SPEC

Announcing a Panel on AI Psychosis, featuring @Allan_OnTheLine, @_BILLDING_, @deepfates, @devgerred, @___4o____, @Marianthi777, and @noveltokens. A semi-moderated discussion on the issue of AI psychosis, how it manifests, how to define it, and more! March 21st, 1-2PM EST.

I’m a comms/marketing retard but I now understand the win condition for new wave soc2 companies has always just been vibes. Incredibly weak messaging in response to the delve catastrophe from competitors. A large majority of these customers are startups flushed with cash looking to virtue signal with a soc2 badge on their website. Delve did so well because they were better at vibes and creative customer acquisition. Now that hundreds of their customers were leaked, there is a new flavor of branding that wins, and it’s something along the lines of integrity, expertise and professionalism. I’m not sure why multiple startups are now panicking in a race to the bottom in some form of “delve customers join a year for free”. 1. That isn’t a real identity 2. Delve customers aren’t looking for free, they’re looking for someone trustworthy and credible 3. This doesn’t create appeal for all the companies that hadn’t thought of soc2 until today Sure you’re not going to be vanta, but you can still have delve’s startup marketing vibes while also establishing yourself as the new school authority figure. Dunk on all of your loser competitors that don’t realize free is the same as scammy. Stand behind your product and its price, and demonstrate domain expertise by explaining why you’re the only legitimate compliance company. Or maybe you’re all just scammers

@shravvmehtaa @secureframe Appeal to emotion is alright here but you didn’t establish an identity besides free for a year which is actually a counter signal. Nobody wants free after being leaked as a customer to all of Silicon Valley. They want trustworthy and principled.

Sorry to all the folks dealing with this. If you've been affected, email us at sales@secureframe.com before the end of March with your Delve invoice, and we'll give you @secureframe free for a year.

@lewiscarhart Get a real comms person to help you, you’re not taking advantage of this. Instead of a half assed post like this fishing for a few delve customers and taking jabs at a carcass of a company you should be stamping yourself as the knowledgeable and principled authority figure.

We may cut corners with our marketing every now and then We don’t cut corners with our customers security ❤️

@___4o____ I used to look up to Bernie but now I just kind of see him as fighting to keep us all as slaves

ONESHOTTED BY CLAUDE BERNIE SANDERS 3/19/26

@endpointarena He said my bstack was MARXMODE

@___4o____ Waiting for him to tweet about BStack

Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet containing links to hundreds of confidential draft audit reports revealed that Delve generates auditor conclusions before any auditor reviews evidence, uses the same template across 99.8% of reports, and relies on Indian certification mills operating through empty US shells instead of the "US-based CPA firms" they advertise. Here's the breakdown: > 493 out of 494 leaked SOC 2 reports allegedly contain identical boilerplate text, including the same grammatical errors and nonsensical sentences, with only a company name, logo, org chart, and signature swapped in > Auditor conclusions and test procedures are reportedly pre-written in draft reports before clients even provide their company description, which would violate AICPA independence rules requiring auditors to independently design tests and form conclusions > All 259 Type II reports claim zero security incidents, zero personnel changes, zero customer terminations, and zero cyber incidents during the observation period, with identical "unable to test" conclusions across every client > Delve's "US-based auditors" are actually Accorp and Gradient, described as Indian certification mills operating through US shell entities. 99%+ of clients reportedly went through one of these two firms over the past 6 months > The platform allegedly publishes fully populated trust pages claiming vulnerability scanning, pentesting, and data recovery simulations before any compliance work has been done > Delve pre-fabricates board meeting minutes, risk assessments, security incident simulations, and employee evidence that clients can adopt with a single click, according to the author > Most "integrations" are just containers for manual screenshots with no actual API connections. The author describes the platform as a "SOC 2 template pack with a thin SaaS wrapper" > When the leak was exposed, CEO Karun Kaushik emailed clients calling the allegations "falsified claims" from an "AI-generated email" and stated no sensitive data was accessed, while the reports themselves contained private signatures and confidential architecture diagrams > Companies relying on these reports could face criminal liability under HIPAA and fines up to 4% of global revenue under GDPR for compliance violations they believed were resolved > When clients threaten to leave, Delve reportedly pairs them with an external vCISO for manual off-platform work, which the author argues proves their own platform can't deliver real compliance > Delve's sales price dropped from $15,000 to $6,000 with ISO 27001 and a penetration test thrown in when a client mentioned considering a competitor

@sur4js We need more yc hate watchers, there’s too much to keep track of

Update: Phind died. Brutally competitive space

@raastapopoulos @eringriffith I’m talking fund performance

@___4o____ @eringriffith the brand has plummeted hard, think it will be faster than 10 years know many great founders who have chosen not accept YC offers

A detailed and brutal look at the tactics of buzzy AI compliance startup Delve "Delve built a machine designed to make clients complicit without their knowledge, to manufacture plausible deniability while producing exactly the opposite." substack.com/home/post/p-19…

@raastapopoulos @eringriffith They’re so bad that they can’t even get one good company a batch without manufacturing some bullshit. Can’t wait for yc to unwind in 10 years.

@___4o____ @eringriffith I’m telling you, this is the tip of the iceberg YC in particular is froth with fraud every since Garry took over

@waterfall_met A surprising amount of yc AI companies are fraudulent in one way or another. It has nothing to do with negligence and everything to do with low integrity retards being bussed into SF with a $5 million check. More to come… enjoy the show!

@___4o____ I was looking into this myself for SOC2 and found out they have to be US based CPA-certified auditors. Just a quick ChatGPT will tell you that foreign auditors won’t make you compliant.

What is YC’s obsession with creating companies that are just Indian scams? Delve had 6 H1B visas approved btw.

Really though is there a concentrated amount of LP capital coming from India? I don’t understand why there is such a disproportionate number of founders and companies who have ties to India in YC.

@asparagoid Trvke

X is a site where ~500 truly original creators have been convinced to write great content for a 99% bot audience in exchange for $10 per million views. The goal was never monetization or usage, it was data: for those 500 people to train models better than those trained on Reddit

@EliasofIX Ty

@___4o____ Git clone deez nutz

We’re still so early