Davis Martens

Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet containing links to hundreds of confidential draft audit reports revealed that Delve generates auditor conclusions before any auditor reviews evidence, uses the same template across 99.8% of reports, and relies on Indian certification mills operating through empty US shells instead of the "US-based CPA firms" they advertise. Here's the breakdown: > 493 out of 494 leaked SOC 2 reports allegedly contain identical boilerplate text, including the same grammatical errors and nonsensical sentences, with only a company name, logo, org chart, and signature swapped in > Auditor conclusions and test procedures are reportedly pre-written in draft reports before clients even provide their company description, which would violate AICPA independence rules requiring auditors to independently design tests and form conclusions > All 259 Type II reports claim zero security incidents, zero personnel changes, zero customer terminations, and zero cyber incidents during the observation period, with identical "unable to test" conclusions across every client > Delve's "US-based auditors" are actually Accorp and Gradient, described as Indian certification mills operating through US shell entities. 99%+ of clients reportedly went through one of these two firms over the past 6 months > The platform allegedly publishes fully populated trust pages claiming vulnerability scanning, pentesting, and data recovery simulations before any compliance work has been done > Delve pre-fabricates board meeting minutes, risk assessments, security incident simulations, and employee evidence that clients can adopt with a single click, according to the author > Most "integrations" are just containers for manual screenshots with no actual API connections. The author describes the platform as a "SOC 2 template pack with a thin SaaS wrapper" > When the leak was exposed, CEO Karun Kaushik emailed clients calling the allegations "falsified claims" from an "AI-generated email" and stated no sensitive data was accessed, while the reports themselves contained private signatures and confidential architecture diagrams > Companies relying on these reports could face criminal liability under HIPAA and fines up to 4% of global revenue under GDPR for compliance violations they believed were resolved > When clients threaten to leave, Delve reportedly pairs them with an external vCISO for manual off-platform work, which the author argues proves their own platform can't deliver real compliance > Delve's sales price dropped from $15,000 to $6,000 with ISO 27001 and a penetration test thrown in when a client mentioned considering a competitor

Manufacturers Can Finance Equipment, Automation, and Inventory at Scale rfx1.com/insights/how-m…

SBA lending is stalled by two chokepoints: loan numbers and IRS transcripts. Preferred lenders will move faster once systems reopen. Some are offering better terms now, but the window may be short if rates rise again. rfx1.com/insights/sba-l… #businessloans #privatecredit #sba

Why is the Meta ad manager experience so bad? Its one of the worst UX in bug tech hands down.

@paulg I think that's one reason why there are more solo founders these days. AI has allowed good founders to hold out for longer, to find the right match rather than rushing into a forced marriage, just because VCs say that you can't go alone.

Good cofounder > no cofounder > bad cofounder. This may seem obvious but a lot of people don't seem to grasp it.

@james_y_zou A consequence of training on human data is that we transplant not only knowledge but also flaws.

We found a troubling emergent behavior in LLM. 💬When LLMs compete for social media likes, they start making things up 🗳️When they compete for votes, they turn inflammatory/populist When optimized for audiences, LLMs inadvertently become misaligned—we call this Moloch’s Bargain

With all of #SiliconeValley fixated on #AI, there are probably lots of problems that aren't being worked on enough. #startups #ycombinator

I'm shocked by how bad clunky @Meta's ad platform's UX is. Even basic things like handeling payment methods often fail (below isn't a user error btw) Trying to push the frontier in AI is all good and well, but you shouldn't abandon the fundamentals that run the business @finkd

This Is How to Grow B2B Sales With Personalization and Intent Signals medium.com/p/this-is-how-… #saas #sales #startup #saassales #marketing #buildinpublic

I launched the new version of my email automation platform chuff.co today. It lets you research and personalize email outreach with AI. Essentially an AI alternative to #MailerLite or #Hubspot

Microsoft has some of the worst tech on the Internet. I'm amazed by their resilience.

I automated outbound personalization. Websites + web search to personalize every prospect's msg. Nearly 14x'd my outbound GTM!

What's your outbound motion to land customers? Email? LinkedIn? X? ...

How good are your outbound emails?

When the combustion engine was invented in late 19th century, many carriage operators swapped horses for an engine without redesigning the vehicle to handle higher speeds or take advantage of any other benefits combustion engines enabled. Do we really need more #SaaS?

From the outside startups feel very abstract... From the inside it feels very tactical... Ship -> sell -> ship -> sell ...

@rdominguezibar @rdominguezibar building the personal AI-workspace for enterprise sales. Its one workspace to store the prospect data you already pay for, generate signals from past conversations or web, and plan your next move. chuff.co

Drop in the comments your startup blurb 💥

#OpenAl just published an interesting paper that digs into one of the most stubborn problems in #LLMs. Full paper here cdn.openai.com/pdf/d04913be-3… #AI #Anthropic

I think #Sales will be more human than ever. Nobody wants to receive more automated junk. Maybe we need to think more about how to enable personal concierge experiences

#palantir has turned gtm into a science. There are very few companies that can land complex deals of that magnitude and scale rapidly