Delve compliance report fraud allegations

Developing StoryLast updated MAY 21
SUMMARY

Compliance startup Delve has reportedly halted product demonstrations and lost its largest investor, Y Combinator, by May 21, 2026, due to allegations of fabricating compliance reports for nearly 500 clients. As of May 21, 2026: Multiple clients are migrating to competing services, and Delve has been removed from Y Combinator's directory. Whistleblower "DeepDelver" has released evidence, including purported Slack messages and video, naming audit firms Accorp and Gradient as "certification mills" that allegedly rubber-stamped Delve's reports. Delve's CEO Karun Kaushik has called the claims "falsified," despite leaked reports containing real client signatures and confidential data. The allegations, including systematic fabrication of SOC 2, ISO 27001, HIPAA, and GDPR certifications, gained significant traction on Hacker News and Reddit starting January 9, 2026.

Timeline

Want updates on this thread?

Track this story

May 2026 1 developments

  1. Delve has reportedly halted product demonstrations and lost its largest investor, Y Combinator, due to allegations of fabricating compliance reports.

    Delve has reportedly halted product demonstrations and lost its largest investor, Y Combinator, due to allegations of fabricating compliance reports. Multiple clients are migrating to competing services, with accusations suggesting Delve produced fake SOC 2 and ISO 27001 evidence.

April 2026 3 developments

  1. Delve has been removed from Y Combinator's directory following allegations of fabricating compliance reports for clients.

    Delve has been removed from Y Combinator's directory following allegations of fabricating compliance reports for clients. The company denies the claims, stating they provide data to auditors rather than pre-filled reports.

  2. Delve is accused of faking compliance reports for nearly 500 clients, with investigations revealing that some audit firms used by the company have failed AICPA peer reviews.

    Delve is accused of faking compliance reports for nearly 500 clients, with investigations revealing that some audit firms used by the company have failed AICPA peer reviews. A whistleblower also alleges that Delve repackaged an open-source platform as its own proprietary tool, adding to existing concerns about the company's compliance practices.

  3. Whistleblower "DeepDelver" has released further evidence, including purported Slack messages and video, related to Delve's alleged fabrication of compliance reports.

    Whistleblower "DeepDelver" has released further evidence, including purported Slack messages and video, related to Delve's alleged fabrication of compliance reports. Audit firms Accorp and Gradient are named as "certification mills" that allegedly rubber-stamped Delve's reports without independent verification. Companies like LiteLLM have begun severing ties with Delve.

March 2026 3 developments

  1. LiteLLM has terminated its partnership with Delve following a credential-stealing malware attack, intensifying concerns about the reliability of Delve's compliance certifications.

    LiteLLM has terminated its partnership with Delve following a credential-stealing malware attack, intensifying concerns about the reliability of Delve's compliance certifications. Delve is accused of fabricating reports for clients, potentially exposing them to significant legal risks.

  2. Delve is accused of systematically producing fake evidence, including fabricated board meeting minut…

    Delve is accused of systematically producing fake evidence, including fabricated board meeting minutes and tests, to mislead clients about their compliance with regulations like HIPAA, GDPR, SOC 2, and ISO 27001. Some affected clients have reportedly unpublished their trust pages and abandoned the platform.

  3. Delve's CEO Karun Kaushik has responded to allegations of faking compliance reports, calling the cla…

    Delve's CEO Karun Kaushik has responded to allegations of faking compliance reports, calling the claims "falsified" and from an "AI-generated email," despite leaked reports containing real client signatures. An anonymous investigator, "DeepDelver," published a detailed report on Substack alleging that Delve's "US-based auditors" are actually Indian certification mills using shell companies. Delve maintains they are an automation platform, not an auditor, and that licensed auditors issue final reports.

January 2026 4 developments

  1. Compliance startup Delve is accused of faking SOC 2, ISO 27001, HIPAA, and GDPR certifications for hundreds of clients.

    Compliance startup Delve is accused of faking SOC 2, ISO 27001, HIPAA, and GDPR certifications for hundreds of clients. An investigation revealed systematic fabrication of compliance reports, including pre-written audit conclusions and fabricated security check evidence. The CEO reportedly called the allegations 'falsified claims,' but leaked documents contained real client signatures and confidential data.

  2. The allegations against Delve gained further traction on Hacker News, where a thread titled 'Delve AI Audit Fraud' emerged.

    The allegations against Delve gained further traction on Hacker News, where a thread titled 'Delve AI Audit Fraud' emerged. Participants in the discussion shared detailed analyses and evidence, bringing the accusations to a wider tech audience and significantly increasing public pressure on the company.

  3. Discussions intensified on Reddit with a post titled 'Real or Fake?

    Discussions intensified on Reddit with a post titled 'Real or Fake? The Delve scandal or conspiracy deepens,' indicating a rapidly growing awareness and debate surrounding the allegations. The post referenced information circulating about allegedly fake SOC 2 reports and a spreadsheet confirming impacted clients, further fueling public scrutiny.

  4. Initial allegations of fraudulent compliance practices by Delve began to surface on Reddit's r/soc2 subreddit.

    Initial allegations of fraudulent compliance practices by Delve began to surface on Reddit's r/soc2 subreddit. Users expressed growing skepticism and shared suspicions regarding the legitimacy of Delve's claims, particularly its promise of achieving 'SOC 2 in days,' indicating early public concern.

November 2025 1 developments

  1. In late 2025, a critical vulnerability was discovered when a publicly accessible Google Spreadsheet …

    In late 2025, a critical vulnerability was discovered when a publicly accessible Google Spreadsheet was found, containing links to hundreds of confidential draft audit reports from Delve's internal pipeline. This discovery became the initial catalyst for the subsequent widespread fraud allegations against the company, exposing potential irregularities.

July 2025 2 developments

  1. Concurrent with its Series A funding announcement, Delve claimed to be serving over 500 companies across various industries.

    Concurrent with its Series A funding announcement, Delve claimed to be serving over 500 companies across various industries. The company marketed its platform as a solution that could help customers achieve compliance rapidly, build robust security, and expedite deal closures, highlighting its rapid growth and market penetration.

  2. Delve announced a substantial Series A funding round, raising $32 million led by Insight Partners, with additional participation from CISOs at Fortune 500 companies.

    Delve announced a substantial Series A funding round, raising $32 million led by Insight Partners, with additional participation from CISOs at Fortune 500 companies. This funding round valued the company at $300 million and was intended to accelerate its AI capabilities, expand its team, and support more compliance frameworks.

February 2024 1 developments

  1. Delve publicly launched its HIPAA compliance as a service on Hacker News, marking one of its first major product offerings.

    Delve publicly launched its HIPAA compliance as a service on Hacker News, marking one of its first major product offerings. This launch underscored the company's early focus on regulated industries and its ambition to simplify complex compliance frameworks using AI-driven solutions.

January 2024 1 developments

  1. In 2024, Delve successfully secured $3.

    In 2024, Delve successfully secured $3.3 million in seed funding. This initial capital provided the necessary resources to develop its AI-native compliance platform, enabling the company to begin building its core technology and expand its foundational team.