TikTok Meets Amazon?

Inside Flip’s unicorn bet on shoppable video commerce.

Hey — It’s Nico.

Welcome to another Failory edition. This issue takes 5 minutes to read.

If you only have one, here are the 5 most important things:

If your startup’s chasing big-company deals, check out today’s sponsor: Delve helps founders wrap up SOC 2 in just 15 hours (instead of dragging it out for 15 weeks). They’re giving readers $1k off with code FAILORY1k.

Don’t Let SOC 2 Kill Your StartupAD

A startup was on the rise—steady growth, happy customers, investors circling. Then a big prospect asked for SOC 2.

They signed up with one of the big platforms. Suddenly: endless tasks, confusing checklists, engineers pulled off product. Deals stalled. Competitors moved in.

Those competitors? They used Delve.

15 hours later, they were audit-ready and closed the deal.

The first startup never recovered. One by one, their deals slipped away. Keys handed over. Game over.

Don’t be that startup.

Delve automates compliance—SOC 2, ISO 27001, HIPAA, GDPR, PCI-DSS and more—so you’re ready in days, not months.

Today, compliance is done in Delve.

This Week In Startups

🔗 Resources

What makes a breakout company.

📰 News

No-code website builder Framer reaches $2B valuation.

Atlassian will buy Arc developer The Browser Company for $610M.

💸 Fundraising

Utila raises $22M to build institutional stablecoin infrastructure.

Quantum computing startup IQM raises $320M.

Fail(St)ory

People-First Shopping

Last week, Flip—the TikTok-meets-checkout app—went dark. The site turned into a goodbye page, the apps vanished from the stores, and their feeds were scrubbed.

It was once valued at $1 billion, and now it’s a cautionary tale—a unicorn that couldn’t outrun unit economics. Here’s the short version of what Flip really built—and why the loop stopped compounding.

What Was Appia Bio:

Flip sat between TikTok and Amazon. The scroll felt like short creator videos, but every clip was wired to a real SKU: tap the product tag on the video, add to cart right there, and finish checkout without leaving the feed.  That tap-to-buy only worked because Flip owned the rails—payments, shipping, and returns—so orders cleared fast and refunds were painless. Keeping everything in-app made impulse buys feel safe instead of risky.

Where it tried to stand apart from TikTok Shop was the “people-first” angle. Early on, Flip leaned on shoppers posting their own reviews, then paid creators based on engagement and sales attribution. The idea was to make buying decisions feel like advice from other buyers, not just ads dressed up as content

That “personal touch” doubled down in 2024 when Flip bought Curated, a marketplace that pairs you with verified experts for big, high-consideration purchases. Think skis, golf clubs, espresso machines—the stuff you want a human to talk you through before you hit buy. Flip kept the TikTok-style discovery on top, but added live guidance underneath so decisions weren’t only vibe-driven. 

At its best, the loop was tight: scroll → trust → tap → doorstep → share. A feed that sold, a store that felt human. That was the promise.

The Numbers:

  • 📅 Founded: 2019.

  • 💰 Funding: $238M

  • 👥 Community: 16.5M users and 5B views.

  • 💵 Creator economics: $13.4M paid out to creators.

  • 🛒 Brand throughput: $375M in sales claimed on the farewell page.

Reasons for Failure: 

  • Incentives everywhere, margin nowhere. Flip paid in multiple directions—watch-to-earn credits, referral cash, and creator payouts—while also discounting products. Its own FAQ promised, Rewards get you free products… Creator Earnings get you real money you can cash out.” That cocktail is great for installs, brutal for contribution margin unless repeat purchase and take rate are exceptional.

  • Paid growth dependence. The AppLovin partnership signaled a bet on algorithmic ad buying to juice demand. That’s efficient until it isn’t; ad markets tax you more the minute organic loops stall. If your network effects don’t kick in, you’re renting growth at rising rates.

  • Integration overload after the Curated deal. Flip spent $330M in stock to acquire Curated, an expert-advice marketplace built for high-consideration purchases. That pulled the company from impulse beauty buys into complex concierge retail—different unit economics, ops, and content needs. The strategy made sense on paper (“people-centric shopping”), but it added coordination cost across logistics, creators, and expert consultations right as the company still needed clear proof of retention.

  • Mission drift away from checkout. Flip’s own shutdown note describes a journey from “authentic product reviews” to “genuine creator videos,” and finally to “unfiltered debates.” That’s a widening content mandate that dilutes purchase intent; the product was no longer only a shoppable feed, it was aiming to be a social network. When the loop shifts from watch → cart → buy to watch → discuss, conversion falls and the economics stop working.

Why It Matters: 

  • Beware growth you have to buy twice. Subsidies can unlock the cold start, but they must taper as retention and contribution margin improve. Track “subsidy-free retention” as a core KPI; if it’s flat, you’re borrowing time, not building compounding.

  • Moat before megaphone. If your key features can be cloned by distribution giants, anchor your edge in something harder to steal: proprietary supply, community lock-in, data advantages, or unique economics with suppliers.

  • Complexity taxes compounding. Every new line of business adds coordination costs and new failure modes. Before you acquire, ask: does this deepen our core loop, or distract from it?

Trend

Vibe-Hacking

This week, I want to talk about vibe-hacking—the moment when “AI that helps you build things” becomes “AI that helps attackers run a business.” 

Anthropic just published a threat intel report showing how criminals leaned on Claude’s coding agent to automate a real extortion operation, targeting at least 17 organizations and sizing ransom demands from victims’ own financial data. 

The short version: agentic AI isn’t just giving advice anymore; it’s making operational decisions inside live attacks. 

Why It Matters:

  • Attacks at startup speed. AI turns solo operators into pseudo-teams: reconnaissance, credential harvesting, lateral movement, comms—the lot—packaged as prompts and loops.

  • Lowered barriers. People who couldn’t ship malware last year are now selling working ransomware kits for a few hundred dollars. That changes the economics of defense.

  • End-to-end embedding. Offense is plugging AI into every stage—from targeting to psychology (crafting ransom language)—which means piecemeal defenses won’t hold. 

What “Vibe-Hacking” actually is

Think of vibe-hacking as the dark twin of “vibe coding.” Instead of specifying every step, attackers set the vibe—the role, the goal, and the boundaries—and let the model fill in the tactics. It’s outcome-driven guidance with fast feedback loops: “behave like a relentless operator, keep probing, draft the next move.” 

Anthropic’s case study shows the pattern at work. The actor used Claude Code to automate recon, steal credentials, and choose what to exfiltrate; then had the model analyze budgets and donor databases to set ransom numbers and draft scary-looking demand notes. This wasn’t a “how do I hack?” Q&A—it was agentic orchestration where the model took tactical and strategic decisions mid-operation.

And it isn’t a one-off. Anthropic reports other similar cases: a low-skill actor used Claude Code to build and sell ransomware kits for $400–$1,200; and North Korean operatives leaned on Claude to land remote tech jobs at U.S. companies—polishing résumés, completing interview tasks, and even doing day-to-day work. 

The chats from the North Korean team are unintentionally funny (see the images below), but the takeaway is serious: set the right “vibe,” and AI shifts from helper to operator.

Another fresh example is the recent “s1ngularity” incident on GitHub. An attacker got into multiple developer accounts and, using AI-assisted scripts, flipped large numbers of private repositories to public and re-posted code under a new label. No exotic exploit—just automation at scale. That’s vibe-hacking in the wild: set the goal, let the tools do the busywork.

What This Actually Means

If offense is hiring bots, defense should be hiring foremen. The win isn’t another dashboard; it’s rails that make autonomy safe and boring in the best way. Think: a friendly bot that pressure-tests your stack every night and emails the three fixes that actually matter or an auto-rotator that kicks in the minute a private repo turns public.

Investors and operators are literally asking for this:

Help Me Improve Failory

How Was Today's Newsletter?

If this issue was a startup, how would you rate it?

Login or Subscribe to participate in polls.

That's all of this edition.

Cheers,

Nico