JT

@bunsen Them thar AI companies ain’t takin muh land or mah cows

"I say they're a liar, and the truth ain't in 'em"

@realAnn_29 He’s anthonykvella on IG

@realAnn_29 I used to skydive with him. He recovered and he’s back in action. Cool guy

Viral Texas paramotor close call, panic in the sky, hard landing. Grateful he's okay, but this is terrifying. 😳 🪂

@compliantvc You’re mentioned in this article as being shady lol what are you on about?

@compliantvc @compai

Sorry to all the folks dealing with this. If you've been affected, email the Comp AI team at sales@trycomp.ai before the end of March with your Delve invoice, and they'll give you a year of @compai for free.

@ohryansbelt So did Roy Lee at Cluely make any false claims about their compliance? @TechCrunch

Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet containing links to hundreds of confidential draft audit reports revealed that Delve generates auditor conclusions before any auditor reviews evidence, uses the same template across 99.8% of reports, and relies on Indian certification mills operating through empty US shells instead of the "US-based CPA firms" they advertise. Here's the breakdown: > 493 out of 494 leaked SOC 2 reports allegedly contain identical boilerplate text, including the same grammatical errors and nonsensical sentences, with only a company name, logo, org chart, and signature swapped in > Auditor conclusions and test procedures are reportedly pre-written in draft reports before clients even provide their company description, which would violate AICPA independence rules requiring auditors to independently design tests and form conclusions > All 259 Type II reports claim zero security incidents, zero personnel changes, zero customer terminations, and zero cyber incidents during the observation period, with identical "unable to test" conclusions across every client > Delve's "US-based auditors" are actually Accorp and Gradient, described as Indian certification mills operating through US shell entities. 99%+ of clients reportedly went through one of these two firms over the past 6 months > The platform allegedly publishes fully populated trust pages claiming vulnerability scanning, pentesting, and data recovery simulations before any compliance work has been done > Delve pre-fabricates board meeting minutes, risk assessments, security incident simulations, and employee evidence that clients can adopt with a single click, according to the author > Most "integrations" are just containers for manual screenshots with no actual API connections. The author describes the platform as a "SOC 2 template pack with a thin SaaS wrapper" > When the leak was exposed, CEO Karun Kaushik emailed clients calling the allegations "falsified claims" from an "AI-generated email" and stated no sensitive data was accessed, while the reports themselves contained private signatures and confidential architecture diagrams > Companies relying on these reports could face criminal liability under HIPAA and fines up to 4% of global revenue under GDPR for compliance violations they believed were resolved > When clients threaten to leave, Delve reportedly pairs them with an external vCISO for manual off-platform work, which the author argues proves their own platform can't deliver real compliance > Delve's sales price dropped from $15,000 to $6,000 with ISO 27001 and a penetration test thrown in when a client mentioned considering a competitor

@johnloeber They’re a security/compliance company, they shouldn’t just have junior engineers. I mean that as offensively as possible.

6 months ago, I found out that Delve only had 5 engineers, and all of them pretty junior (no offense intended). I checked LinkedIn again, they're up to 10 now, it seems Drata? Vanta? Hundreds. Sometimes someone figures out a magic trick in engineering... but it's unlikely.

@jessegenet Uh, I use AI all day every day at enterprise level and he’s 100% accurate. You’ve demonstrated you don’t use AI enough though, congrats

The average person really wants to believe this because then they can just not try hard to get good at using AI right now and not feel behind… they even get to feel smug! fun! don’t fall for it.

@pmarca @Austen I spend all day using AI at the enterprise level, and this guy has a remarkably good read on the reality of AI vs the hype. Better than anyone I’ve seen talk on the subject.

Of course the other possibility is that AI is spiking the individual's productivity to the moon, and they're right.

@Bfaviero It’s easy to tell in the first 30s if they’ll invest.

Hard to describe the exact moment a VC decides you’re of zero value mid-convo and finds the fastest possible exit

@JTLonsdale @Cernovich Respectfully (heh) disagree. Respect is one of those relationship boundaries and those have to be negotiated. It’s like team culture: you shape it, else it shapes around you (and not in the ways you’d hope). Agree on sentiment to not chase or be needy.

@Cernovich Wise advice.

Rabbi Shalom Landau posts banger videos almost every day. He is doing more to discredit anti-Semitism than the people yelling and being nasty all day. You can win more with honey than vinegar.

@CCgong You have no idea how validating this feels having moved to Austin during covid

you went to a real SF party this weekend if you talked about - openclaw and how it’s a paradigm shift but also zomg so unsafe - peptides - how impossible dating in SF is - AI agents replacing everyone - the Anthropic tender driving up housing prices - creatine

@im_roy_lee @ivanburazin lmao bro is on tilt

@ivanburazin how ab u give me more than a few months to lock in, bald head ass

Genuine question: has any of the super hyped up products ever been successful? - Cluely - Icon - Rabbit R1 - Friend - Clubhouse Am I missing any?

@DegenHaole @rawsalerts Arrest the drones, duh. You can’t just be a drone flying around blowing stuff up and exceeding speed limits and think you can get away with it.

@rawsalerts WTF ARE THE POLICE SUPPOSED TO DO

🚨#BREAKING: The FBI has warned numerous police departments in California that Iran may seek to retaliate for recent U.S. attacks by potentially launching offensive drones targeting the West Coast.

@trashh_dev Can you provide any justification for your decisions?

how do you say in corporate “your code sucks”

@neuralamp4ever @Rahll Yes velocity is tracked, but so are incidents. At enterprise scale, incidents will cause your employment to be terminated much faster.

@jmtame @Rahll In theory. In practice, there might not be much of a difference: x.com/neuralamp4ever…

AI code is breaking Amazon systems at an increasing rate and it's such a problem that junior and mid-level engineers now aren't allowed to commit AI-assisted code without a senior engineer reviewing it. Is anyone surprised?

@HimanK17Gupta @Rahll That’s on eng leadership (IC not EM) to make it clear. Can’t expect tech leadership to have clear pulse on limitations especially with all the insane narratives floating around. Workday is good example of alignment from the top.

@jmtame @Rahll I think more gullible are the tech leadership and execs sitting in board rooms believing AI hype rail to force boost AI productivity metrics just to prove their cost cutting

@nejatian You investing all your capex into electricity?

I honestly don’t understand how this is possible. It is like saying “electricity has no impact on productivity” in 1890s.

@BeardyBrandon Is it allergies? I got on Singulair and it was night and day difference. Outside of that, how’s your stress? Do you use a sleep tracker?

Anyone else just... tired, a LOT? Like, I sleep 8 hours a night, more or less. Eat super clean. Workout, steps, etc. But I yawn 50+ times a day. Anyone else? Any tips?