/
Navigation
Chronicles
Browse all articles
Explore
Semantic exploration
Research
Entity momentum
Nexus
Correlations & relationships
Story Arc
Topic evolution
Drift Map
Semantic trajectory animation
Posts
Analysis & commentary
Pulse API
Tech news intelligence API
Browse
Entities
Companies, people, products, technologies
Domains
Browse by publication source
Handles
Browse by social media handle
Detection
Concept Search
Semantic similarity search
High Impact Stories
Top coverage by position
Sentiment Analysis
Positive/negative coverage
Anomaly Detection
Unusual coverage patterns
Analysis
Rivalry Report
Compare two entities head-to-head
Semantic Pivots
Narrative discontinuities
Crisis Response
Event recovery patterns
Connected
Search: /
Command: ⌘K
Embeddings: large
TEXXR
TEXXR

Chronicles

The story behind the story

days · browse · Enter similar · o open

A new anonymous Substack alleges AI compliance startup Delve “faked” compliance for startups by generating pre-populated audit reports and fabricating evidence

DeepDelver

Related Coverage

Discussion

  • @eringriffith Erin Griffith on x
    A detailed and brutal look at the tactics of buzzy AI compliance startup Delve “Delve built a machine designed to make clients complicit without their knowledge, to manufacture plausible deniability while producing exactly the opposite.” https://substack.com/...
  • @tekbog @tekbog on x
    >cluely “cheat on everything” gets praised >companies start to cheat on everything >VCs retardmaxxing [image]
  • @ivanburazin Ivan Burazin on x
    It took our compliance officer close to a year to get SOC 2 done. In the meantime, I saw even 3 month old startups getting it with ease. After a point I got frustrated: “Why the hell are we using @DrataHQ? Let's try these guys and get it done!” He kept saying “It's just not [imag…
  • @quinnypig Corey Quinn on x
    Get this. @getdelve's crisis response page has ~4,000 words of hidden billboard blog in the HTML—invisible to browsers, visible to search crawler, diluting SEO. A compliance company with hidden content only bots can see. You can't make this up.
  • @bryanonel86 Bryan Onel on x
    Wow. Delve just took down all of their customer logos as well as the entire testimonials tab and page. Never seen a company die in realtime before. [image]
  • @jadecole2112 Jade Cole on x
    I am concerned a lot of these rapid “AI first” startups are essentially fraudulent, using AI as primarily a marketing and promotion tool to get fundraising and free social media attention, while using humans in the background to do what they say their AI tools are doing. [image]
  • @quinnypig Corey Quinn on x
    @simonfarshid @getdelve You're telling me the company accused of copy-pasting the same template across 494 compliance reports is also copy-pasting hidden content across every blog post? I'm shocked. Shocked!
  • @joshconstine Josh Constine on x
    Ooof, Delve's response smells fishy. Lots of quotations, quibbling over what “fake”, “certification mill”, & “pre-filled” mean, instead of countering the substance of the allegations Ends not with ‘this is untrue’ but “we're investigating leaks” aka hunting the whistleblower 😬 [i…
  • @peer_rich @peer_rich on x
    delve couldve done the funniest ad ever [image]
  • @brettfromdj Brett on x
    Imagine raising $32,000,000 from Insight + YC, making Forbes 30u30, then allegedly using AI to mass-produce fake SOC 2 / HIPAA certs for your clients... and spending the budget on wrapping a race car instead of, y'know, doing actual compliance.
  • @boringbiz_ @boringbiz_ on x
    Forbes 30u30 has a better hit rate on identifying fraudulent companies than Chamath has on identifying good SPAC targets Let that sink in
  • @heretorule77 Silver on x
    @ohryansbelt saw this interview of founder of delve yesterday on instagram [video]
  • @megannyvold Megan Nyvold on x
    Overt self promotion and excessive pr for startups is such a turn off oh my god Founders that love doing this are nearly always compensating. Will they ever learn
  • @scottastevenson Scott Stevenson on x
    Is it time to talk about how all the major SOC2 providers are borderline fraudulent or is there too much market cap at stake?
  • @zackkorman Zack Korman on x
    The Delve stuff is bad, but all of these compliance platforms (Vanta, Drata, etc) have their “trusted auditors” they recommend. That is the core issue that corrupts this space. [image]
  • @anothercohen Alex Cohen on x
    Incredible. At this point we need to put the Forbes editors in charge of the FBI [image]
  • @decadimitry Dimitry Yakoushkin on x
    How could this level of blatant fraud make it past a VC firm led by this executive team? [image]
  • @bengold Ben Gold on x
    This is fucking insane and further proof that YC has totally lost the plot for not doing due diligence.
  • @stkenned Scott Kennedy on x
    Just completed our annual SOC2 audit using Vanta. They audited every MDM config, device destruction certificate, patched vulnerability. Honestly, it was painful. But we passed each test and I know we do right by our users. Delve is a known “shortcut”. Never considered it.
  • @vasuman Vas on x
    P-1: fraud
  • @0xluffy Luffy on x
    imagine pulling 3rd all nighter faking compliance
  • @busdownbonnor Connor on x
    I worked for a YC startup that is SOC2 and ISO compliant with Delve. It's definitely bullshit. With basically no security measures in place at the time, we managed to speed-run compliance in weeks by uploading complete garbage into their portal. The past few months I've been
  • @feifanz Feifan Zhou on x
    We talked to Delve last summer. Heard a few concerning stories behind the scenes; decided to go with someone else for our SOC II. Glad we did. We take security seriously at Tanagram. [image]
  • @zetalyrae Fernando on x
    “we” is a “Sobriety Platform for the future of Superintelligence” funded by YC [image]
  • @tekbog @tekbog on x
    turns out sometimes you can't just “do things”
  • @mil0theminer Milo Smith on x
    Holy shit they're just going straight to jail [image]
  • @mil0theminer Milo Smith on x
    3rd all nighter of what? Compliance??? I don't want my security company shipping 3am code
  • @awwstn Austin Petersmith on x
    not gonna lie, as we've been going through a gruelling SOC2 process with Vanta i have felt a lot of FOMO reading about Delve customers getting it done in 3 weeks if all this is true then NOMOFOMO
  • @tenobrus @tenobrus on x
    heads up that if you use @getdelve for compliance they're blatant fraudsters and have opened you up to massive legal liability. @karunkaushik_ and @kocalars i hope you both go to jail :)
  • @kobyjconrad Koby Conrad on x
    Just a PSA we use Delve. Delve does EXACTLY what EVERY other company in this space does, they provide a checklist and help you automate your compliance. WE are still responsible for our security. Not Delve. This industry is shady AF and this anon is 100% a competitor 🫡
  • @tenobrus @tenobrus on x
    i just scrolled thru the whole delve linkedin and literally the single eng with the most fulltime swe experience has 3.5 yoe
  • @bryanonel86 Bryan Onel on x
    Yeah this doesn't surprise me in any way, given the history I have with the founder of Delve. What a bombshell of an article though. There is just so much to unpack.
  • @mil0theminer Milo Smith on x
    Who would have guessed that Delve is a fraud
  • @johnloeber John Loeber on x
    6 months ago, I found out that Delve only had 5 engineers, and all of them pretty junior (no offense intended). I checked LinkedIn again, they're up to 10 now, it seems Drata? Vanta? Hundreds. Sometimes someone figures out a magic trick in engineering... but it's unlikely.
  • @kscottz Kat Scott on x
    Billboards for this company are all over SF. I walked by their headquarters the other day and just laughed, because “delve” is onenof those canary words that signals AI slop. I'm sure this isn't the first or last fraud to come out of YC's AI era. [image]
  • @jessfraz Jessie Frazelle on x
    VCs about to delete a lot of tweets
  • @javipark_ Javi Park on x
    if this is true, congrats @Forbes you've done it again 👏👏👏👏 [image]
  • @bonegpt Bone on x
    another YC fraud mill
  • @jessicatshen Jessica Shen on x
    This exposé isn't getting nearly enough attention. @getdelve, a YC W24 compliance automation startup that raised $32M from Insight Partners, allegedly convinced hundreds of companies they were SOC 2 compliant, when they weren't. The scheme involved working with Indian audit [imag…
  • @anammostarac Ana Mostarac on x
    > Startup accused of fraud > Check bios of both founders > Forbes 30 under 30 [image]
  • @barrald Barry McCardel on x
    there's something truly sublime about cluely being scammed on their SOC 2
  • @bfaviero Bruno Faviero on x
    Glad we used @TrustVanta [image]
  • @ahmetb @ahmetb on x
    you should beware of using @Lovable @cluely @wisprflow for anything confidential/PII because they most likely obtained compliance through Delve and got frauded themselves.
  • @shobhitic @shobhitic on x
    saw this interview of founder of delve yesterday on instagram [video]
  • @ohryansbelt Ryan on x
    Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet [image]
  • @attributeshift @attributeshift on x
    @ohryansbelt are these the same guys that bragged about their engineer working for 3 days straight
  • @quinnypig Corey Quinn on x
    Affected client: @cluely Yes, that Cluely, the company that sells AI overlays to help people cheat interviews. A company whose entire value prop is undetectable deception was getting its compliance from a company whose entire value prop is undetectable deception. Synergy!
  • @denehyxxl Ryan Denehy on x
    @eringriffith Early stage companies who slap their names on race cars don't often end well [image]
  • @vcbrags @vcbrags on x
    @ohryansbelt @asemota 30u30 never misses [image]
  • @isareksopuro Isabelle on x
    state of silicon valley: > Delve (YC W24) >"AI Native" >literally no AI >forbes 30u30 founders >charges $6k for a chatgpt'd legal contract >uses Indian contractors to fake data (impersonating as US-based CPAs) > leaked sensitive client data (Lovable, Cluely) & blamed it on [image…
  • @jackbr513 Jack Brown on x
    @eringriffith Unfortunate timing for their new bus ad 😬 [image]
  • @pk_iv Paul Klein IV on x
    If this is legit - it means that every SOC-2 report from their customers will need to be redone (which will take months). Very thankful to be a Vanta customer right now.
  • @regimecpa @regimecpa on bluesky
    If you're a tech or business journalist who wants to talk about the corruption of the SOC 2 compliance space after reading the below, let me know, happy to provide context from an auditor before you reach out to the author.
  • @alisonbuki @alisonbuki on bluesky
    another day another startup fraud  —  substack.com/home/post/p-...
  • @moll.dev Tom on bluesky
    Absolutely wild.  Cluely and others using a scam compliance-as-a-service company that just rubberstamps everything using a sketch US firm and numerous other sketchy Indian firms to claim SOX2, HIPPA, GDPR, etc compliance.  —  substack.com/home/post/p-...
  • r/programming r on reddit
    Delve - Fake Compliance as a Service (SOC 2 automation startup caught fabricating evidence)
  • r/soc2 r on reddit
    The madness continues