I'm getting the impression that a lot of people in this thread think this is because they violated an open-source license and saying things to the effect of, "they're just the ones who got caught". I also thought that was the scandal initially. (And when it comes to license violations, yes, there's absolutely more where that came from.)
But that's just the cherry on top. I don't think they're being thrown out because they violated a license. There are really serious fraud allegations. Allegedly they were rubber-stamping noncompliant customers, leaving them exposed to potential criminal liability under regulations like HIPPA.
I've only skimmed this so I do not endorse these allegations, but I think it's context missing from this discussion.
fontain 2 hours ago [-]
YC has no problem with morally questionable behavior, many YC startups do things that are just as shady. YC is, ultimately, not responsible for what these startups choose to do. Delve’s problem is that they betrayed so many other YC companies in the process. An important value of being in YC is access to a ready-made customer base. The licensing issue is nothing compared to their fake audits but it is an affront to the YC community, hence, kicked from the community.
I’m sure if Delve has only engaged in fraudulent audits or had only resold another YC company’s product, they would have been allowed to stay, the problem is all of that combined pissed off enough other YC companies.
throwaway27448 2 hours ago [-]
> YC is, ultimately, not responsible for what these startups choose to do.
Of course they're responsible for their investments; they're just not liable. YC has a lot to answer for in the damage it's wreaked over the years.
madaxe_again 8 minutes ago [-]
I think it’s partly that, but also that when you have something that is toxic, radioactive and on fire on your ship, you shove it overboard, and assess just how bad the damage was afterwards.
miki123211 9 minutes ago [-]
There's an excellent podcast and writeup on this from Patrick mcKenzie, which explains the story in more detail, including an interpretation of their statement and background on why this is a scandal in the first place.
I came across a top tier compliance auditor doing the same thing recently. I tried to talk to them about it and rather than approaching this from a constructive point of view they wanted to know the name of the company that got certified so they could decertify them and essentially asked me to break my NDA. That wasn't going to happen, I wanted to have a far more structural conversation about this and how they probably ended up missing some major items (such as: having non-technical auditors). They weren't interested. They were not at all interested in improving their processes, they were only interested in protecting their reputation.
I'm seriously disgusted about this because this was one of the very few auditors that we held in pretty high esteem.
Pay-to-play is all too common, and I think that there is a baked in conflict of interest in the whole model.
dmos62 57 minutes ago [-]
Have you considered whistleblowing?
jacquesm 41 minutes ago [-]
Yes. But I'm not working at either company and I'm 99.9% sure that it would lead to absolutely nothing other than a lot of misery for myself. The NDA's I sign have some pretty stiff penalties attached. I was actually hoping to see my trust in the auditing company confirmed and I'm still more than a little bit annoyed that they did not respond in a more constructive way.
My response however is a simple one: I used to steer (a lot of) business their way and I have stopped doing that.
madaxe_again 3 minutes ago [-]
Similar boat. Seen the same shenanigans being played with actors who really should know better - everything from military secrets to medical data, and absolutely YOLOing it with an audit mill. I have it on good authority that there are superuser credentials floating around for their production systems that they’ve lost track of.
And no, I won’t whistleblow either, as it would mostly be me that would face repercussions, and I am unafraid to say that I am a coward.
We choose the battles we fight, and I’d like to believe that ultimately, entropy will defeat them without me lifting a finger.
maxbond 20 minutes ago [-]
Wouldn't it require a huge leap of faith for them to admit the audit was improper in order to have that discussion? Who's to say you aren't recording?
jacquesm 16 minutes ago [-]
I've already established that it was improper. It's up to them to make the most of that knowledge and then to determine of this is a singleton or an example of a class that has more representation. In that sense it is free to them, I'm under absolutely no obligation to provide them with a service. But I'm willing to expend the time and effort required to get them to make the most of it. What I'm not going to do is to allow them to play the blame game or 'shoot the messenger'.
vasco 1 hours ago [-]
It's auditing, nobody that is good at doing anything goes to auditing, unfortunately its one of those jobs. I haven't interacted with any auditor that actually understood all they were auditing, some are better than others but the average is worse than almost any other job description I have dealt with.
arianvanp 55 minutes ago [-]
If you care about this stuff you need to in-house auditing and do your own audits with people who care. Then get certified by an external auditor for the paper.
You can start very lightweight with doing spec driven development with the help of AI if you're at a size where you can't afford that. It's better than nothing.
But the important part is you, as a company, should inherently care.
If you rely on an auditor feedback loop to get compliant you've already lost.
disgruntledphd2 49 minutes ago [-]
This function exists in every publicly traded public company, and is called internal audit.
It has the potential to be incredibly impactful, but often devolves into box ticking (like many compliance functions).
And it's really hard to find technical people to do the work, as it's generally perceived as a cost centre so tends not to get budget.
Koffiepoeder 30 minutes ago [-]
To be honest, I would even go further: if you think certification equals security, you are even more lost.
So many controls are dubious, sometimes even actively harmful for some set-ups/situations.
And even moreso, it's also perfectly feasible to pass the gates with a burning pile of trash.
jacquesm 23 minutes ago [-]
And they do not track the industry at all, at best they'll help you win the war of five years ago.
Koffiepoeder 8 minutes ago [-]
Imagine my face when I had to take periodic backups of stateless, immutable read-only filesystem, non-root containers for "compliance".
bob1029 60 minutes ago [-]
You should check out the banking industry sometime if you'd like to interact with a competent auditor.
Compliance gets taken quite seriously in an industry where one of your principal regulatory bodies has the power to unilaterally absorb your business and defenestrate your entire leadership team in the middle of the night.
jacquesm 39 minutes ago [-]
They could. But they don't.
I've seen this up close. The regulatory bodies as a rule are understaffed, overworked and underpaid. I'm sure they'd love to do a much better job but the reality is that there are just too many ways to give them busywork allowing the real crap to go unnoticed until it is (much) too late.
JasonHEIN 2 hours ago [-]
lol strongly agree it is just cherry on top. In big tech they also copy but just copy in a smart way so I don't believe that's the reason they got removed.
2 hours ago [-]
johnwheeler 2 hours ago [-]
Something about this deep Delver bothers me. Why go so crazy if you don't really have much of an interest in the outcome of Delve? I don't know if Delve did anything wrong or not, but this report reads like someone with a lot to gain in delve failing or losing trust. Why would any client be so altruistic to help other companies?
jweir 1 hours ago [-]
If you see a fraud and do nothing you are part of the fraud.
maxbond 59 minutes ago [-]
I've seen a bunch of people go on random crusades. Investigation is fun and righteous indignation is intoxicating. For certain personality types it's easy to get completely absorbed by a mystery/crime and not even realize how much time you're spending digging into it until the sun rises. Others may be intensely motivated by perceived injustice, dishonesty, or graft. Or they may feel personally cheated.
I don't know who this person is or whether they are legit but it doesn't surprise me that someone would do this.
trhway 1 hours ago [-]
it may be anybody. Even somebody at YC wanting to create a background to drop Delve if suppose Delve were shady and they discovered it (i really don't know anything here and am simply speculating, heard about Delve today first time, just googled and read some techcrunch article - it says Delve has 1000 clients - googled employee count - sub-50, and until it is "an Uber for auditors" i have hard time to believe that 50 Silicon Valley people can do even one compliance certification for one client, with AI or without)
bombcar 2 hours ago [-]
It looks like a form of covering their ass - they basically (explicitly?) say they've been violating the law and it's Delve's fault.
hobofan 1 hours ago [-]
Yes, the way this is being pushed online seems like there is a competitor involved. If not in the initial disclosure, then in the daily rehashing of it.
It's also still unclear to me how much fraud they actually were involved in, and how much of the fault falls on them. SOC2 Type II and ISO 27001 are not audited by them, but by actual accredited auditors (apparently mainly Accorp and Gradient), which must have been just as complicit/negligent. As customers of Delve are free to chose their auditors I'm wondering how this hasn't blown up earlier.
maxbond 46 minutes ago [-]
If there were not a manipulative competitor, if people just found fraud and abuse of open source compelling and the story was circulating organically, how would that look different? What do you observe that leads you to believe a manipulative competitor is a better hypothesis?
everfrustrated 3 hours ago [-]
Someone leaked an internal Bookface chat from Garry Tan (YC CEO) saying:
We have asked Delve to leave YC.
YC is a community, not just an accelerator. The founders in our community have to trust each other, and we have to trust them. When that trust breaks down, there's really only one thing to do.
We're not going to get into the details publicly. We wish them well.
I have no direct knowledge of the accuracy of any of this. This is not my account.
BugsJustFindMe 2 hours ago [-]
"They've betrayed my trust but I wish them well" is an interesting statement.
dmos62 55 minutes ago [-]
Don't you wish well on people you don't want to associate with? It would be interesting if you didn't, imo.
latexr 9 minutes ago [-]
> people you don't want to associate with
That’s an oversimplification of what your parent comment said, which was someone who has betrayed your trust.
> It would be interesting if you didn't
Why? What’s interesting about it? You don’t have to actively wish harm on people who harmed you, but there’s nothing strange about not wishing them well.
dtf 19 minutes ago [-]
It's giving Gwyneth Paltrow at the conclusion of her ski crash trial.
altmanaltman 54 minutes ago [-]
"they can fuck off from where they came" would be a bit too intense even for Gary
margalabargala 2 hours ago [-]
"I wish them well" is an idiom for "I never want to see them again".
Kinda like "bless your heart", which means nothing of the sort.
huhkerrf 1 hours ago [-]
Why do non-Southerners keep insisting on this? Bless your heart can be said sincerely or ironically, like pretty much any other phrase.
maxbond 36 minutes ago [-]
The ironic usage makes for compelling dialogue and comports with stereotypes about Southerners as formal/restrained. So that's what ends up on television. At least that is how I think I came about having that impression.
DANmode 2 hours ago [-]
but should it be?
edm0nd 56 minutes ago [-]
Garry Tan is an absolute loser but this is a huge W from him.
minimaxir 2 hours ago [-]
The text implies it’s more due to the alleged license violation of a YC startup’s IP than the alleged fraud.
kstrauser 2 hours ago [-]
Really? I know nothing about this other than what I've read here, but my first guess was the breakdown in trust means the allegations of fake audits.
minimaxir 2 hours ago [-]
I was half-joking, but if YC has a legal issue resulting from the alleged fraud (unclear currently), kicking out the company for the lesser infraction would make more sense.
wahnfrieden 2 hours ago [-]
It is very clearly the fake audits.
neya 2 hours ago [-]
Hi, sorry, just new to this entire story, could you please share light on the fake audits? Trying to understand what exactly happened.
Sure, most companies could add an About section and probably put this behind them pretty quickly. They could have even hired someone like Delve to assure this kind of thing wouldn’t happen again.
But Delve themselves can’t really do any of that. They’ve screwed up on a fundamental piece of their own business model. Their core offering *is* Compliance as a Service!
How could I trust their word that they’ll ensure my company is compliant? How could I trust their word that a company I’m doing business with is compliant? They can’t even handle their own Apache 2.0 licensed works, and that’s child’s play- relatively speaking. I’m supposed to trust that they can handle PCI and HIPPA and all the rest for other companies?
This is like having a dentist who doesn’t brush and floss their own teeth. Or a building inspector working out of a moldy office suite with exposed rebar. Or an editor with a personal website full of typos and grammatical errors. It’s a dealbreaker to anyone with common sense.
borski 4 hours ago [-]
You’re right, you can’t.
Unlike Zenefits, which had (allegedly?) committed fraud for part of their business in the interest of moving faster, and then Parker came back with Rippling…
These guys’ entire and actual business model was fraud.
I wonder if the kind of personality that gets you on 30U30 correlates with being willing to engage in massive fraud, and being able to get away with it for a minute.
Holmes, SBF, Shkreli, Charlie Javice, Ishan Wahi...
gmd63 3 hours ago [-]
When ambitious competitors who can't accept loss or normalcy enter into a field that's saturated with skilled rule-abiding players, they'll cheat.
Hypercompetitive fields will always surface cheaters given enough time. Then regulations pile on to fight the cheating, which makes it harder for honest people to do the good work.
We do not punish cheaters like these as much as we should.
kstrauser 2 hours ago [-]
You know, after all this time Lucas Duplan doesn't seem so bad. His hubristic sin was posing for a photo burning fake hundred dollar bills. That just seems like a random Tuesday now.
minimaxir 2 hours ago [-]
Naming his startup “Clinkle” should have been a crime, though.
kstrauser 2 hours ago [-]
That was epicly horrid.
malthaus 2 hours ago [-]
"that gets you on", ie. the kind of personality that literally pays & hustles to be featured on such a list to fuel their own ego?
colour me surprised
people still seem to think that forbes scouts the world for the best talents instead of the lists being basically a paid ad
rapind 3 hours ago [-]
Not sure it's exclusively a U30 thing. When it comes to grift and fraud, a well known 79 year old comes to mind.
pdpi 3 hours ago [-]
I'd focus less on the U30 part, and more on the 30U, if that makes sense — the problem is with people who seek that sort of attention (and that 79 year old certainly qualifies as wanting that sort of attention). For those people, their businesses are a means to an end in the most cynical way possible.
GaryBluto 21 minutes ago [-]
30U30D30
xyst 2 hours ago [-]
[flagged]
nfw2 3 hours ago [-]
It's not just about delve. It's about yc's model. YC encourages YC companies to trust other YC companies even though they are early.
If you can't trust your batch mates for something as crucial as compliance, the model doesn't work.
redanddead 7 minutes ago [-]
this is a teachable moment for yc, maybe the cost of investing in a sour apple is a lot more than half a mil, maybe there's a brand or reputational cost, even in places you least expect it right, these two seemingly had everything laid out for them by investors, did they even come up with compliance? who told them to work on that? now look what happened, it's like everyone cant get far enough fast enough now. What about their lead investor insight partners? what's that conversation like?
it's all just very strange and stupid, ironically from the the startup posing as auditors..
jmcgough 2 hours ago [-]
They've graduated 5,000+ companies, so some fraud is hard to avoid, especially with young hungry founders willing to do anything to succeed. Honestly, it's a pretty good track record that there's only been a handful of companies like this.
worik 2 hours ago [-]
It can work under the umbrella of some sort of coordinator
Great to see them take action.
I'm waiting for cambioml next. A married couple notorious for fraud that apparently relocated to ME as a result. That's outside of the terrible treatment of ripping off interviewees (see: https://www.reddit.com/r/devops/comments/1n7cdua/got_a_devop...). Won't even comment on other stories I've heard related to them screwing over employees/cofounders.
jazzpush2 47 minutes ago [-]
That reddit thread is brutal, knowingly making interviewees pay hundreds of dollars to interview in this economy is messed up.
Curious - in this situation, does delve return money to YC? Or YC simply writes off the investment
argee 3 hours ago [-]
Neither. "Leaving YC" or "being removed from Y combinator" really just means you (more precisely, your YC/HN account) loses access to internal resources like bookface. This does have the knock on effect of essentially isolating you from the community. It's not entirely a punishment, it can be as simple as you are a person who isn't working on a YC company anymore, for example.
This has zero bearing on equity, which would be a different conversation. In this case, I think the YC SAFE is likely to remain as-is, unless the founders choose to return the money, or YC chooses to levy a heavier allegation of fraud (which they don't seem to have done here).
rekttrader 3 hours ago [-]
Ya it’s a total write down, I dunno how much they took from YC, if it was the standard deal this is just the cost of doing business.
DANmode 2 hours ago [-]
Based on?
jaredsohn 4 hours ago [-]
Interestingly, they show up in the company list. When you click the link it returns 404.
an example of why to avoid archive links in submissions (save 'em for comments), because the source link here will win.
big-chungus4 1 hours ago [-]
An I the only one who has 404 not found when I click the link
_morgs_ 1 hours ago [-]
That's the point...
edm0nd 55 minutes ago [-]
which means it was removed...which is the entire point of the post bruv
1 hours ago [-]
apt-apt-apt-apt 2 hours ago [-]
Not surprising that Cluely is using them.. they were probably like, what we're compliant, sure if you say so
sandeepkd 4 hours ago [-]
Its quite ironical and interesting at the same time, seems like there is a threshold size/impact beyond which everyone would come and save you, anything less and you will have to bear the consequences.
bilalq 4 hours ago [-]
While I do think Delve and the leadership there should be held responsible, it's a bit weird to see YC and others take shots at them for breaking the law when so many of their prized unicorns achieved what they did by being willing to just ignore laws and deal with the consequences later.
olalonde 3 hours ago [-]
Working around arguably dumb regulations and making your customers happy in the process is not the same as defrauding your customers.
arionhardison 2 hours ago [-]
While I agree with you, I also find myself wondering who draws the line. Given the current political atmosphere and its increasingly fluid relationship with "truth," I have to consider that the line for others may not be where it is for me — especially given the nuance buried in the details of many B2B deals.
Their value prop had to be strong enough to get past YC, past the other founders in the batch, past due diligence. Given that, I'm no longer comfortable casting "fraud" as a clean binary.
To be clear — I do genuinely believe they are a fraudulent company that lied and deserved to be removed. But introspectively, I have to sit with the fact that the space between "working around dumb regulations" and "outright fraud" is murkier than we'd like to admit.
pm90 57 minutes ago [-]
The vast majority of crimes are still being prosecuted as such. You have to reach a certain size/notoriety and money to buy a POTUS pardon; I doubt that matters for a relatively unknown outfit like Delve.
worik 2 hours ago [-]
> Working around arguably dumb regulations...
...is breaking the law
kaashif 50 minutes ago [-]
Yes, but there is a difference between:
1. Customers want to do something, you help them do it, but it's illegal.
2. Customers want to do something, you tell them you did it, but you were lying and defrauding them.
borski 4 hours ago [-]
Ignoring a law is different from knowingly and intentionally breaking the law, especially when that law is actual intentional fraud.
Also, there was no “endgame.” They weren’t trying to change the law; they were exclusively breaking it for profit.
bilalq 4 hours ago [-]
Let me more clearly instead say that many successful startups knowingly and intentionally broke the law.
But I agree that Delve is a special case and should naturally be held to a higher standard here because their whole business is around being compliant with the law. When most other startups break the law, they do it to get an advantage over competition. Delve did it in a way that sacrificed their core value towards customers.
redanddead 55 minutes ago [-]
that's defrauding the customer
this will literally get them in court
borski 4 hours ago [-]
Yeah, precisely.
afavour 4 hours ago [-]
> Ignoring a law is different from knowingly and intentionally breaking the law
This is something Airbnb has facilitated for a very long time, no? And Uber, back when it started.
From a legal perspective I don’t see that it matters whether you’re trying to change the law or not. You’re either following it or breaking it.
borski 3 hours ago [-]
Sure. Technically and legally, you’re right.
In reality, it makes quite a difference if public opinion is on your side or not.
“We decided to commit fraud by providing fake compliance reports” reads very differently from “we let homeowners make money by renting a room”
bpodgursky 3 hours ago [-]
The difference is that Airbnb customers used Airbnb because they thought hotel regulations were dumb and overbearing (or at least, they didn't care about the laws). Delve customers were literally trying to obey the law and Delve (allegedly) lied to them about it.
TurdF3rguson 4 hours ago [-]
> Ignoring a law is different from knowingly and intentionally breaking the law
Huh? In a legal sense I'm pretty sure they're the same thing.
borski 4 hours ago [-]
I ignore the law every day when I jaywalk. Technically, you’re right that that is also breaking the law. I wasn’t being careful with my words.
How and why matters, though.
TurdF3rguson 3 hours ago [-]
> How and why matters, though.
How and why you break a law matters (to a judge / jury). Whether you frame it as "ignoring" vs "breaking" in your legal defense, not so much.
borski 3 hours ago [-]
I agree; I attempted to clarify that with my “not using words carefully” but that is a fair criticism of what I wrote.
worik 2 hours ago [-]
> I ignore the law every day when I jaywalk
Not illegal here, but I hope you not complain when caught and fined.
kaashif 43 minutes ago [-]
Jaywalking was illegal in NYC until 2025 but literally every crossing had people doing it constantly. This is not figurative, it actually is literal.
Including people doing it in front of police. Including the police themselves!
The law only existed for police to harass and fine blacks and Latinos. And indeed, that was how it was struck down.
It is critical to a just society that victims of unjust laws or uneven enforcement complain!
jrflowers 3 hours ago [-]
That’s not how words work. This sentence
> I ignore the law every day when I jaywalk.
Means the exact same thing as “I intentionally break jaywalking laws every day”. They are equivalent sentences.
borski 3 hours ago [-]
I agreed with you; that is why I said I wasn’t being careful with my language.
tjwebbnorfolk 3 hours ago [-]
There is a difference between "fake it till you make it" and "blatant widespread fraud", but the line is blurrier than many startups would like to admit.
jrflowers 3 hours ago [-]
> Ignoring a law is different from knowingly and intentionally breaking the law
This is like a line from a Naked Gun movie. The only way that this sentence could be true linguistically is if the party doesn’t break the law that they’re ignoring (e.g. I could ignore the rule against perpetuities while drunk driving through a zoo)
HaloZero 2 hours ago [-]
I think it's fairly straight forward why. It's because Delve broke the law and got other YC companies in trouble vs other industries & people not under the YC banner.
gmerc 4 hours ago [-]
The deal is to have plausible deniability and not get caught
sky2224 4 hours ago [-]
Can you provide examples of YC startups that knowingly broke laws and just dealt with those issues later? I'm not very aware.
bix6 4 hours ago [-]
Airbnb, DoorDash
antonvs 3 hours ago [-]
Uber
2 hours ago [-]
el_io 2 hours ago [-]
Uber is not YC backed.
colechristensen 4 hours ago [-]
There's a sliding scale between fake it `till you make it and fraud.
tikhonj 4 hours ago [-]
Yeah, fraud is what happens when you don't make it.
KennyBlanken 3 hours ago [-]
> At its core, this article argues that Delve fakes compliance while creating the appearance of compliance without the underlying substance.
Anderson Consulting er I mean "Accenture": "Hey, that's our job!"
fake it until you make it? at some point this attitudes of Silicon Valley start up will back fire.
Pxtl 3 hours ago [-]
They broke laws that programmers care about.
Like, it's a company that sells AI-slop powered regulatory compliance. How many laws do you think the "fake it ill you make it and you'll never make it" AI will break? But "regulatory compliance" is laws that startups hate, so breaking them is good.
Copyright and the copyleft licenses built upon it are the laws that support the software industry instead of just making sure innocent people aren't hurt by all this innovating and disrupting.
Bratmon 2 hours ago [-]
Fairly inevitable. Like all YC companies, they were total frauds, but they made the cardinal mistake of defrauding other YC companies instead of the general public. Bad move.
jmcgough 2 hours ago [-]
Turns out you can't "fake it til you make it" with SOC2 compliance.
nnurmanov 2 hours ago [-]
[dead]
jrflowers 2 hours ago [-]
On the one hand the company that was selling companies pre-made “You’re hipaa compliant” pdfs was doing fraud, but on the other hand the companies that were buying “We’re hipaa compliant” pdfs that said they had implemented compliance measures that they definitely hadn’t were also doing fr
kshri24 45 minutes ago [-]
YC needs to go back to how it was. Choosing those who know what they are doing, and have been in the game for long and not blindly choose those who have graduated from tier-1 institutions. University degrees mean nothing at the end of the day.
And please stop investing in slop/wrappers. They do not solve World's problems.
I feel there has been complacency set into investing in general where investors are chasing quick money (first crypto and now AI slop) over solving hard/grueling problems that take a long time to fix but have huge returns down the line.
And we have a lot of tough problems that still need solving. AI won't magically fix that, despite being a great tool.
redanddead 43 minutes ago [-]
waiting on the cluely scandal next
jazzpush2 46 minutes ago [-]
Pretty disgusting behavior from the founders just posting as normal on linkedin/twitter as if this is run-of-the-mill. Fraudsters need to be nipped in the bud, lest we get trump-like scenarios.
So they decide to drop this from their COO while their CEO has been doing all the talking on a friday night? Looks like YC told them they had to announce this and this was their least-viewable option.
philip1209 4 hours ago [-]
At least they put a ladder up that tree
mememememememo 3 hours ago [-]
404s for me
bcraven 3 hours ago [-]
I think that's the point - they have been removed.
OptionOfT 3 hours ago [-]
That's the point.
mememememememo 3 hours ago [-]
Sorry! I thought it would be announcement. And it was subsequently taken down due to the HN interest.
SanjayMehta 2 hours ago [-]
Orwellian memory hole engaged.
phplovesong 3 hours ago [-]
Classic. I knew this would happen ever sine i first saw Delve on YC. I was right to trust my gut, and never used their product.
redanddead 49 minutes ago [-]
it felt very forced from the start, there was no iteration, narrative or pivots
who got these kids into compliance? cause it wasn't them
jacquesm 4 hours ago [-]
"By combining the evidence I collected together with what the sim.ai team provided, I will show that Delve has stolen an open-source company’s tech by violating their license and then making a lot of money with it."
->
You mean like OpenAI, Anthropic and all these other 'unicorns'?
I'm happy we're all clear on how bad Delve is but in essence what they were doing is exactly the same as what these AI companies do.
Tyrubias 4 hours ago [-]
While I despise the sham commercial LLMs have made out of intellectual property, I think Delve is one step worse than that. The technology behind LLMs is innovative, even if the data used to train them have ethically and legally dubious origins. Delve doesn’t even have the ability to claim anything they’ve done as original, unless you count fraud as a service.
jacquesm 4 hours ago [-]
The only thing that makes delve worse in my book is that they're selling compliance, they have zero excuses. But the likes of OpenAI and Anthropic even if they don't sell compliance do whitewash bulk copyright violations and they have valuations far in excess of Delve. Too big to fail I guess.
chromacity 4 hours ago [-]
> Delve doesn’t even have the ability to claim anything they’ve done as original, unless you count fraud as a service.
I'd wager there's some prior art...
throwaway81523 4 hours ago [-]
Fraud as a service! The next big thing!!!
cjbgkagh 3 hours ago [-]
Presidential pardon insurance, like audit insurance but for breaking laws instead of filing taxes.
blast 3 hours ago [-]
friday news dump tho
rvz 4 hours ago [-]
There is no saving Delve after this.
The only next product launch is an investigation.
anovikov 58 minutes ago [-]
Interesting! I worked for one YC startup that committed blatant fraud, with the founders vanishing when investors started chasing them to bring them to responsibility. And they haven't been removed. Just marked as "inactive".
baggy_trough 4 hours ago [-]
can't believe I almost spent 10 grand on this company a week before they blew up.
everfrustrated 3 hours ago [-]
The two founders being early 20's with no background in compliance wasn't a red-flag?
mememememememo 3 hours ago [-]
Plus the 30u30 is now a signal.
dfordp11 7 minutes ago [-]
[dead]
getverdict 2 hours ago [-]
[dead]
6 hours ago [-]
Rendered at 07:49:07 GMT+0000 (Coordinated Universal Time) with Vercel.
But that's just the cherry on top. I don't think they're being thrown out because they violated a license. There are really serious fraud allegations. Allegedly they were rubber-stamping noncompliant customers, leaving them exposed to potential criminal liability under regulations like HIPPA.
https://deepdelver.substack.com/p/delve-fake-compliance-as-a...
I've only skimmed this so I do not endorse these allegations, but I think it's context missing from this discussion.
I’m sure if Delve has only engaged in fraudulent audits or had only resold another YC company’s product, they would have been allowed to stay, the problem is all of that combined pissed off enough other YC companies.
Of course they're responsible for their investments; they're just not liable. YC has a lot to answer for in the damage it's wreaked over the years.
https://www.complexsystemspodcast.com/episodes/delve-into-co...
I'm seriously disgusted about this because this was one of the very few auditors that we held in pretty high esteem.
Pay-to-play is all too common, and I think that there is a baked in conflict of interest in the whole model.
My response however is a simple one: I used to steer (a lot of) business their way and I have stopped doing that.
And no, I won’t whistleblow either, as it would mostly be me that would face repercussions, and I am unafraid to say that I am a coward.
We choose the battles we fight, and I’d like to believe that ultimately, entropy will defeat them without me lifting a finger.
You can start very lightweight with doing spec driven development with the help of AI if you're at a size where you can't afford that. It's better than nothing.
But the important part is you, as a company, should inherently care.
If you rely on an auditor feedback loop to get compliant you've already lost.
It has the potential to be incredibly impactful, but often devolves into box ticking (like many compliance functions).
And it's really hard to find technical people to do the work, as it's generally perceived as a cost centre so tends not to get budget.
So many controls are dubious, sometimes even actively harmful for some set-ups/situations.
And even moreso, it's also perfectly feasible to pass the gates with a burning pile of trash.
Compliance gets taken quite seriously in an industry where one of your principal regulatory bodies has the power to unilaterally absorb your business and defenestrate your entire leadership team in the middle of the night.
I've seen this up close. The regulatory bodies as a rule are understaffed, overworked and underpaid. I'm sure they'd love to do a much better job but the reality is that there are just too many ways to give them busywork allowing the real crap to go unnoticed until it is (much) too late.
I don't know who this person is or whether they are legit but it doesn't surprise me that someone would do this.
It's also still unclear to me how much fraud they actually were involved in, and how much of the fault falls on them. SOC2 Type II and ISO 27001 are not audited by them, but by actual accredited auditors (apparently mainly Accorp and Gradient), which must have been just as complicit/negligent. As customers of Delve are free to chose their auditors I'm wondering how this hasn't blown up earlier.
I have no direct knowledge of the accuracy of any of this. This is not my account.
That’s an oversimplification of what your parent comment said, which was someone who has betrayed your trust.
> It would be interesting if you didn't
Why? What’s interesting about it? You don’t have to actively wish harm on people who harmed you, but there’s nothing strange about not wishing them well.
Kinda like "bless your heart", which means nothing of the sort.
But Delve themselves can’t really do any of that. They’ve screwed up on a fundamental piece of their own business model. Their core offering *is* Compliance as a Service!
How could I trust their word that they’ll ensure my company is compliant? How could I trust their word that a company I’m doing business with is compliant? They can’t even handle their own Apache 2.0 licensed works, and that’s child’s play- relatively speaking. I’m supposed to trust that they can handle PCI and HIPPA and all the rest for other companies?
This is like having a dentist who doesn’t brush and floss their own teeth. Or a building inspector working out of a moldy office suite with exposed rebar. Or an editor with a personal website full of typos and grammatical errors. It’s a dealbreaker to anyone with common sense.
Unlike Zenefits, which had (allegedly?) committed fraud for part of their business in the interest of moving faster, and then Parker came back with Rippling…
These guys’ entire and actual business model was fraud.
https://www.forbes.com/profile/delve/
30U30 never ceases to amaze.
Holmes, SBF, Shkreli, Charlie Javice, Ishan Wahi...
Hypercompetitive fields will always surface cheaters given enough time. Then regulations pile on to fight the cheating, which makes it harder for honest people to do the good work.
We do not punish cheaters like these as much as we should.
colour me surprised
people still seem to think that forbes scouts the world for the best talents instead of the lists being basically a paid ad
If you can't trust your batch mates for something as crucial as compliance, the model doesn't work.
it's all just very strange and stupid, ironically from the the startup posing as auditors..
That looks like what happened here.
This has zero bearing on equity, which would be a different conversation. In this case, I think the YC SAFE is likely to remain as-is, unless the founders choose to return the money, or YC chooses to levy a heavier allegation of fraud (which they don't seem to have done here).
https://www.ycombinator.com/companies/?query=delve
Their value prop had to be strong enough to get past YC, past the other founders in the batch, past due diligence. Given that, I'm no longer comfortable casting "fraud" as a clean binary.
To be clear — I do genuinely believe they are a fraudulent company that lied and deserved to be removed. But introspectively, I have to sit with the fact that the space between "working around dumb regulations" and "outright fraud" is murkier than we'd like to admit.
...is breaking the law
1. Customers want to do something, you help them do it, but it's illegal.
2. Customers want to do something, you tell them you did it, but you were lying and defrauding them.
Also, there was no “endgame.” They weren’t trying to change the law; they were exclusively breaking it for profit.
But I agree that Delve is a special case and should naturally be held to a higher standard here because their whole business is around being compliant with the law. When most other startups break the law, they do it to get an advantage over competition. Delve did it in a way that sacrificed their core value towards customers.
this will literally get them in court
This is something Airbnb has facilitated for a very long time, no? And Uber, back when it started.
From a legal perspective I don’t see that it matters whether you’re trying to change the law or not. You’re either following it or breaking it.
In reality, it makes quite a difference if public opinion is on your side or not.
“We decided to commit fraud by providing fake compliance reports” reads very differently from “we let homeowners make money by renting a room”
Huh? In a legal sense I'm pretty sure they're the same thing.
How and why matters, though.
How and why you break a law matters (to a judge / jury). Whether you frame it as "ignoring" vs "breaking" in your legal defense, not so much.
Not illegal here, but I hope you not complain when caught and fined.
Including people doing it in front of police. Including the police themselves!
The law only existed for police to harass and fine blacks and Latinos. And indeed, that was how it was struck down.
It is critical to a just society that victims of unjust laws or uneven enforcement complain!
> I ignore the law every day when I jaywalk.
Means the exact same thing as “I intentionally break jaywalking laws every day”. They are equivalent sentences.
This is like a line from a Naked Gun movie. The only way that this sentence could be true linguistically is if the party doesn’t break the law that they’re ignoring (e.g. I could ignore the rule against perpetuities while drunk driving through a zoo)
Anderson Consulting er I mean "Accenture": "Hey, that's our job!"
PWC: "Yeah! Fuck off!"
KPMG: "Damn straight!"
Ernst & Young: "What they said."
Deloitte & Touche: "Ditto."
( https://en.wikipedia.org/wiki/Accounting_scandals#List_of_th... )
Like, it's a company that sells AI-slop powered regulatory compliance. How many laws do you think the "fake it ill you make it and you'll never make it" AI will break? But "regulatory compliance" is laws that startups hate, so breaking them is good.
Copyright and the copyleft licenses built upon it are the laws that support the software industry instead of just making sure innocent people aren't hurt by all this innovating and disrupting.
And please stop investing in slop/wrappers. They do not solve World's problems.
I feel there has been complacency set into investing in general where investors are chasing quick money (first crypto and now AI slop) over solving hard/grueling problems that take a long time to fix but have huge returns down the line.
And we have a lot of tough problems that still need solving. AI won't magically fix that, despite being a great tool.
Notably YC hasn't wished them a farewell.
Why do all start-ups say this? I don't think there are many companies publicly saying "We're going to go 'scorched earth' on everybody."
Saying it in 2026 just makes it sound more insincere than usual.
> One interesting observation I’ve noticed is a lot of top founders did oddly strong at math from a young age.
https://x.com/kocalars/status/2027076198002553159
Nauseating.
who got these kids into compliance? cause it wasn't them
->
You mean like OpenAI, Anthropic and all these other 'unicorns'?
I'm happy we're all clear on how bad Delve is but in essence what they were doing is exactly the same as what these AI companies do.
I'd wager there's some prior art...
The only next product launch is an investigation.