Delve Under Fire: Allegations of Misleading Compliance Practices Emerge
Delve, a compliance startup backed by Y Combinator, is currently facing serious allegations regarding its compliance verification processes. An anonymous Substack post, authored by DeepDelver, accuses the company of providing clients with fabricated evidence of compliance, potentially exposing them to significant legal risks under regulations such as HIPAA and GDPR.
Founded by MIT dropouts Karun Kaushik and Selin Kocalar, Delve gained attention in July 2025 when it secured a $32 million Series A funding round led by Insight Partners, valuing the company at $300 million. The startup’s rapid growth was attributed to its promise of automating regulatory compliance through AI agents, offering a swift and efficient solution for businesses navigating complex regulatory landscapes.
The controversy began when DeepDelver, claiming to be affiliated with a former Delve client, published a detailed account alleging that Delve’s platform generates fake evidence of compliance activities. According to the post, Delve provided clients with fabricated records of board meetings, tests, and processes that never occurred. Clients were reportedly pressured to accept this false evidence or undertake manual compliance work, contradicting Delve’s claims of automation and AI-driven efficiency.
Further scrutiny revealed that most of Delve’s clients underwent audits conducted by two firms, Accorp and Gradient. DeepDelver alleges that these firms are closely linked, operating primarily out of India with minimal presence in the United States, and merely rubber-stamped reports generated by Delve. This arrangement purportedly inverted the standard compliance structure, with Delve producing auditor conclusions and final reports, rather than independent auditors verifying the company’s compliance status.
In response to these allegations, Delve published a blog post on March 21, 2026, refuting the claims made by DeepDelver. The company described the Substack post as misleading and containing a number of inaccurate claims. Delve emphasized its commitment to transparency and compliance, stating that it adheres to industry standards and works with reputable audit firms to ensure the integrity of its compliance processes.
The allegations against Delve have raised broader concerns about the reliability of automated compliance solutions and the potential risks associated with outsourcing critical regulatory functions. As businesses increasingly rely on technology to manage compliance, the need for rigorous oversight and verification becomes paramount to prevent similar issues from arising.
This situation also highlights the importance of due diligence when selecting compliance partners. Companies must thoroughly vet the credentials and practices of compliance service providers to ensure they are not inadvertently exposing themselves to legal liabilities due to inadequate or deceptive compliance processes.
As the industry watches closely, the outcome of this controversy may have significant implications for the future of automated compliance solutions and the standards to which they are held. It serves as a cautionary tale for both compliance service providers and their clients about the critical importance of transparency, accuracy, and integrity in regulatory compliance.
