Delve halts demos as compliance allegations trigger investor retreat and fraud scrutiny

Delve halts demos, Insight Partners scrubs investment post amid 'fake compliance' allegations | TechCrunch

Delve, a Y Combinator-backed compliance startup accused of fabricating certifications for its customers, has disabled the "book a demo" feature on its website. The controversy, detailed last week in a Substack post by an anonymous whistleblower known as "DeepDelver," has apparently led Insight Partners to scrub an article explaining its $32 million investment in the startup. DeepDelver, who claims to be a former client, alleged that Delve, which was valued at $300 million during its Series A funding round last year, fabricated compliance data for its customers. The original text of the article, written by Insight Partners managing directors Teddie Wardi and Praveen Akkiraju, among others, and titled, "Scaling AI-native compliance: How Delve is saving companies time and money on compliance busywork," remains viewable here via the Wayback Machine, an internet archive that preserves snapshots of web pages. Delve's co-founders Karun Kaushik and Selin Kocalar, as well as Insight Partners, did not immediately respond to TechCrunch's request for comment. On its website, Delve claims to have helped customers such as Microsoft, Chase, PayPal, American Express, and the AI search company Perplexity cut "hundreds of hours" of compliance busywork. However, it remains unclear how many of these companies are still active users of the platform. Founded in 2023, Delve says it leverages AI to automate the process of obtaining security and regulatory certifications, including SOC 2, HIPAA, and GDPR -- standards that govern data security, health information privacy, and European data protection, respectively. In their Substack post, DeepDelver alleged that Delve "fabricated evidence of board meetings, tests, and processes that never happened," then forced customers to "choose between adopting fake evidence or performing mostly manual work with little real automation or AI." The post further alleges that Delve's platform rubber-stamps its own reports rather than undergoing a second layer of independent auditing. Delve responded to the accusations by saying it does not issue compliance reports at all, and that instead it is an "automation platform" that ingests information about compliance and then provides auditors with access to that information. Delve also said that its customers "can opt to work with an auditor of their choosing or opt to work with one from Delve's network of independent, accredited third-party audit firms." Those auditors, the startup said, are "established firms used broadly across the industry, including by other compliance platforms." In response to the accusation that it's providing customers with "fake evidence," Delve countered that it's simply offering "templates to help teams document their processes in accordance with compliance requirements, as do other compliance platforms." While the company is denying DeepDelver's allegations, the disabling of the "book a demo" function and the scrubbing of Insight Partners' investment thesis article suggest that the startup is in damage control, and that investors may be distancing themselves from the company.

The Delve Scandal: A Y Combinator Darling Just Got Hit With a Bombshell Fraud Accusation

On March 18, an anonymous Substack account named Deepdelver published a lengthy article that claimed to have evidence that Delve had been generating "fraudulent" audit reports, lying about the security measures it implements, and fabricating "evidence of board meetings, tests, and processes that never happened." The post claims that Delve "scammed" hundreds of clients including Lovable, Cluely, and Wispr Flow. Delve did not respond to Inc.'s request for a comment. Delve was founded in 2023 by Gen-Z entrepreneurs Karun Kaushik and Selin Kocalar, and was part of Y Combinator's winter 2024 batch. The company promised to use "agentic AI" to speed through compliance certification in days rather than weeks or months. For companies looking to contract with major entities like large enterprises and governments, being in compliance with industry standards like SOC 2, ISO 27001, HIPAA, and GDPR can make the difference between an RFP win and loss. CPA firms review a company's security practices and controls, then issue a report verifying that the company is in compliance with a given standard.