Tea's data breach exposed 72K images. Here's why vibe coding production apps without oversight destroys trust and startups.
Remember when building an app meant months of careful planning, detailed requirements, and rigorous testing? Those days feel ancient now that we can just tell AI what we want and watch it spit out working code in minutes. This new approach is called "vibe coding" – and while it sounds fun and fast, the Tea dating app just showed us exactly why it's dangerous for anything beyond weekend hobby projects.
Vibe coding is an artificial intelligence-assisted software development style popularized by Andrej Karpathy in February 2025. Think of it like having a really smart coding assistant that you just talk to in plain English. You say "build me a dating app where women can share reviews about men," and boom – the AI writes all the code for you.
Unlike traditional AI-assisted coding or pair programming, the human developer avoids micromanaging the code, accepts AI-suggested completions liberally, and focuses more on iterative experimentation than code correctness or structure. It's all about trusting the vibes and letting the AI handle the technical stuff.
Sounds pretty great, right? Just describe what you want, let AI do the heavy lifting, and launch your app without getting bogged down in all that boring technical detail. What could go wrong?
Well, the Tea dating app just answered that question in spectacular fashion. Tea, a women-only dating safety app that features anonymous reviews of men, suffered three major data leaks in July and August 2025, in which users' photographs, messages and personal information were leaked.
Here's what happened:
But here's the kicker: In a podcast interview in April, 2025, Cook said he doesn't know how to code, and that the Tea app was built by two developers in Brazil. The app that promised to keep women safe was built by a non-technical founder who outsourced development to contractors he found online.
The Tea disaster perfectly illustrates why vibe coding is dangerous for real applications that handle sensitive user data. Let's break down what went wrong:
When you don't understand the code powering your app, you can't spot security problems. Code generated by AI is often excluded from code reviews and security checks, leading to unseen vulnerabilities that can go unnoticed and be exploited.
Tea's founder couldn't code, so he had no way to verify whether his contractors were following basic security practices like properly configuring databases or encrypting sensitive data. The result? Women's driver's licenses and private conversations about abortions ended up posted on 4chan.
Karpathy described it as "fully giving in to the vibes, embracing exponentials, and forgetting that the code even exists". When something breaks in vibe coding, sometimes the LLMs can't fix a bug so I just work around it or ask for random changes until it goes away.
This approach might work for a weekend project, but not when you're handling millions of users' personal data. Real applications need robust error handling, proper testing, and systematic debugging – not just "keep trying random changes until it works."
Vibe coding your way to a production codebase is clearly risky. Most of the work we do as software engineers involves evolving existing systems, where the quality and understandability of the underlying code is crucial.
When you don't understand your own codebase, adding new features becomes like playing Jenga blindfolded. Each change could bring down the whole system, and you won't know until users start complaining.
Code generated by AI is challenging to debug because it's dynamic and lacks architectural structure. When Tea's database got misconfigured and exposed user data, do you think the founder could quickly identify and fix the problem? Not a chance.
Don't get me wrong – AI can be incredibly helpful for building software. The problem isn't using AI; it's using it irresponsibly.
Here's how successful companies actually use AI in development:
Before any code gets written (by AI or humans), you need:
My golden rule for production-quality AI-assisted programming is that I won't commit any code to my repository if I couldn't explain exactly what it does to somebody else.
Whether it's you, a technical co-founder, or a fractional CTO, someone on your team needs to understand what the AI is building.
Every feature needs:
Build in small pieces, test each one thoroughly, and get feedback from users before moving on. This lets you catch problems early when they're cheap to fix.
I believe everyone deserves the ability to automate tedious tasks in their lives with computers. You shouldn't need a computer science degree or programming bootcamp in order to get computers to do extremely specific tasks for you.
Vibe coding is perfect for:
But if you're handling other people's data, taking their money, or building something that could affect their safety or privacy, you need more than vibes.
The Tea app disaster isn't just about bad code – it's about broken trust. The app promised to help women stay safe while dating, then exposed their most private conversations and identifying documents to internet trolls.
When the Tea app breach occurred, social media users relished in mocking and threatening the safety of the women whose personal information had been leaked. These weren't just usernames and email addresses – they were driver's licenses, passport photos, and conversations about deeply personal topics like abortions and abuse.
That's the real cost of vibe coding your way to production: not just technical debt or slow performance, but actual harm to real people who trusted you with their information.
Here's what Tea should have done differently:
The irony is that doing things right from the start would have been faster and cheaper than dealing with class-action lawsuits and rebuilding user trust.
AI tools are amazing, and they're only getting better. You absolutely should use them to build your startup faster and more efficiently. But there's a big difference between AI-assisted development and just hoping the AI knows what it's doing.
While you can't vibe-code real, valuable, secure, robust apps into existence, it can be a useful place to start so long as you're careful.
The key is knowing when to trust the vibes and when to bring in the experts. If your app handles user data, processes payments, or affects people's safety in any way, you need more than vibes – you need proper software development practices.
Your users are trusting you with their information, their money, and sometimes their safety. They deserve an app built by people who understand not just how to make code work, but how to make it work securely, reliably, and ethically.
Don't let your startup become the next cautionary tale. Build something your users can actually trust.
Building a tech startup but not sure where to start with development? We help founders turn great ideas into secure, scalable applications without the technical headaches. Reach out to us for expert guidance on your software development journey.
