Alp Mimaroglu

Delve has been on a generational run! - Got into YC - Onboarded Lovable, Cluely, and other unsuspecting companies - Faked hundreds of SOC 2 & ISO 27001 audits - Spammed wall of love with logos they "helped their customers close" - Got caught - Made employees delete all the old posts - Put out an explanation with replies turned off - Stole a fellow YC company's IP (which was open source) - Removed attribution during due diligence for their Series A - Rebadged it as a standalone product - Sold it to Brex, Anthropic, Gusto, Notion (one deal was $50k+) - Got caught again What a shitshow.

very big breach

In the same meeting, Delve CEO Karun Kaushik and team openly discuss how their “automation” lets them deliver full draft reports in one single day — something that normally takes 7–10 days. One exec: “With this I’ll get their draft back to them within a day…” Fake Compliance as a Service? Day 1/5: deepdelver.substack.com/p/delve-fake-c…

Delve CEO Karun Kaushik admitted internally: “To supplement, we’ve asked vCISO’s to instead support them off-platform, and in effect become exactly what we didn’t want to be: A services company. This presents a large problem for us.” This is the same startup that raised $32M claiming it was fully automated. DeepDelver exposé just dropped — Day 1/5 here: deepdelver.substack.com/p/delve-fake-c…

Delve CEO Karun Kaushik laughing on camera: “They take all the liability. So it’s not like I’m complaining.” Same meeting where he jokes “Does Accorp actually look at our platform at all?” 😂 and admits 1-day auto-reports are “a good way to juice any additional capital from a customer.” The CEO himself happily shifting all risk to the auditor while misleading customers & investors. Day 1/5 of Fake Compliance as a Service 👀 deepdelver.substack.com/p/delve-fake-c…

Delve CEO Karun Kaushik laughing on camera: “Does Accorp actually look at our platform at all?” 😂 Same meeting where he admits their 1-day auto-reports are: “That is a good way to juice any additional capital from a customer.” The CEO himself openly joking about fooling the auditor while pumping fake compliance. Day 1/5 of Fake Compliance as a Service is nuclear 👀 deepdelver.substack.com/p/delve-fake-c…

Delve didn’t automate compliance… they allegedly automated the fraud. CEO caught ‘juicing capital’ while their secret generator spits out full reports in 1 day. Part II of Fake Compliance as a Service is here 🔥 deepdelver.substack.com/p/delve-fake-c…

Welcome to Holly Angles Hospice, this is the Learing Center of California's hospice fraud. Fraudsters use: - Elderly - Children - Autistic/disabled They use the most vulnerable to steal millions from hardworking, law-abiding taxpayers while living in luxury END ALL THE FRAUD.

BREAKING: Meek Mill's YC-backed startup has had all internal documents leaked hours after receiving their Delve SOC 2 certification.

WAT

How can I short every startup this guy has interviewed?

A detailed and brutal look at the tactics of buzzy AI compliance startup Delve "Delve built a machine designed to make clients complicit without their knowledge, to manufacture plausible deniability while producing exactly the opposite." substack.com/home/post/p-19…

Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet containing links to hundreds of confidential draft audit reports revealed that Delve generates auditor conclusions before any auditor reviews evidence, uses the same template across 99.8% of reports, and relies on Indian certification mills operating through empty US shells instead of the "US-based CPA firms" they advertise. Here's the breakdown: > 493 out of 494 leaked SOC 2 reports allegedly contain identical boilerplate text, including the same grammatical errors and nonsensical sentences, with only a company name, logo, org chart, and signature swapped in > Auditor conclusions and test procedures are reportedly pre-written in draft reports before clients even provide their company description, which would violate AICPA independence rules requiring auditors to independently design tests and form conclusions > All 259 Type II reports claim zero security incidents, zero personnel changes, zero customer terminations, and zero cyber incidents during the observation period, with identical "unable to test" conclusions across every client > Delve's "US-based auditors" are actually Accorp and Gradient, described as Indian certification mills operating through US shell entities. 99%+ of clients reportedly went through one of these two firms over the past 6 months > The platform allegedly publishes fully populated trust pages claiming vulnerability scanning, pentesting, and data recovery simulations before any compliance work has been done > Delve pre-fabricates board meeting minutes, risk assessments, security incident simulations, and employee evidence that clients can adopt with a single click, according to the author > Most "integrations" are just containers for manual screenshots with no actual API connections. The author describes the platform as a "SOC 2 template pack with a thin SaaS wrapper" > When the leak was exposed, CEO Karun Kaushik emailed clients calling the allegations "falsified claims" from an "AI-generated email" and stated no sensitive data was accessed, while the reports themselves contained private signatures and confidential architecture diagrams > Companies relying on these reports could face criminal liability under HIPAA and fines up to 4% of global revenue under GDPR for compliance violations they believed were resolved > When clients threaten to leave, Delve reportedly pairs them with an external vCISO for manual off-platform work, which the author argues proves their own platform can't deliver real compliance > Delve's sales price dropped from $15,000 to $6,000 with ISO 27001 and a penetration test thrown in when a client mentioned considering a competitor

Delve - Fake Compliance as a Service - Part I How Delve managed to falsely convince hundreds of customers they were compliant and then lied about it when exposed and called out deepdelver.substack.com/p/delve-fake-c…

Chuck Norris climbed a 10,000-foot volcano at 85, just months before he passed away 🙏🏻🕊

btw their supabase storage bucket is publicly accessible via any signed url token 😭 exposes: > employee background checks > equity vesting schedules and grant amounts > performance reviews > session tokens for stripe, notion, etc > screenshots below 🧵 i also got access to their notion 😛

This coffee shop only hires down syndrome employees. ❤️

Three Charged with Conspiring to Unlawfully Divert Cutting Edge U.S. Artificial Intelligence Technology to China “The indictment unsealed today details alleged efforts to evade U.S. export laws through false documents, staged dummy servers to mislead inspectors, and convoluted transshipment schemes, in order to obfuscate the true destination of restricted AI technology—China,” said John A. Eisenberg, Assistant Attorney General for National Security. “These chips are the product of American ingenuity, and NSD will continue to enforce our export-control laws to protect that advantage.” 🔗: justice.gov/opa/pr/three-c…

CBS NEWS INVESTIGATION: A salon, a modeling agency, and 89 hospices? We visited a 3-story LA building being called "ground zero" for fraud. We went to look for ourselves. cbsn.ws/4bmB3Kg