Reddit
Delve (YC W24, $32M Raised) Caught Generating Fake SOC 2, ISO 27001, HIPAA Reports — 494 Companies Affected
DeepDelver's investigation exposed that Delve systematically fabricated audit reports using AI-generated templates before any auditor reviewed evidence, with 'US-based auditors' actually being cheap Indian certification mills. 494 fake SOC 2 reports and 81 ISO 27001 registrations are confirmed compromised, affecting Lovable, Cluely, Sully, HockeyStack, Browser Use, and dozens more AI-native startups that used Delve to establish enterprise credibility. The scandal lands at the intersection of vibe-coded startups and compliance theater.
↳ Follow the thread