Delve (YC W24) Exposed for Generating 494 Fake SOC 2 Compliance Reports

Summary

A leaked spreadsheet revealed that Delve, a Y Combinator W24-backed GRC (governance, risk, and compliance) platform, generated 494 near-identical SOC 2 compliance reports with pre-written auditor conclusions. The reports were allegedly produced programmatically with minimal differentiation between clients, raising serious questions about the integrity of automated compliance tooling in the AI era. The exposé, published by competitor Systima, frames the incident through the lens of the EU AI Act