AI compliance startup Delve accused of fabricating audit reports for over 400 clients (Updated with Delve’s response)
AI compliance startup Delve is accused of systematically fabricating security audits for over 400 clients. If alegations prove true, companies that bought into the “SOC 2 in days” hype could face severe legal consequences.
Delve, a Y Combinator-backed startup that raised $32 million to automate compliance, is facing allegations of systemic fraud. A new exposé claims the company fabricated regulatory reports for hundreds of clients instead of actually verifying their security standards.
The allegations stem from a Substack investigation titled “Fake Compliance as a Service,” which published a leaked spreadsheet containing links to 494 draft compliance reports.
- The alleged method: Instead of automating evidence collection, Delve reportedly generated auditor conclusions and test procedures before clients even submitted their company data.
- The fabrications: The investigation claims 493 of the reports featured identical boilerplate language, with the platform offering fake board meeting minutes and risk assessments for one-click adoption.
- The offshore auditors: Rather than using legitimate U.S.-based CPA firms, Delve allegedly routed clients through two Indian “certification mills” operating via U.S. shell companies.
The accusations completely undermine the company’s core promise of AI-driven compliance. While Delve marketed its ability to achieve “SOC 2 in days” through advanced AI agents, the investigation suggests the platform actually functioned as a massive copy-paste operation.
- The CEO’s response: Delve CEO Karun Kaushik emailed clients dismissing the allegations as an “AI-generated email” and denying any data exposure, despite the leaked reports containing private architecture diagrams.
- The legal liability: Companies relying on these fabricated reports now face severe consequences, including potential criminal liability under HIPAA and massive GDPR fines for misrepresenting their security.
- The industry reaction: The tech community is actively questioning how a platform operating as a templated shortcut evaded scrutiny during its recent Series A funding round led by Insight Partners.
The Bottom Line: Delve sold investors and clients on the promise of AI-native compliance automation. If the allegations hold true, the startup simply built a fraudulent document generator that leaves hundreds of companies legally exposed with fake security certifications.
Source: DeepDelver Substack
Update: Delve has issued an official response:
If you need on-demand GPUs for training, fine-tuning, inference, or running open-source models, give RunPod a try.
- Available hardware: H100, H200, A100, L40S, RTX 4090, RTX 5090, and 30+ more
- Cost: significantly cheaper than AWS or GCP, billed per second, no contracts
- Setup: spins up in under a minute, 30+ regions worldwide
Get the core business tech news delivered straight to your inbox. We track AI, automation, SaaS, and cybersecurity so you don't have to.
Just read what you want, and be done with it.
