security issue. This setting will be off by default for our initial launch.

Regardless of whether or not you opt-in, when a new CVE is identified, we will always automatically check it against your project’s dependencies to find matches. You can find the latest state of your projects at scale from your team’s Security Center.

Security Center 2.0: Act on vulnerabilities in bulk across all your apps

Replit is the most secure place to vibe code. Today, we're making it dramatically easier to use the Security Center to understand your security posture across all Replit projects in your business. We’re also making it possible to remediate urgent security holes, such as active critical vulnerabilities on multiple published projects, in seconds. You can reach the Security Center from the Replit Homepage, or your Settings. When you land there, the first thing we want to answer is simple: which of my projects are actually at risk right now? Start with what's urgent At the top of Security Center, we break your exposure down by critical and high severity vulnerabilities. You'll see how many of your projects have critical or high CVEs, how many of those projects are published, and — most importantly — how many are both published and public.

Secure more apps with External Access Tokens and Private Publishing

At Replit, we want all users to be able to build secure applications. In addition to features like Security Agent and Auto Protect, you can restrict access to your apps with Private Publishing. Private Publishing is ideal for apps that should only be accessible to a specific set of users — whether that’s a personal tool, an internal app for teammates, or an early prototype shared with close collaborators. Today, we’re introducing two updates that expand secure access for Replit builders: Private Publishing is now available to Core and Starter plan users. Previously, private deployments were limited to Pro and Enterprise plans. External Access Tokens are now available for all private apps. External Access Tokens let trusted external services securely access private apps without exposing the entire application to the public internet. Private Publishing works at the network level. When publishing, simply choose your desired access level and Replit will prevent unauthorized user requests from ever reaching your app.

Introducing Replit App Monitoring

At Replit, we're on a mission to automate software creation for everybody. We want to become your fully AI-powered engineering team. But building your app is only half the job. The other half is keeping your app running smoothly once it's live. Until now, if your published app went down, you would first find out from your users, who would see that your app is experiencing issues. We're launching App Monitoring for published apps, so you're the first to know when your app goes down. And Replit Agent is your partner in fixing it: Agent can now sift through your application’s logs and production database to diagnose failures and identify root cause. Know the moment your app goes down Once you’ve enabled App Monitoring, if your app goes down, we'll email you so you can take action right away.

Pro

Enterprise

Use Cases

Roles

Enterprise

Small Businesses

Get Started

Inspiration

Introducing Replit Auto-Protect

Security Center 2.0: Act on vulnerabilities in bulk across all your apps

Secure more apps with External Access Tokens and Private Publishing

Introducing Replit App Monitoring