By Titik Puspa 
The controversy, which erupted last week, has already had repercussions for Delve’s high-profile investors. Insight Partners, a prominent venture capital firm that led Delve’s $32 million Series A funding round last year, has reportedly scrubbed an article from its website that celebrated its investment in the AI-native compliance startup. The original article, penned by Insight Partners managing directors Teddie Wardi and Praveen Akkiraju, among others, was titled "Scaling AI-native compliance: How Delve is saving companies time and money on compliance busywork." While the article has been removed from Insight Partners’ live site, it remains accessible via the Wayback Machine, an internet archive that preserves historical snapshots of web pages, allowing for a record of the firm’s initial endorsement.
Delve, founded in 2023 by MIT dropouts Karun Kaushik and Selin Kocalar, quickly garnered significant attention and a substantial valuation of $300 million. The company positioned itself as a revolutionary force in the compliance landscape, leveraging artificial intelligence to automate the arduous and time-consuming process of obtaining critical security and regulatory certifications. These certifications, including SOC 2 (System and Organization Controls 2), HIPAA (Health Insurance Portability and Accountability Act), and GDPR (General Data Protection Regulation), are fundamental for businesses operating in regulated industries, ensuring robust data security, patient privacy, and adherence to stringent European data protection laws, respectively.
Delve’s website prominently listed prestigious clients such as Microsoft, Chase, PayPal, American Express, and the AI search company Perplexity, claiming to have saved these organizations "hundreds of hours" of compliance-related tasks. However, with the current allegations casting a shadow over the company’s operations, the extent to which these major corporations remain active users of Delve’s platform is now uncertain.
The core of "DeepDelver’s" accusation centers on Delve’s alleged practice of fabricating crucial compliance documentation. The whistleblower, who claims to be a former client, asserts that Delve manufactured evidence of essential elements of the compliance process, such as board meetings, rigorous testing, and operational procedures that, in reality, never occurred. According to the Substack post, clients were then presented with a stark choice: either accept this "fake evidence" and present it as their own compliance record, or undertake the largely manual and inefficient work themselves, with minimal actual automation or AI assistance from Delve.
Further compounding the accusations, "DeepDelver" alleged that Delve’s platform was designed to "rubber-stamp" its own reports rather than facilitate a genuine, independent auditing process. This implies a lack of objective scrutiny and a potential for self-serving validation, undermining the very purpose of compliance certifications, which rely on impartial third-party verification.
In response to these grave allegations, Delve has issued a defense, asserting that it does not issue compliance reports directly. Instead, the company characterizes itself as an "automation platform" designed to ingest and organize compliance-related information. Delve claims that its role is to provide auditors with streamlined access to this data, thereby facilitating their work. The startup further elaborated that clients have the flexibility to choose their own auditors or engage with one from Delve’s network of "independent, accredited third-party audit firms." Delve emphasized that these audit firms are "established entities utilized broadly across the industry, including by other compliance platforms," suggesting a level of industry legitimacy.
Addressing the specific charge of providing "fake evidence," Delve countered by stating that its offerings are merely "templates to help teams document their processes in accordance with compliance requirements, as do other compliance platforms." This defense positions Delve’s output as a tool for documentation rather than a definitive certification, aiming to differentiate its services from the direct issuance of compliance approvals.
However, despite Delve’s denials and explanations, the company’s actions—specifically the disabling of its "book a demo" feature and the removal of Insight Partners’ supportive article—strongly suggest a company in damage control mode. These actions are often indicative of a business attempting to mitigate negative publicity and reassure stakeholders, particularly investors, in the face of significant reputational challenges. The apparent distancing by a major investor like Insight Partners could signal growing concerns among the venture capital community regarding the veracity of Delve’s claims and the sustainability of its business model.
The broader implications of these allegations extend beyond Delve and its investors, touching upon the integrity of the compliance industry itself. The reliance on AI and automation in critical areas like regulatory compliance is a rapidly growing trend, promising efficiency and cost savings. However, as Delve’s situation illustrates, the effectiveness and trustworthiness of these technologies are paramount. If startups in this space are found to be cutting corners or fabricating data, it could erode confidence in AI-driven compliance solutions and potentially lead to increased regulatory scrutiny for the entire sector.
The events surrounding Delve also highlight the crucial role of independent auditing and due diligence in the venture capital ecosystem. While rapid growth and disruptive innovation are celebrated, the pressure to invest in promising startups can sometimes overshadow the need for thorough vetting. The Substack post by "DeepDelver" serves as a stark reminder of the importance of detailed investigations and the potential for whistleblowers to uncover significant issues within companies.
The future of Delve remains uncertain. The company’s ability to navigate this crisis will depend on its transparency, its willingness to address the allegations directly and comprehensively, and the outcome of any potential investigations by regulatory bodies or its clients. The disabling of the demo feature suggests a pause in its outward-facing sales efforts, likely a strategic move to consolidate its response and assess the damage.
Meanwhile, the venture capital and startup world will be watching closely. This situation could lead to a re-evaluation of how AI-driven compliance startups are assessed and validated, potentially leading to more stringent requirements for transparency and independent verification. The allure of disrupting traditional industries with cutting-edge technology must be balanced with an unwavering commitment to ethical practices and factual accuracy, especially when dealing with sensitive areas like data security and regulatory compliance. The TechCrunch event scheduled for October 13-15, 2026, in San Francisco, may well become a forum where these evolving dynamics in the compliance and AI sectors are debated and analyzed.
Marina Temkin, a venture capital and startups reporter at TechCrunch, has covered the industry extensively, previously writing for PitchBook and Venture Capital Journal. Her background as a financial analyst and CFA charterholder provides a strong foundation for dissecting the financial and strategic implications of such startup controversies. She can be reached at [email protected] or via encrypted message at +1 347-683-3909 on Signal. Her insights are invaluable in understanding the broader market context and investor sentiment surrounding companies like Delve.