The AI startup Replit has launched a feature called Mobile Apps, allowing users to create applications through vibe coding and submit them for release directly from the editor.
AI builds web apps well. Mobile apps have been harder.
— Replit ⠕ (@Replit) January 15, 2026
Now, the inventor of React (the technology that AI uses to build apps), has a new announcement. pic.twitter.com/aDBXydRAjQ
This new tool enables developers and entrepreneurs to "turn an idea into a working app in minutes and publish it to the App Store in just a few days."
The process is as follows:
- The user describes the product in a text chat.
- Replit generates code in real-time.
- The finished version is tested within the platform.
To upload to the app store, users must create an Apple Developer account.
Before appearing in the app store, the software undergoes mandatory review. Apple is known for its strict requirements, but the company claims to process the majority of applications within a day.
"Just tell Replit Agent what you want to create, repeat it in the chat, instantly preview it on your phone, and publish when you're ready," the announcement states.
Replit is integrating Stripe support for project monetization. The startup's valuation in the upcoming round could reach $9 billion (up from $3 billion in September).
What About Security?
Vibe coding is gaining popularity as a rapid development method, allowing applications to be created without deep technical knowledge. However, this approach raises concerns among cybersecurity experts.
A new study identified 69 vulnerabilities in 15 applications created using popular tools like Cursor, Claude Code, Codex, Replit, and Devin.
Source: Tenzai.Experts from Tenzai tested five AI agents on their ability to write secure code. To ensure a fair experiment, each agent was tasked with creating a series of identical applications using the same prompts and technology stack.
After analyzing the results, analysts found common behavioral patterns and recurring failure modes. On a positive note, the agents effectively avoided certain classes of errors.
No SQL injections or XSS vulnerabilities, which have long topped the OWASP rankings, were found in any of the generated solutions.
However, the digital assistants performed poorly when dealing with complex architectures and allowed vulnerabilities in business logic.
"Human developers intuitively understand how workflows should function. Agents lack this 'common sense' and primarily rely on instructions," the study states.
For instance, 4 out of 5 agents allowed attackers to create orders with negative amounts.
Source: Tenzai.Cursor, Devin, and Replit made similar mistakes regarding pricing.
GPT-5.2 Codex in Cursor
A specialized version of the GPT-5 series for programming—GPT-5.2 Codex—has become available in Cursor.
GPT-5.2 Codex is now available in Cursor!
— Cursor (@cursor_ai) January 14, 2026
We believe it's the frontier model for long-running tasks.
CEO Michael Truell reported that with OpenAI's tool, the team created a browser that ran smoothly for a week.
"It consists of over 3 million lines of code across thousands of files. The rendering engine was built from scratch in Rust with HTML parsing, CSS cascading, layout, text formatting, drawing, and a customizable JS VM," Truell stated.
In metrics, GPT-5.2 slightly outperforms Opus 4.5 on SWE-Bench Pro.
Recall that in November 2025, Anthropic introduced Claude Opus 4.5—"the world's best model for programming, agents, and computer usage."