But that's just the cherry on top. I don't think they're being thrown out because they violated a license. There are really serious fraud allegations. Allegedly they were rubber-stamping noncompliant customers, leaving them exposed to potential criminal liability under regulations like HIPPA.
https://deepdelver.substack.com/p/delve-fake-compliance-as-a...
I've only skimmed this so I do not endorse these allegations, but I think it's context missing from this discussion.
I’m sure if Delve has only engaged in fraudulent audits or had only resold another YC company’s product, they would have been allowed to stay, the problem is all of that combined pissed off enough other YC companies.
Of course they're responsible for their investments; they're just not liable. YC has a lot to answer for in the damage it's wreaked over the years.
What damage is that? (excluding the present case)
>Pre-written audit conclusions. The "Independent Service Auditor's Report" and all test conclusions were already filled in before clients had even submitted their company descriptions...
>Copy-paste templates. 493 out of 494 leaked SOC 2 reports (99.8%) had identical text, same grammatical errors, same nonsensical descriptions...
https://www.complexsystemspodcast.com/episodes/delve-into-co...
I'm seriously disgusted about this because this was one of the very few auditors that we held in pretty high esteem.
Pay-to-play is all too common, and I think that there is a baked in conflict of interest in the whole model.
My response however is a simple one: I used to steer (a lot of) business their way and I have stopped doing that.
And no, I won’t whistleblow either, as it would mostly be me that would face repercussions, and I am unafraid to say that I am a coward.
We choose the battles we fight, and I’d like to believe that ultimately, entropy will defeat them without me lifting a finger.
You can start very lightweight with doing spec driven development with the help of AI if you're at a size where you can't afford that. It's better than nothing.
But the important part is you, as a company, should inherently care.
If you rely on an auditor feedback loop to get compliant you've already lost.
It has the potential to be incredibly impactful, but often devolves into box ticking (like many compliance functions).
And it's really hard to find technical people to do the work, as it's generally perceived as a cost centre so tends not to get budget.
Like cool, it's a great idea and would potentially produce positive results if done well, but the roles pay half the engineering roles, and the interviews are stacked towards compliance frameworks.
There's very little ability to fix a large public company when HR is involved
So many controls are dubious, sometimes even actively harmful for some set-ups/situations.
And even moreso, it's also perfectly feasible to pass the gates with a burning pile of trash.
Compliance gets taken quite seriously in an industry where one of your principal regulatory bodies has the power to unilaterally absorb your business and defenestrate your entire leadership team in the middle of the night.
I've seen this up close. The regulatory bodies as a rule are understaffed, overworked and underpaid. I'm sure they'd love to do a much better job but the reality is that there are just too many ways to give them busywork allowing the real crap to go unnoticed until it is (much) too late.
I don't know who this person is or whether they are legit but it doesn't surprise me that someone would do this.
It's also still unclear to me how much fraud they actually were involved in, and how much of the fault falls on them. SOC2 Type II and ISO 27001 are not audited by them, but by actual accredited auditors (apparently mainly Accorp and Gradient), which must have been just as complicit/negligent. As customers of Delve are free to chose their auditors I'm wondering how this hasn't blown up earlier.
We have asked Delve to leave YC.
YC is a community, not just an accelerator. The founders in our community have to trust each other, and we have to trust them. When that trust breaks down, there's really only one thing to do.
We're not going to get into the details publicly. We wish them well.
I have no direct knowledge of the accuracy of any of this. This is not my account.
That’s an oversimplification of what your parent comment said, which was someone who has betrayed your trust.
> It would be interesting if you didn't
Why? What’s interesting about it? You don’t have to actively wish harm on people who harmed you, but there’s nothing strange about not wishing them well.
We throw around words like "interesting", which is a subtle way to say "not normal", which is a subtle way to say that that's not how we would behave and that we think that others shouldn't behave that way either. So I take back what I said about what is interesting to me, and I'll just say that I wish it was normal to wish well to others, regardless of their actions or repercussions you impose on them.
Kinda like "bless your heart", which means nothing of the sort.
Good riddance to bad rubbish.
https://delve.co/blog/delve-sets-the-record-straight-on-anon...
https://www.forbes.com/profile/delve/
30U30 never ceases to amaze.
Holmes, SBF, Shkreli, Charlie Javice, Ishan Wahi...
Hypercompetitive fields will always surface cheaters given enough time. Then regulations pile on to fight the cheating, which makes it harder for honest people to do the good work.
We do not punish cheaters like these as much as we should.
colour me surprised
people still seem to think that forbes scouts the world for the best talents instead of the lists being basically a paid ad
But Delve themselves can’t really do any of that. They’ve screwed up on a fundamental piece of their own business model. Their core offering *is* Compliance as a Service!
How could I trust their word that they’ll ensure my company is compliant? How could I trust their word that a company I’m doing business with is compliant? They can’t even handle their own Apache 2.0 licensed works, and that’s child’s play- relatively speaking. I’m supposed to trust that they can handle PCI and HIPPA and all the rest for other companies?
This is like having a dentist who doesn’t brush and floss their own teeth. Or a building inspector working out of a moldy office suite with exposed rebar. Or an editor with a personal website full of typos and grammatical errors. It’s a dealbreaker to anyone with common sense.
Unlike Zenefits, which had (allegedly?) committed fraud for part of their business in the interest of moving faster, and then Parker came back with Rippling…
These guys’ entire and actual business model was fraud.
If you can't trust your batch mates for something as crucial as compliance, the model doesn't work.
Shows the “compliance theatre” of what SOC2 has become
Every single technical auditor I've dealt with has been majorly incompetent and wanted to do things that would decrease security. And these were not some cheap bottom of the barrel companies but the big "industry leaders".
it's all just very strange and stupid, ironically from the the startup posing as auditors..
That looks like what happened here.
This has zero bearing on equity, which would be a different conversation. In this case, I think the YC SAFE is likely to remain as-is, unless the founders choose to return the money, or YC chooses to levy a heavier allegation of fraud (which they don't seem to have done here).
And please stop investing in slop/wrappers. They do not solve World's problems.
I feel there has been complacency set into investing in general where investors are chasing quick money (first crypto and now AI slop) over solving hard/grueling problems that take a long time to fix but have huge returns down the line.
And we have a lot of tough problems that still need solving. AI won't magically fix that, despite being a great tool.
Is there reason to believe that Delve has been removed from Y Combinator, the organization, or is this more an announcement that Delve has been removed from Y Combinator's website?
Their value prop had to be strong enough to get past YC, past the other founders in the batch, past due diligence. Given that, I'm no longer comfortable casting "fraud" as a clean binary.
To be clear — I do genuinely believe they are a fraudulent company that lied and deserved to be removed. But introspectively, I have to sit with the fact that the space between "working around dumb regulations" and "outright fraud" is murkier than we'd like to admit.
...is breaking the law
1. Customers want to do something, you help them do it, but it's illegal.
2. Customers want to do something, you tell them you did it, but you were lying and defrauding them.
3. Customers want to do something, you help them do it, and nobody has done it before, so whether it's legal or not is kind of up in the air.
E.G. Uber exploited a legal loophole that distinguished the kind of taxi service you hail on the street from the kind of taxi service you call on a phone.
The latter were much less regulated, and usually much more exclusive and pandering to a richer crowd. Nobody really knew which kind Uber should be classified as, it was the first kind in practice (same customer base as normal taxis) but the second in theory (ordered, not hailed).
Also, there was no “endgame.” They weren’t trying to change the law; they were exclusively breaking it for profit.
But I agree that Delve is a special case and should naturally be held to a higher standard here because their whole business is around being compliant with the law. When most other startups break the law, they do it to get an advantage over competition. Delve did it in a way that sacrificed their core value towards customers.
This is something Airbnb has facilitated for a very long time, no? And Uber, back when it started.
From a legal perspective I don’t see that it matters whether you’re trying to change the law or not. You’re either following it or breaking it.
In reality, it makes quite a difference if public opinion is on your side or not.
“We decided to commit fraud by providing fake compliance reports” reads very differently from “we let homeowners make money by renting a room”
Huh? In a legal sense I'm pretty sure they're the same thing.
How and why matters, though.
How and why you break a law matters (to a judge / jury). Whether you frame it as "ignoring" vs "breaking" in your legal defense, not so much.
Not illegal here, but I hope you not complain when caught and fined.
Including people doing it in front of police. Including the police themselves!
The law only existed for police to harass and fine blacks and Latinos. And indeed, that was how it was struck down.
It is critical to a just society that victims of unjust laws or uneven enforcement complain!
> I ignore the law every day when I jaywalk.
Means the exact same thing as “I intentionally break jaywalking laws every day”. They are equivalent sentences.
This is like a line from a Naked Gun movie. The only way that this sentence could be true linguistically is if the party doesn’t break the law that they’re ignoring (e.g. I could ignore the rule against perpetuities while drunk driving through a zoo)
Anderson Consulting er I mean "Accenture": "Hey, that's our job!"
PWC: "Yeah! Fuck off!"
KPMG: "Damn straight!"
Ernst & Young: "What they said."
Deloitte & Touche: "Ditto."
( https://en.wikipedia.org/wiki/Accounting_scandals#List_of_th... )
Like, it's a company that sells AI-slop powered regulatory compliance. How many laws do you think the "fake it ill you make it and you'll never make it" AI will break? But "regulatory compliance" is laws that startups hate, so breaking them is good.
Copyright and the copyleft licenses built upon it are the laws that support the software industry instead of just making sure innocent people aren't hurt by all this innovating and disrupting.
Notably YC hasn't wished them a farewell.
Why do all start-ups say this? I don't think there are many companies publicly saying "We're going to go 'scorched earth' on everybody."
Saying it in 2026 just makes it sound more insincere than usual.
> One interesting observation I’ve noticed is a lot of top founders did oddly strong at math from a young age.
https://x.com/kocalars/status/2027076198002553159
Nauseating.
who got these kids into compliance? cause it wasn't them
->
You mean like OpenAI, Anthropic and all these other 'unicorns'?
I'm happy we're all clear on how bad Delve is but in essence what they were doing is exactly the same as what these AI companies do.
I'd wager there's some prior art...