Compliance Startup Delve Faces Allegations of Fabricating Certifications
Delve, a compliance startup backed by Y Combinator, has recently disabled the “book a demo” option on its website amid serious allegations of providing fake certifications to its clients. These accusations were brought to light in a Substack post by an anonymous whistleblower known as “DeepDelver,” who claims to be a former client of the company.
According to the whistleblower, Delve—which reached a valuation of $300 million during its Series A funding round last year—purportedly fabricated compliance data to mislead its customers. The implications of this scandal have evidently prompted Insight Partners to remove an article detailing its $32 million investment in Delve. The original piece, authored by managing directors Teddie Wardi and Praveen Akkiraju, was titled “Scaling AI-native compliance: How Delve is saving companies time and money on compliance busywork.” It remains accessible via the Wayback Machine.
Despite the unfolding controversy, insights into Delve’s offerings reveal that the startup claims to have assisted major corporations such as Microsoft, Chase, PayPal, and American Express in reducing compliance-related workloads. However, the exact number of active users among these high-profile clients remains uncertain.
Founded in 2023, Delve positions itself as an AI-driven solution designed to automate the acquisition of various security and regulatory certifications—including SOC 2, HIPAA, and GDPR. These certifications are vital for ensuring compliance with standards related to data security and privacy.
DeepDelver’s allegations include claims that Delve fabricated evidence of board meetings, testing, and processes that never occurred. The whistleblower suggests that clients were faced with the dilemma of accepting this fictitious evidence or resorting to largely manual compliance work, which purportedly offered little in the way of genuine automation or AI assistance.
Further compounding these allegations, the post asserts that Delve’s platform provides a superficial validation of compliance reports, bypassing necessary independent auditing procedures. In response to these severe claims, Delve has maintained that it does not issue compliance reports; instead, it acts as an “automation platform” that compiles compliance-related information and enables auditor access to that data.
Delve clarified that customers have the option to collaborate with a chosen auditor or select from its network of independent, accredited audit firms. The startup emphasized that these auditors are reputable firms that are commonly utilized throughout the industry.
In rebuttal to the accusation of generating “fake evidence,” Delve asserted that it provides templates intended to aid teams in documenting processes in alignment with compliance requirements—a practice not uncommon among compliance platforms. Nevertheless, the recent disabling of its demo feature, alongside the removal of Insight Partners’ investment discourse, suggests that Delve is engaged in damage control as it navigates this unfolding scrutiny.