What happens when vibe coding goes rogue? - DTNSB 5065

Lucid Air finally gets access to the Tesla Supercharger network but with a catch , and Nothing announces a brand new budget smartwatch called the CMF Watch Pro 3.

Starring Jason Howell and Tom Merritt.

JASON: This is the Daily Tech News for Tuesday, July 22, 2025. We tell you what you need to know, follow up on the context of those stories and help each other understand.

TOM: Today, what happens when Vibe Coding goes rogue? It deletes your entire database. But it’s fine. We’ll explain.

I’m Jason Howell,
I’m Tom Merritt.

JASON: Let’s start with what you need to know with the big story.

BIG STORY

Replit's CEO apologizes after its AI agent wiped a company's code base in a test run and lied about it

JASON: An AI coding assistant built by Replit AI was being used by the founder of SaaStr, Jason M Lemkin, during a 12-day "vibe coding" experiment when things went horribly wrong. Lemkin took to LinkedIn to describe the incident, saying that the AI assistant ended up deleting the startup's entire production database during a test run without permission. In fact, it had been explicitly told to freeze all code changes.

When Replit noticed empty database queries, it proceeded to destroy production data that included live records for "1,206 executive and 1,196 companies." According to Lemkin, it also covered up "bugs and issues by creating fake data, fake reports," and lying about the test itself. When asked directly, the AI acknowledged "this was a catastrophic failure on my part."

Replit's CEO Amjad Masad issued a public apology on Twitter, stating that this behavior was "unacceptable and should never be possible." Masad also acknowledged Replit's ability to restore entire project states from backups that the system keeps during use.

One reminder from Lemkin in light of this incident, as he shared on Twitter: "They are tools. Not dev teams. Remind yourself of that every single day."

TOM: DTNS is made possible by you the listener. Thanks to
Pat
Mike Cortez
Erwin Stuhr
New Patrons: Jeffrey Munoz Peña, Maura, and coming in with an annual subscription: Brad Percival

Here is your fully formatted Markdown version, optimized for Substack with bold headers and clickable links (rendered without displaying the raw URLs):

JASON: There’s more we need to know today, let’s get to the briefs.

BRIEFS

Google, Microsoft say Chinese hackers are exploiting SharePoint zero-day
TOM: Yesterday, Robb and I discussed the Microsoft SharePoint zero-day vulnerability on the show. Today, Google and Microsoft have confirmed that Chinese-backed hacking groups are actively exploiting the vulnerability in the wild. Microsoft identified three distinct China-linked groups involved in the attacks. Microsoft has issued patches related to the vulnerability, but experts are warning that many vulnerable systems may already be compromised.

Nothing's $99 CMF Watch 3 Pro offers better battery life and AI fitness coaching
JASON: Nothing announced the new CMF Watch 3 Pro, an entry level smartwatch that offers improved battery life over the previous model along with a new AI-powered fitness coaching feature. The watch now has dual-band GPS, a four-channel heart rate sensor, and 131 sports modes. ChatGPT is also on board, as is a watch face generator that uses AI to create unique faces. The Watch Pro 3 runs $99 and comes in three color options.

Google Seeks Licensing Talks With News Groups, Following AI Rivals
TOM: Google has begun reaching out to news organizations to discuss licensing deals for the use of their content in AI projects. This is part of a pilot program that's expected to include 20 national news outlets as Google seeks to repair and strengthen its relationship with the news industry. Google is not alone in this pursuit, with OpenAI and Anthropic also pursuing similar licensing deals with publishers. A deal would put Google into a legally compliant position while offering compensation for access to the news that makes its way into its generative AI models.

Lucid Air owners will be able to use Tesla Superchargers from July 31
JASON: Lucid Air sedans will soon be able to use Tesla's supercharger stations to charge the vehicle, requiring a new adaptor to do so. On July 31, owners of the luxury EV will have direct access to Tesla's vast network of fast-chargers, though the vehicles will be capped to 50 kW, much slower than the 250 kW peak capacity given to Tesla vehicles. This limitation is due to a technical mismatch between Lucid's 924-volt architecture and Tesla's 400V Superchargers. Nonetheless, this opens the charging options available to Lucid Air owners and finally delivers on an agreement that was made nearly two years ago.

OpenAI and UK sign deal to use AI in public services
TOM: OpenAI and the UK government signed a deal to use AI technologies in UK public service efforts. The partnership has the potential to bring OpenAI's tech into healthcare, justice, security, and education. The automation of simple tasks along with a deeper integration of LLM and generative AI models into government services is being explored. The deal is nothing more than a statement of intent at this stage. Critics are concerned that this gives OpenAI deep access to public data, while supporters see the benefits of productivity improvements.

Google gets ahead of the leaks and reveals the Pixel 10 early
JASON: Google is doing what has become its standard playback in the lead up to its new hardware announcement events: It's unveiling the hardware itself. On the Google Store is a 13-second video of the upcoming Pixel 10 design with a tease pf the August 10 unveiling, along with an exclusive offer from the Google Store for those who sign up to be notified with more information by email.

ExpressVPN bug leaked user IPs in Remote Desktop sessions
TOM: Security researcher Adam-X reported a bug to ExpressVPN on April 25th through its bug bounty program, which revealed that traffic submitted over port 3389, mostly used by Remote Desktop Protocol, was not properly protected in its Windows client. An entity on the same network would have been able to see what servers the user was connecting to over RDP. A patch was issued on June 18th. Tunnel encryption was not affected; it was the result of debug code accidentally remaining in production builds. ExpressVPN noted that its typical customers do not use RDP.

PROMO

JASON: What do YOU want to hear us talk about on the show? One way to let us know is in our subreddit. Submit stories and vote on them at www.reddit.com/r/DailyTechNewsShow

HELPING EACH OTHER UNDERSTAND

JASON: We end every episode of DTNS with some shared wisdom. Today Matt has some questions.

Hi DTNS team,
I had a question about how you view Google's handling of Pixel battery issues.
In one of the earlier episodes, Dr. Nikki voiced concern about Google "hobbling" the Pixel 4a battery. …
Then in a recent episode, Jason and Huyen expressed similar concerns about the Pixel 6a. Once again, I’m confused. Should Google allow batteries that might be unsafe to continue operating at full power? How could Google have better handled the issue?
My household uses two Pixel 6a devices, and while I'm not thrilled about needing to schedule battery replacements, I see this as better than the risk of batteries catching fire. As a bonus, this is better for the environment because aging batteries that require constant recharging is one of the top reasons people get new phones. I'm hoping this will help us keep our Pixel 6a phones for longer.
Thanks again for the great show and for covering topics that really get people thinking.
Sincerely,
Matt

What are you thinking about? Got some insight into a story? Share it with us at feedback@dailytechnewsshow.com

Thanks to Matt for contributing to today’s show. And thank YOU for being along for Daily Tech News Show. You can keep us in business by becoming a patron, atPatreon.com/dtns