alt.hn

4/4/2026 at 1:37:02 AM

Delve removed from Y Combinator

 https://www.ycombinator.com/companies/delve

by carabiner

4/4/2026 at 4:08:39 AM

I'm getting the impression that a lot of people in this thread think this is because they violated an open-source license and saying things to the effect of, "they're just the ones who got caught". I also thought that was the scandal initially. (And when it comes to license violations, yes, there's absolutely more where that came from.)

But that's just the cherry on top. I don't think they're being thrown out because they violated a license. There are really serious fraud allegations. Allegedly they were rubber-stamping noncompliant customers, leaving them exposed to potential criminal liability under regulations like HIPPA.

https://deepdelver.substack.com/p/delve-fake-compliance-as-a...

I've only skimmed this so I do not endorse these allegations, but I think it's context missing from this discussion.

by maxbond

4/4/2026 at 8:26:58 AM

There's quite a good summary of the allegations here https://www.reddit.com/r/startups/comments/1rz15ui/i_will_no...

>Pre-written audit conclusions. The "Independent Service Auditor's Report" and all test conclusions were already filled in before clients had even submitted their company descriptions...

>Copy-paste templates. 493 out of 494 leaked SOC 2 reports (99.8%) had identical text, same grammatical errors, same nonsensical descriptions...

by tim333

4/4/2026 at 7:40:23 AM

There's an excellent podcast and writeup on this from Patrick mcKenzie, which explains the story in more detail, including an interpretation of their statement and background on why this is a scandal in the first place.

https://www.complexsystemspodcast.com/episodes/delve-into-co...

by miki123211

4/5/2026 at 9:02:01 PM

Thanks for this -- I remember when this broke I thought "I'll wait for Patrick McKenzie's take" and then promptly forgot to keep checking for it.

by wlonkly

4/5/2026 at 5:42:27 PM

Write up is supposed to be concise..

by rvba

4/4/2026 at 6:26:13 AM

I came across a top tier compliance auditor doing the same thing recently. I tried to talk to them about it and rather than approaching this from a constructive point of view they wanted to know the name of the company that got certified so they could decertify them and essentially asked me to break my NDA. That wasn't going to happen, I wanted to have a far more structural conversation about this and how they probably ended up missing some major items (such as: having non-technical auditors). They weren't interested. They were not at all interested in improving their processes, they were only interested in protecting their reputation.

I'm seriously disgusted about this because this was one of the very few auditors that we held in pretty high esteem.

Pay-to-play is all too common, and I think that there is a baked in conflict of interest in the whole model.

by jacquesm

4/4/2026 at 6:52:12 AM

Have you considered whistleblowing?

by dmos62

4/4/2026 at 7:08:02 AM

Yes. But I'm not working at either company and I'm 99.9% sure that it would lead to absolutely nothing other than a lot of misery for myself. The NDA's I sign have some pretty stiff penalties attached. I was actually hoping to see my trust in the auditing company confirmed and I'm still more than a little bit annoyed that they did not respond in a more constructive way.

My response however is a simple one: I used to steer (a lot of) business their way and I have stopped doing that.

by jacquesm

4/4/2026 at 7:46:20 AM

Similar boat. Seen the same shenanigans being played with actors who really should know better - everything from military secrets to medical data, and absolutely YOLOing it with an audit mill. I have it on good authority that there are superuser credentials floating around for their production systems that they’ve lost track of.

And no, I won’t whistleblow either, as it would mostly be me that would face repercussions, and I am unafraid to say that I am a coward.

We choose the battles we fight, and I’d like to believe that ultimately, entropy will defeat them without me lifting a finger.

by madaxe_again

4/5/2026 at 10:28:31 PM

No NDA can prevent you from making protected communications about fraud, illegal activity, etc. If you have seen fraud that involves the military you can make an anonymous report to the DOD IG. If it involves medical data you can make an anonymous report to the HHS IG. Or, if you want to get rich off of it, there's another option. Happy to chat.

by soc2fraud

4/6/2026 at 7:29:42 PM

"Get rich off it" sounds shady as hell. What are you offering?

by dmos62

4/4/2026 at 7:29:23 AM

Wouldn't it require a huge leap of faith for them to admit the audit was improper in order to have that discussion? Who's to say you aren't recording?

by maxbond

4/4/2026 at 7:33:03 AM

I've already established that it was improper. It's up to them to make the most of that knowledge and then to determine of this is a singleton or an example of a class that has more representation. In that sense it is free to them, I'm under absolutely no obligation to provide them with a service. But I'm willing to expend the time and effort required to get them to make the most of it. What I'm not going to do is to allow them to play the blame game or 'shoot the messenger'.

by jacquesm

4/4/2026 at 7:51:10 AM

I didn't mean it as a criticism, I think giving them the opportunity to improve and refusing to offer a scapegoat were both standup things to do. I'm just wondering if they were ever in a position to take that opportunity.

by maxbond

4/4/2026 at 8:03:57 AM

Hard to tell. But given that it was their legal department contacting me I think you know the answer to that one.

by jacquesm

4/4/2026 at 8:46:34 AM

I'd called out fraud (blatant lying in investor updates) at a VC backed startup where I was a technical co-founder, once. I emailed all the investors and presented all the evidence to them. They decided to not rock the boat and keep my charlatan co-founder. So, I left. Now, the company is slowly bleeding to death.

by woadwarrior01

4/4/2026 at 10:17:45 AM

> Now, the company is slowly bleeding to death.

There are thousands of companies where the shady practices are rewarded, the companies thrive and make money for the investors. So the investors are incentivized to reward this behavior just on the chance that they are rewarded back.

Whistleblowing sinks those chances and the investors and VCs know it. It doesn' just take away the money, it even takes away the plausible deniability. They put a lot of effort to absolutely punish any whistleblower to discourage the rest. Anything for a dollar. and this is probably all you'll ever need to know about almost every VC out there. Beyond the witty "I'm rich so I'm smart" blog posts and tweets, they're very much just the "anything for a dollar" type of people.

by buran77

4/5/2026 at 10:31:54 PM

if they touch the federal government, feel free to ping me. I can walk you through how to report to people who will actually do something about it and do so anonymously

by soc2fraud

4/4/2026 at 12:59:04 PM

To be fair, I’m not sure blatant lying in investor updates alone constitutes fraud. There needs to be harm (or the intent thereof) AFAIK. The other party needs to be using that information to make a decision. If you give me a dollar and then later I tell you I’m actually Beyonce, is that fraud? Or am I just a lying sonofabitch?

by peyton

4/4/2026 at 2:13:03 PM

If I give you a dollar and you say it’s being spent wisely, Beyonce loves the product, you’re about to land Taylor Swift as pro bono public ambassador… yeah that’s fraud.

by brookst

4/4/2026 at 2:06:58 PM

It's encouraging future investment on a false pretext. I'd say that's fraud.

by ikidd

4/4/2026 at 6:42:54 PM

Lying in investor update was merely the tip of the iceberg. There was lots more, fabricating customer traction pre-investment, paying oneself back-pay for months spent twiddling thumbs pre-investment (before I was involved), etc.

My lesson from the whole kerfuffle was that investors (at least the ones I’d dealt with) prefer hustle over integrity and execution abilities.

by woadwarrior01

4/6/2026 at 9:16:09 PM

This makes sense because investors in startups just care that they aren't left holding the bag. As long as they aren't the final fool in the buy in chain, they don't care.

by zipy124

4/4/2026 at 6:38:09 AM

It's auditing, nobody that is good at doing anything goes to auditing, unfortunately its one of those jobs. I haven't interacted with any auditor that actually understood all they were auditing, some are better than others but the average is worse than almost any other job description I have dealt with.

by vasco

4/4/2026 at 6:54:24 AM

If you care about this stuff you need to in-house auditing and do your own audits with people who care. Then get certified by an external auditor for the paper.

You can start very lightweight with doing spec driven development with the help of AI if you're at a size where you can't afford that. It's better than nothing.

But the important part is you, as a company, should inherently care.

If you rely on an auditor feedback loop to get compliant you've already lost.

by arianvanp

4/4/2026 at 7:00:26 AM

This function exists in every publicly traded public company, and is called internal audit.

It has the potential to be incredibly impactful, but often devolves into box ticking (like many compliance functions).

And it's really hard to find technical people to do the work, as it's generally perceived as a cost centre so tends not to get budget.

by disgruntledphd2

4/4/2026 at 9:13:52 AM

Nobody really tries to get technical people to do the work.

Like cool, it's a great idea and would potentially produce positive results if done well, but the roles pay half the engineering roles, and the interviews are stacked towards compliance frameworks.

There's very little ability to fix a large public company when HR is involved

by ownagefool

4/4/2026 at 5:04:05 PM

Maybe it should be treated like on-call duty and have the load spread between existing engineers on some kind of schedule, maybe with some extra comp as incentive because it's boring and will take more effort/time in the "easy case" compared to pager duty.

by pxc

4/6/2026 at 8:42:57 AM

I think 12-24 month rotations would work really well, but given how the profession is currently setup, that would be difficult to do.

by disgruntledphd2

4/4/2026 at 3:21:40 PM

Speaking as a technical (data) person currently working in internal audit for a not quite public company, it's not entirely uncommon.

I do agree that the pay isn't great, but it's the fact that it's considered a cost centre that's been the issue for me.

by disgruntledphd2

4/4/2026 at 7:22:23 PM

Everything except for sales tends to be seen as a cost centre. It's ridiculous.

by jacquesm

4/4/2026 at 7:19:00 AM

To be honest, I would even go further: if you think certification equals security, you are even more lost.

So many controls are dubious, sometimes even actively harmful for some set-ups/situations.

And even moreso, it's also perfectly feasible to pass the gates with a burning pile of trash.

by Koffiepoeder

4/4/2026 at 7:26:13 AM

And they do not track the industry at all, at best they'll help you win the war of five years ago.

by jacquesm

4/4/2026 at 7:41:14 AM

Imagine my face when I had to take periodic backups of stateless, immutable read-only filesystem, non-root containers for "compliance".

by Koffiepoeder

4/4/2026 at 7:39:51 PM

Maybe that's just a goid moment to review your _policy_. About a half of our compute is exactly that, and we just don't have to do this sort of backups, that'd be silly.

We don't deal with the military though, only fintech (prime brokers and major banks, funds) some government. Plenty of certifications (have someone all site all year round),!no silliness.

by subscribed

4/4/2026 at 8:06:26 AM

That's hilarious :)

Ook goeiemorgen...

by jacquesm

4/4/2026 at 9:32:07 AM

But companies don't care. They don't want compliance for feel goods, they want compliance because their partners require it. They do the minimum amount required to check the box

by PunchyHamster

4/4/2026 at 12:56:23 PM

Caring about security and comparing about some of the arbitrary hoops you have to jump through for some of these compliance regimes don’t always overlap as much as you’d expect.

I’ve been at companies where we cared deeply about security, but certain compliance things felt like gimmicks on the side. We absolutely wanted to to do the minimum required to check that box so we could get back to the real work.

by Aurornis

4/4/2026 at 6:49:40 AM

You should check out the banking industry sometime if you'd like to interact with a competent auditor.

Compliance gets taken quite seriously in an industry where one of your principal regulatory bodies has the power to unilaterally absorb your business and defenestrate your entire leadership team in the middle of the night.

by bob1029

4/4/2026 at 7:10:20 AM

They could. But they don't.

I've seen this up close. The regulatory bodies as a rule are understaffed, overworked and underpaid. I'm sure they'd love to do a much better job but the reality is that there are just too many ways to give them busywork allowing the real crap to go unnoticed until it is (much) too late.

by jacquesm

4/4/2026 at 11:07:04 AM

Because they’re put there as a box ticking exercise without ever being given the power or resources to be able to do damage or negatively impact the bottom line of the big rule breakers. It’s just supposed to maintain the appearance of doing something without ever supporting these activities for real. For the most part they are a true Potemkin village. If the risk is diffuse (just some average Joe suckers will lose money) I wouldn’t hold my breath that anyone is controlling for real.

by close04

4/5/2026 at 12:43:58 AM

I hate to say this but I suspect you are right.

by jacquesm

4/5/2026 at 10:32:55 PM

Usually on a Friday night. If you see a bunch of rental cars hanging out near a bank HQ on a Friday afternoon, get all your money out before the doors close. FDIC is about to wreck shop.

by soc2fraud

4/5/2026 at 11:01:36 PM

They do it on a Friday so they can work through the weekend and reopen the bank on Monday as a branch of a different bank which is solvent, so I wouldn't worry too much. I'd be more worried about putting my money in a fintech not regulated by FDIC or NCUA (though many contract with a "real" bank so that your money is still protected).

by maxbond

4/4/2026 at 11:29:45 AM

The industry is paid to provide a fig leaf for shady practices. Everyone knows what's going on, no one is going to do anything about it unless governments step in and give regulators more resources and more teeth, and "errors" lead to prosecutions and jail time.

None of those are likely.

This is the industry that missed Enron, WorldCom, Wirecard, Lehman, and many others.

by TheOtherHobbes

4/5/2026 at 1:10:31 AM

> Wirecard

Don't get me started. That hasn't even properly ended yet, the fall-out is continuing to today.

by jacquesm

4/4/2026 at 11:34:48 AM

I suspect many AI startups will be on that list in 2-5 years.

by noir_lord

4/4/2026 at 5:42:02 PM

> But that's just the cherry on top.

That's not the right metaphor here.

by ragall

4/4/2026 at 6:42:04 PM

What should I have used instead?

by maxbond

4/6/2026 at 11:09:47 AM

It's "the last straw" or "the drop that overflows the cup". The "cherry in the cake" is in need to be a good thing.

by ragall

4/6/2026 at 1:02:33 PM

I appreciate the feedback. I'll consider how I can be more clear in the future.

My usage was ironic. I don't think those fit my meaning because I think the situation would be largely the same without the licencing dispute.

by maxbond

4/4/2026 at 6:02:56 AM

lol strongly agree it is just cherry on top. In big tech they also copy but just copy in a smart way so I don't believe that's the reason they got removed.

by JasonHEIN

4/4/2026 at 5:54:57 AM

YC has no problem with morally questionable behavior, many YC startups do things that are just as shady. YC is, ultimately, not responsible for what these startups choose to do. Delve’s problem is that they betrayed so many other YC companies in the process. An important value of being in YC is access to a ready-made customer base. The licensing issue is nothing compared to their fake audits but it is an affront to the YC community, hence, kicked from the community.

I’m sure if Delve has only engaged in fraudulent audits or had only resold another YC company’s product, they would have been allowed to stay, the problem is all of that combined pissed off enough other YC companies.

by fontain

4/4/2026 at 7:41:12 AM

I think it’s partly that, but also that when you have something that is toxic, radioactive and on fire on your ship, you shove it overboard, and assess just how bad the damage was afterwards.

by madaxe_again

4/4/2026 at 1:36:53 PM

> YC is, ultimately, not responsible for what these startups choose to do.

Formally they might not be (depends on the case), but morally they are.

by dvfjsdhgfv

4/5/2026 at 3:48:29 AM

This is definitely why they're removed from YC. Their practices affect other YC companies like Lovable and such and that's absolutely unacceptable.

by alanknguyen

4/4/2026 at 6:14:53 AM

> YC is, ultimately, not responsible for what these startups choose to do.

Of course they're responsible for their investments; they're just not liable. YC has a lot to answer for in the damage it's wreaked over the years.

by throwaway27448

4/4/2026 at 9:09:47 AM

> YC has a lot to answer for in the damage it's wreaked over the years.

What damage is that? (excluding the present case)

by senko

4/4/2026 at 1:24:41 PM

How about the privacy darling Flock?

by user_7832

4/4/2026 at 10:15:58 AM

> What damage is that? (excluding the present case)

That seems to be an introspective question.

by officialchicken

4/4/2026 at 4:29:43 PM

Extrospection is valid spection

by 1attice

4/4/2026 at 10:34:22 AM

They’re responsible for the existence of scribd. Not aware of any other obviously socially net negative companies.

by barry-cotter

4/4/2026 at 10:45:40 AM

For the uninformed what’s the deal with scribd?

by transcriptase

4/4/2026 at 1:27:25 PM

Scribd are quite annoying. The pitch was "the YouTube for documents" allowing stuff to be posted and shared but they tend to try and get subscription money off you to see anything unlike the likes of YouTube.

by tim333

4/4/2026 at 10:22:55 PM

Scribd scrapes the web of all the .PDFs that it can find, then gates them behind a paywall and SEOs their way to the top of Google's rankings. That's it, that's all they do. They run a zero value tollbooth with other peoples' IP, taking advantage of users who don't have the search-fu to hunt down the documents themselves.

They should pretty much die in a grease fire.

by CamperBob2

4/4/2026 at 11:48:04 AM

Flock

by roysting

4/4/2026 at 10:48:38 AM

Airbnb

by monsieurbanana

4/4/2026 at 10:46:00 AM

Reddit

by energy123

4/4/2026 at 12:24:13 PM

I think when making the claim a company is a net negative, it's necessary to explore what would have happened if the company hadn't been founded.

I find it unlikely, for example that there would not be a dominant centralized forum platform. People would have certainly started problematic communities on the dominant platform, and it's unlikely a platform with strict moderation would have gained dominance before 2015 or so. I do think a dominant player would have been established by 2015.

Do you think whatever you see as harmful about Reddit would not have occurred if the company didn't exist?

by Zak

4/4/2026 at 4:38:55 PM

This is like saying “that guy would have died eventually if I didn’t murder him.”

The corporate shield for accountability is so annoying in this way. Nobody’s ever responsible for things that they did as human beings.

by dangus

4/4/2026 at 5:28:32 PM

This comment assumes both that Reddit is harmful and the outcomes were predictable. The former is debatable, but I am sure the latter is not true; the founders of Reddit didn't know what they were building.

They thought it was a social bookmarking thing for people to find and share blog posts. It didn't even have comments for the first half year. For two more years, self-posts only existed as a hack where the poster had to predict the post's ID to make it link to itself. User-created subreddits didn't show up until about 2.5 years after the site launched.

by Zak

4/4/2026 at 6:57:17 PM

I’m pretty sure all endless scroll social media has been scientifically proven to be harmful. Reddit also runs a 1:1 copy of TikTok.

I don’t really care to defend the morality of extremely wealthy VC firms like YC. They know the enshittification process that happens with 100% of the companies they fund.

They could create companies with charters and ownership structures that ensure they exist to better the world and make good products as their binding guiding principals, but they choose not to.

More fun with this subject: https://theonion.com/sam-altman-if-i-dont-end-the-world-some...

by dangus

4/4/2026 at 12:59:17 PM

It would have happened more slowly at least, delaying the increase in populism, nihilism and depression in the Western world, the anglosphere in particular.

by energy123

4/4/2026 at 1:49:33 PM

What traits specific to Reddit as opposed to a hypothetical generic alternative forum platform do you think are major contributors to those social trends?

by Zak

4/4/2026 at 1:57:21 PM

Recommendation engine pushing users into ideological bubbles, public voting mechanism creating incentive for conformity which then creates purity spirals, lack of moderation.

by energy123

4/4/2026 at 2:07:44 PM

Early Reddit had a recommended tab, but that didn't last long. The current recommendation features are relatively recent - this decade at least.

It would surprise me if the winner in that space didn't have a public voting mechanism. Digg, Reddit's early major competitor had one, and heavy-handed moderation surrounding the HD-DVD decryption key leak was one of the major inflection points that drove users from Digg to Reddit. Stricter moderation during that time period would have been a losing strategy.

by Zak

4/4/2026 at 1:10:42 PM

That's mostly imputable to Facebook, Twitter, and Instagram. Reddit is a footnote in the mainstream, which is dominated by those 3.

by toyg

4/4/2026 at 1:29:49 PM

Given the number of Reddit users across the Anglosphere, I disagree that Reddit is not a major contributor.

by energy123

4/4/2026 at 9:02:20 AM

The “I just have the arsonist the match, I didn’t tel him to strike it” approach of tech bros has caused untold damage to the world over the last 20 Years.

by hdgvhicv

4/4/2026 at 11:17:34 AM

I'm not saying you're wrong, but a blanket "untold damage" statement won't carry an argument here, you need to be specific.

by bartvk

4/4/2026 at 1:47:06 PM

But then it wouldn't be untold

by TZubiri

4/4/2026 at 11:23:42 AM

[dead]

by cindyllm

4/4/2026 at 9:27:21 AM

Of course, giving money to terrorists also doesn't make the side giving money responsible /s

The delusions people establish to feel better about their or someone else they like mistakes...

by PunchyHamster

4/4/2026 at 7:57:40 AM

All LLMs do this, yet nobody bats an eye.

by whatever1

4/4/2026 at 4:49:25 PM

LLMs can't be held legally liable, only the people who use them.

by tankenmate

4/4/2026 at 12:26:58 PM

hipaa*

by Craighead

4/4/2026 at 4:27:54 PM

Oops. Thanks for the correction.

by maxbond

4/4/2026 at 6:14:31 PM

You are overcomplicating this. They were ejected because they got caught. What for or how they got caught, does not matter.

by PeterStuer

4/4/2026 at 6:56:59 PM

> You are overcomplicating this. They were ejected because they got caught.

I don't see how "they got caught doing X" is more complicated than "they got caught doing Y", but at any rate think it's worth being correct and precise in order to reason from accurate premises. If you absorb a lot of false information you'll start coming to incorrect conclusions and it'll be difficult to understand why. It took me years to unlearn all the bullshit I absorbed from when I used to spent a lot of time watching History channel documentaries.

> What for or how they got caught, does not matter.

So if they were ejected for jaywalking or for murder, that's all the same to you?

by maxbond

4/4/2026 at 6:07:28 AM

[flagged]

by johnwheeler

4/4/2026 at 6:42:30 AM

If you see a fraud and do nothing you are part of the fraud.

by jweir

4/4/2026 at 6:50:08 AM

I've seen a bunch of people go on random crusades. Investigation is fun and righteous indignation is intoxicating. For certain personality types it's easy to get completely absorbed by a mystery/crime and not even realize how much time you're spending digging into it until the sun rises. Others may be intensely motivated by perceived injustice, dishonesty, or graft. Or they may feel personally cheated.

I don't know who this person is or whether they are legit but it doesn't surprise me that someone would do this.

by maxbond

4/4/2026 at 6:31:47 AM

it may be anybody. Even somebody at YC wanting to create a background to drop Delve if suppose Delve were shady and they discovered it (i really don't know anything here and am simply speculating, heard about Delve today first time, just googled and read some techcrunch article - it says Delve has 1000 clients - googled employee count - sub-50, and until it is "an Uber for auditors" i have hard time to believe that 50 Silicon Valley people can do even one compliance certification for one client, with AI or without)

by trhway

4/4/2026 at 10:20:01 AM

[flagged]

by mikkupikku

4/4/2026 at 6:13:54 AM

It looks like a form of covering their ass - they basically (explicitly?) say they've been violating the law and it's Delve's fault.

by bombcar

4/4/2026 at 6:46:46 AM

Yes, the way this is being pushed online seems like there is a competitor involved. If not in the initial disclosure, then in the daily rehashing of it.

It's also still unclear to me how much fraud they actually were involved in, and how much of the fault falls on them. SOC2 Type II and ISO 27001 are not audited by them, but by actual accredited auditors (apparently mainly Accorp and Gradient), which must have been just as complicit/negligent. As customers of Delve are free to chose their auditors I'm wondering how this hasn't blown up earlier.

by hobofan

4/4/2026 at 7:03:31 AM

If there were not a manipulative competitor, if people just found fraud and abuse of open source compelling and the story was circulating organically, how would that look different? What do you observe that leads you to believe a manipulative competitor is a better hypothesis?

by maxbond

4/4/2026 at 4:24:08 AM

Someone leaked an internal Bookface chat from Garry Tan (YC CEO) saying:

  We have asked Delve to leave YC.

  YC is a community, not just an accelerator. The founders in our community have to trust each other, and we have to trust them. When that trust breaks down, there's really only one thing to do.

  We're not going to get into the details publicly. We wish them well.
https://x.com/___4o____/status/2040271468874076380

I have no direct knowledge of the accuracy of any of this. This is not my account.

by everfrustrated

4/4/2026 at 5:41:04 AM

"They've betrayed my trust but I wish them well" is an interesting statement.

by BugsJustFindMe

4/4/2026 at 9:16:53 AM

Someone doing harm to you doesn't automatically mean you wish harm to them. Not that I necessarily take what Garry says at face value but it's definitely possible to unironically take this viewpoint.

by saagarjha

4/4/2026 at 4:32:26 PM

"Betrayal" requires intent so it's not just any old harm.

That may not automatically mean you wish them harm in return, but I believe it would be very uncommon to not.

by BugsJustFindMe

4/6/2026 at 6:56:02 PM

"Betrayal" also isn't the word that GT used.

by gcr

4/6/2026 at 9:29:28 PM

It seems like an accurate paraphrase in the context of other known news about Delve, and it was shorter than "We trusted them to not do something intentionally fraudulent and then lie to us, and I believe they knowingly violated that trust by doing something intentionally fraudulent and lying to us."

by BugsJustFindMe

4/6/2026 at 10:07:57 AM

This is a core tenet in at least one major religion

by saagarjha

4/4/2026 at 1:29:04 PM

[dead]

by lezojeda

4/4/2026 at 9:49:12 AM

It's the polite way of saying goodbye when you actually mean "eff off"

by raverbashing

4/4/2026 at 12:27:19 PM

People don’t realize that the people at the top of organizations are effectively like politicians in democratic systems only the vote comes in confidence; usually manipulative, lying, and deceptive because they are inherently dependent on maintaining perception of the people they rely on and underpin their roles and power.

One way in which they do that is to ride or effectively are selected by the system for their mastery of the psychological trick of positivity and optimism that predisposes people to follow and trust, e.g., even when someone betrays you, you “wish them well.

In such systems, courage and hard lines that enforce strict rules, discipline, and principles does not provide the leaders in that system the affordances and benefits of leadership. As has been indicated, the subject behaviors are not only not novel, nor are they unique. What precipitated this current action appears to be the egregious and probably violative nature of the behavior, not the behavior itself. The veneer of perception was pierced, which is the real trigger of action.

Just use my saying what I just said above as an example, there will be people who have not even read this last paragraph and will it will have the urge to down vote what I said solely on the basis that they want to punish me, the messenger, because I’m pointing out things that are very much true and not saying it in a positive manner. It causes feelings of discomfort and especially in American society today where everything is geared towards positivity and good feelings opium, not bad feelings, even if you’re being scammed or defrauded or lied to, you have to remain positive, say things in positive ways, be “constructive”.

I don’t know if it’s sustainable because it’s such a con job at its very core, an abusive confidence trick, maintaining the perception of confidence and optimism to keep people happy and positive and optimistic regardless of red flags; however, we shall all find out one day if no one being able to deal with reality anymore if it’s not wrapped some nicety, is sustainable. Hence, “They violated us/me” but “I wish them well”. See, they are wished well, so everything is fine and we just removed the bad apple, nothing to see here, keep being positive as the telescreen instructs you to.

by roysting

4/4/2026 at 6:54:48 AM

"they can fuck off from where they came" would be a bit too intense even for Gary

by altmanaltman

4/4/2026 at 9:19:17 AM

I guess if he told them "die slow motherfuckers" as he's told others that wouldn't be too intense for him.

by ethanwillis

4/4/2026 at 11:50:06 AM

“We’re keeping our distance but we still own a piece of their company” might have done it?

by justin66

4/4/2026 at 2:16:35 PM

It’s what you say to establish it’s a professional action taken for business reasons.

by brookst

4/4/2026 at 5:47:59 AM

"I wish them well" is an idiom for "I never want to see them again".

Kinda like "bless your heart", which means nothing of the sort.

by margalabargala

4/4/2026 at 6:42:43 AM

Why do non-Southerners keep insisting on this? Bless your heart can be said sincerely or ironically, like pretty much any other phrase.

by huhkerrf

4/4/2026 at 7:13:30 AM

The ironic usage makes for compelling dialogue and comports with stereotypes about Southerners as formal/restrained. So that's what ends up on television. At least that is how I think I came about having that impression.

by maxbond

4/6/2026 at 10:12:57 PM

> So that's what ends up on television.

Maybe 7-8 years ago I met an Iranian. They were genuinely shocked I wasn’t a cowboy hat wearing racist when I told them I was from the south.

I grew up in the Atlanta area.

by guzfip

4/4/2026 at 6:42:29 PM

Yeah, I get this a lot, especially from non-southern in-laws who think it's a hoot that they've "cracked the code" and can "speak southern". Being repeatedpy stereotyped to your face gets old pretty quick.

For folks who don't know, here's the best explanation I can offer from growing up in the Atlanta area (but well outside the perimeter):

"Bless your heart" is most commonly an expression of sympathy.

Sometimes, it's sympathetic towards the hardship someone's going through (e.g. "and right after his grandma passed, bless his heart.")

Sometimes it's sympathetic to the trouble someone went through (e.g. "oh bless your heart, you didn't have to go out of your way to bring extra! Thank you so much!")

And yes, sometimes it's an expression of sympathy for the fact that life must be hard for you because of your ignorance, stubbornness, stupidity, or arrogance (or some other such stunting quality) (e.g. "and he thinks he can graduate from Tech with those grades, bless his heart," or "bless his heart, I just don't think he's ever had anyone tell him no in his entire life.")

by ubertaco

4/4/2026 at 8:46:10 PM

Yeah, it's a pretty versatile phrase that's hard to explain. But it does often have a connotation of childishness or naivety, even when used sincerely.

It is often used an expression of thanks or appreciation, but I associate that more with an elder speaking to someone younger.

Most of the time, it is an genuine expression of true empathy, but it's not uncommon to be used as a passive aggressive expression of false empathy. It's that childish connotation that give it the extra bite when used passive aggressively.

And that plausible deniability, where the phrase is used in a genuine context often enough that sometimes you can't tell that someone is throwing shade, is very much a reflection of southern culture.

Source: Grew up in Georgia and North Carolina, with some family in Alabama.

by cbarrick

4/4/2026 at 1:24:34 PM

You mean kinds like "I wish them well" here?

My comment is an internet comment about idioms, not a comprehensive linguistic treatise.

You seem like you're looking for something to be upset about. I wish you well.

by margalabargala

4/4/2026 at 6:14:59 AM

but should it be?

by DANmode

4/4/2026 at 1:48:11 PM

The gstack is also pretty interesting.. well, not really

by 4b11b4

4/4/2026 at 7:30:12 AM

It's giving Gwyneth Paltrow at the conclusion of her ski crash trial.

by dtf

4/4/2026 at 10:18:28 AM

"Bless their little hearts"

by vr46

4/4/2026 at 10:08:33 AM

Apparently Garry Tan has the same warm feelings and friendly relationship with Delve as Trump has with Ghislaine Maxwell.

Trump On Ghislaine Maxwell: "I Just Wish Her Well" | NBC News

https://www.youtube.com/watch?v=jC2jsRrzCrs

by DonHopkins

4/4/2026 at 11:58:28 AM

Everyone one of us makes mistakes. Wish all well and see what the future brings.

by taikahessu

4/4/2026 at 3:35:12 PM

It wasn't a mistake, they did it on purpose.

by pessimizer

4/4/2026 at 6:54:34 AM

Don't you wish well on people you don't want to associate with? It would be interesting if you didn't, imo.

by dmos62

4/4/2026 at 7:39:41 AM

> people you don't want to associate with

That’s an oversimplification of what your parent comment said, which was someone who has betrayed your trust.

> It would be interesting if you didn't

Why? What’s interesting about it? You don’t have to actively wish harm on people who harmed you, but there’s nothing strange about not wishing them well.

by latexr

4/4/2026 at 8:26:36 AM

You make it sound like wishing harm or wishing wellness are activities while not wishing anything is just the default passive state. To me the default posture is not indifference, but wishing wellness.

We throw around words like "interesting", which is a subtle way to say "not normal", which is a subtle way to say that that's not how we would behave and that we think that others shouldn't behave that way either. So I take back what I said about what is interesting to me, and I'll just say that I wish it was normal to wish well to others, regardless of their actions or repercussions you impose on them.

by dmos62

4/4/2026 at 4:22:56 PM

> You make it sound like wishing harm or wishing wellness are activities while not wishing anything is just the default passive state. To me the default posture is not indifference, but wishing wellness.

It looks like you've misinterpreted both what I said and what latexr said. Allow me to clarify and reorient the conversation back to the original direction...

First, neither of us is the universal subject. Your default feeling and my default feeling are not "the" default feeling. There's no such thing as "the" default feeling.

Second, nothing I or they said has anything to do with any "default passive state", because this is not a "default passive" situation. The word "betray" here is important. "Betrayal" happens actively, not passively. Feel however you want to feel about your passive default situations. This situation is different.

The only way someone can "betray" trust is by invalidating trust on purpose. If they harm you on purpose without trust, they have not betrayed any trust because there was none. If they invalidate trust accidentally, they have not "betrayed" the trust. They only "betray" your trust if you put trust in them and then they invalidate the trust intentionally.

> I'll just say that I wish it was normal to wish well to others, regardless of their actions

How very noble. Anyway, sorry Siddhartha, if someone actively "betrays" me they can go die in a fire. That has nothing to do with my "default passive" feeling about people.

by BugsJustFindMe

4/4/2026 at 6:39:22 PM

I agree there's no universal default or normal. That was my point too. We are in agreement that betrayal and purposeful harmfulness don't have a default reaction. I expressed how I choose to react, and you expressed how you choose to react. Our choices don't match, and I think that's ok.

I've not read Siddhartha. I take it you didn't like it.

by dmos62

4/4/2026 at 9:43:12 AM

> You make it sound like wishing harm or wishing wellness are activities while not wishing anything is just the default passive state.

Not what I said.

> To me the default posture is not indifference, but wishing wellness.

Same here. I’m not convinced that’s the default state for everyone, though. David Foster Wallace’s “This is Water” comes to mind.

> We throw around words like "interesting", which is a subtle way to say "not normal", which is a subtle way to say that that's not how we would behave and that we think that others shouldn't behave that way either.

Sure, I get that. Though you’re still answering as if what was in question was the neutral state of “people you don’t associate with” rather than the negative state in question mentioned by your original parent comment of “someone who has wronged you”.

> I'll just say that I wish it was normal to wish well to others, regardless of their actions or repercussions you impose on them.

Interesting. No criticism on my part. My wish would rather be that we don’t wrong each other (which, crucially, requires intentionality) in the first place. And while I don’t typically wish ill on others, I don’t think it’s wrong to not wish well on those who cause harm. If you’re a despot oppressing millions of people for your own selfish benefit, I don’t really think wishing you well is a positive action.

But again, no judgement, I was trying to understand your position, so thank you for clarifying. Have a nice weekend.

by latexr

4/4/2026 at 4:06:43 PM

No, if I believed wishes, hopes and prayers affected anything why would I waste the finite quantity of them on random people let alone people I professionally separated myself from?

As Donald Draper once said "I don't think about you at all."

by blitzar

4/4/2026 at 6:08:10 PM

If you would rewatch Mad Men, you might notice that Donald Draper is not well adjusted. It's not subtle either.

What makes you say that wishes are finite? Do you ration them out to your loved ones?

by dmos62

4/4/2026 at 6:25:10 PM

We have finite time, considering ones wishes towards someone takes a portion of that time even if it is a very small fraction of time.

by blitzar

4/4/2026 at 6:49:59 PM

If we get into it, I think that beliefs are a better abstraction that wishes. Beliefs structure relationships. How does a person believe that he relates to another person. So when I think of "wishing someone well", it's an English-language nuance that makes it an activity, but in reality it's a choice of what beliefs I hold. And, I find, the only beliefs that are a chore to carry around are those that don't serve me.

by dmos62

4/5/2026 at 9:35:40 PM

Is this the first time Bookface screenshots have been published publicly?

by empathy_m

4/4/2026 at 6:53:20 AM

[flagged]

by edm0nd

4/4/2026 at 5:26:46 AM

The text implies it’s more due to the alleged license violation of a YC startup’s IP than the alleged fraud.

by minimaxir

4/4/2026 at 5:32:52 AM

Really? I know nothing about this other than what I've read here, but my first guess was the breakdown in trust means the allegations of fake audits.

by kstrauser

4/4/2026 at 5:45:24 AM

I was half-joking, but if YC has a legal issue resulting from the alleged fraud (unclear currently), kicking out the company for the lesser infraction would make more sense.

by minimaxir

4/4/2026 at 8:15:42 AM

Investors aren't on the hook for the bad behavior of companies they invest in. Quite the opposite: Defrauding investors (and acquirers, and creditors) is commonly the thing that lands people like Elizabeth Holmes in prison.

by FreakLegion

4/4/2026 at 9:14:24 AM

Ycombinator may have financially benefited from the scam operations since the company subsequently raised funds.

Considering they do due diligence before investment and are experts in IT and legal, how could they not know what is the business model when it was the unique selling point ?

by rvnx

4/4/2026 at 9:25:55 AM

Because Delve defrauded them.

by FreakLegion

4/4/2026 at 10:00:08 AM

Yeah, yeah... of course, of course... like telehealth companies prescribing GLP-1 Ozempic/Wegovy where there is one doctor for 10000 patients. Totally sounds legit.

by rvnx

4/4/2026 at 5:42:40 AM

It is very clearly the fake audits.

by wahnfrieden

4/4/2026 at 3:46:05 AM

Sure, most companies could add an About section and probably put this behind them pretty quickly. They could have even hired someone like Delve to assure this kind of thing wouldn’t happen again.

But Delve themselves can’t really do any of that. They’ve screwed up on a fundamental piece of their own business model. Their core offering *is* Compliance as a Service!

How could I trust their word that they’ll ensure my company is compliant? How could I trust their word that a company I’m doing business with is compliant? They can’t even handle their own Apache 2.0 licensed works, and that’s child’s play- relatively speaking. I’m supposed to trust that they can handle PCI and HIPPA and all the rest for other companies?

This is like having a dentist who doesn’t brush and floss their own teeth. Or a building inspector working out of a moldy office suite with exposed rebar. Or an editor with a personal website full of typos and grammatical errors. It’s a dealbreaker to anyone with common sense.

by thoughthadlogin

4/4/2026 at 3:52:44 AM

You’re right, you can’t.

Unlike Zenefits, which had (allegedly?) committed fraud for part of their business in the interest of moving faster, and then Parker came back with Rippling…

These guys’ entire and actual business model was fraud.

by borski

4/4/2026 at 3:55:20 PM

zenefits didnt commit fraud in the social sense they allowed people to sell real financial products without having a broker licence. its more like not wearing seatbelts than scamming people

the car was real, but there was no drivers licence. 'licence fraud' -> fraud

delve is an actual scam

by DaedalusII

4/4/2026 at 4:54:44 AM

It's not just about delve. It's about yc's model. YC encourages YC companies to trust other YC companies even though they are early.

If you can't trust your batch mates for something as crucial as compliance, the model doesn't work.

by nfw2

4/4/2026 at 5:31:30 AM

They've graduated 5,000+ companies, so some fraud is hard to avoid, especially with young hungry founders willing to do anything to succeed. Honestly, it's a pretty good track record that there's only been a handful of companies like this.

by jmcgough

4/4/2026 at 10:26:01 AM

It's precisely because they graduated 5000+ companies that fraud is more difficult to avoid.

They scaled up massively the size of each batch and their frequency to a point where they are incapable of auditing them.

by LunaSea

4/4/2026 at 10:35:17 AM

Maybe someone should start an auditing company for YC... oh

by ohashi

4/4/2026 at 12:06:05 PM

There is too much friction in the audit process… someone needs to solve this

by financetechbro

4/4/2026 at 7:41:45 AM

this is a teachable moment for yc, maybe the cost of investing in a sour apple is a lot more than half a mil, maybe there's a brand or reputational cost, even in places you least expect it right, these two seemingly had everything laid out for them by investors, did they even come up with compliance? who told them to work on that? now look what happened, it's like everyone cant get far enough fast enough now. What about their lead investor insight partners? what's that conversation like?

it's all just very strange and stupid, ironically from the the startup posing as auditors..

by redanddead

4/4/2026 at 8:29:43 AM

Seems crazy that anyone (startups and buyers) would trust these guys for audit.

Shows the “compliance theatre” of what SOC2 has become

by robotswantdata

4/4/2026 at 8:46:59 AM

It's always been one.

Every single technical auditor I've dealt with has been majorly incompetent and wanted to do things that would decrease security. And these were not some cheap bottom of the barrel companies but the big "industry leaders".

by progbits

4/4/2026 at 5:34:49 AM

It can work under the umbrella of some sort of coordinator

That looks like what happened here.

by worik

4/4/2026 at 4:40:15 AM

This other profile is still up:

https://www.forbes.com/profile/delve/

30U30 never ceases to amaze.

by hbbio

4/4/2026 at 4:47:25 AM

I wonder if the kind of personality that gets you on 30U30 correlates with being willing to engage in massive fraud, and being able to get away with it for a minute.

Holmes, SBF, Shkreli, Charlie Javice, Ishan Wahi...

by avaer

4/4/2026 at 5:05:53 AM

When ambitious competitors who can't accept loss or normalcy enter into a field that's saturated with skilled rule-abiding players, they'll cheat.

Hypercompetitive fields will always surface cheaters given enough time. Then regulations pile on to fight the cheating, which makes it harder for honest people to do the good work.

We do not punish cheaters like these as much as we should.

by gmd63

4/4/2026 at 5:35:11 AM

You know, after all this time Lucas Duplan doesn't seem so bad. His hubristic sin was posing for a photo burning fake hundred dollar bills. That just seems like a random Tuesday now.

by kstrauser

4/4/2026 at 5:41:07 AM

Naming his startup “Clinkle” should have been a crime, though.

by minimaxir

4/4/2026 at 5:58:20 AM

That was epicly horrid.

by kstrauser

4/4/2026 at 10:46:34 AM

When the stakes are high, non-compliance with the rules or the law might be worth the risk, see professional athletes and drug cheats, right?

Karma and integrity seem to be treated as an overdraft. But these folks are hardly held back by the systems they work in.

by vr46

4/4/2026 at 5:39:28 AM

"that gets you on", ie. the kind of personality that literally pays & hustles to be featured on such a list to fuel their own ego?

colour me surprised

people still seem to think that forbes scouts the world for the best talents instead of the lists being basically a paid ad

by malthaus

4/4/2026 at 11:42:43 AM

If I remember correctly, you need to be nominated by someone to be considered for the 30U30 list. Some of the people on those lists will literally run their own campaigns to get on the list, meaning that they'll pay people to nominate them, pay PR firms to run stories and campaigns. Other people do seemingly nothing, and just get nominated by legit people that admire them.

So, I'm fairly certain lists like that will attract some amount of unscrupulous narcissists.

by TrackerFF

4/4/2026 at 9:52:52 AM

Yes? I mean, 30U30 has probably some, let's say, "PR steering" behind it

Not "Pay2Win" but possibly something less involved

by raverbashing

4/4/2026 at 4:58:21 AM

Not sure it's exclusively a U30 thing. When it comes to grift and fraud, a well known 79 year old comes to mind.

by rapind

4/4/2026 at 5:07:36 AM

I'd focus less on the U30 part, and more on the 30U, if that makes sense — the problem is with people who seek that sort of attention (and that 79 year old certainly qualifies as wanting that sort of attention). For those people, their businesses are a means to an end in the most cynical way possible.

by pdpi

4/4/2026 at 10:18:10 AM

Who rapes and bombs schools full of U18 children.

by DonHopkins

4/4/2026 at 11:09:29 AM

That is just what the O18 want in there. Last one also got their role because that. Doing it in public on camera.

by Ekaros

4/4/2026 at 12:02:45 PM

Speak for yourself. I'm O18 and I don't want him in there like you claim to. Most of his base claimed to be anti-pedo until they saw the evidence in the unredacted subset of the Epstein files that Congress legally forced him to release, and now suddenly they're pro-pedo (and pro-war and pro-bombing-schoolchildren). But you be you, and make baseless evidence-free false equivalence accusations against other people to justify the rapes and legally adjudicated sexual assault and pussy grabbing by the guy you as an "O18" claim you want in there.

by DonHopkins

4/4/2026 at 2:11:35 PM

30 Under 30 to Life

Forbes MOST WANTED

by vr46

4/4/2026 at 7:28:11 AM

30U30D30

by GaryBluto

4/4/2026 at 5:26:46 AM

[flagged]

by xyst

4/4/2026 at 6:49:23 AM

Great to see them take action. I'm waiting for cambioml next. A married couple notorious for fraud that apparently relocated to ME as a result. That's outside of the terrible treatment of ripping off interviewees (see: https://www.reddit.com/r/devops/comments/1n7cdua/got_a_devop...). Won't even comment on other stories I've heard related to them screwing over employees/cofounders.

by yyds666

4/4/2026 at 4:01:58 PM

Damn. Deepmind, Stanford, Berkeley, only to end up doc parsing for Applied Systems/Ezlynx, and scamming redditors

by redanddead

4/4/2026 at 7:02:31 AM

That reddit thread is brutal, knowingly making interviewees pay hundreds of dollars to interview in this economy is messed up.

by jazzpush2

4/4/2026 at 5:36:59 AM

On the one hand the company that was selling companies pre-made “You’re hipaa compliant” pdfs was doing fraud, but on the other hand the companies that were buying “We’re hipaa compliant” pdfs that said they had implemented compliance measures that they definitely hadn’t were also doing fr

by jrflowers

4/4/2026 at 4:13:57 AM

Curious - in this situation, does delve return money to YC? Or YC simply writes off the investment

by wenbin

4/4/2026 at 4:58:03 AM

Neither. "Leaving YC" or "being removed from Y combinator" really just means you (more precisely, your YC/HN account) loses access to internal resources like bookface. This does have the knock on effect of essentially isolating you from the community. It's not entirely a punishment, it can be as simple as you are a person who isn't working on a YC company anymore, for example.

This has zero bearing on equity, which would be a different conversation. In this case, I think the YC SAFE is likely to remain as-is, unless the founders choose to return the money, or YC chooses to levy a heavier allegation of fraud (which they don't seem to have done here).

by argee

4/4/2026 at 10:40:11 AM

The investment details really depends on the term sheet details

And I don't think this is just not "getting locked out of the website", but losing the YC "nod" is a greater deal in itself

by raverbashing

4/4/2026 at 4:56:17 AM

Ya it’s a total write down, I dunno how much they took from YC, if it was the standard deal this is just the cost of doing business.

by rekttrader

4/4/2026 at 6:16:35 AM

Based on?

by DANmode

4/4/2026 at 10:39:20 AM

Here is Delve’s defence to the whistleblower

https://delve.co/blog/response-to-misleading-claims

by penguoir

4/4/2026 at 1:09:50 PM

Wow, that writing is... earnest?

> Below are just some of the many inaccuracies in the story and then the truth.

> The Substack inaccurately said Delve relies on “Indian certification mills operating through front companies” and cannot pass legitimate audits. This too is not accurate.

At least it's not GPT but my goodness - you can definitely sense the panic. I think Karun is a little worried.

by joenot443

4/4/2026 at 3:27:55 AM

Bye-bye tweet from founder: https://x.com/kocalars/status/2040262537166618887

Notably YC hasn't wished them a farewell.

by carabiner

4/4/2026 at 3:44:48 AM

> striving to make the world a better place.

Why do all start-ups say this? I don't think there are many companies publicly saying "We're going to go 'scorched earth' on everybody."

by GaryBluto

4/4/2026 at 3:46:07 AM

Because if they had the money to be honest about it they'd not be a start-up!

by bombcar

4/4/2026 at 5:31:19 AM

Striving to make the world a better place for us. Is what is implied.

by nurettin

4/4/2026 at 5:59:33 AM

It was a meme over a decade ago so prevalent that HBO's Silicon Valley did a joke about it: https://www.youtube.com/watch?v=B8C5sjjhsso

Saying it in 2026 just makes it sound more insincere than usual.

by minimaxir

4/4/2026 at 4:44:59 AM

Oracle, right?

by shepherdjerred

4/4/2026 at 3:46:37 AM

funny thing about this tweet is the founder still couldnt stop herself from name dropping MIT

by mikert89

4/4/2026 at 3:56:59 AM

Look at this series of tweets from her:

> One interesting observation I’ve noticed is a lot of top founders did oddly strong at math from a young age.

https://x.com/kocalars/status/2027076198002553159

Nauseating.

by carabiner

4/4/2026 at 4:25:58 AM

Much like their soc audits, her time at MIT was also incomplete. Still doesn’t stop them from cosplaying as a grad though!

by claaams

4/4/2026 at 3:57:43 AM

So they decide to drop this from their COO while their CEO has been doing all the talking on a friday night? Looks like YC told them they had to announce this and this was their least-viewable option.

by emerald_rat903

4/4/2026 at 3:41:35 AM

At least they put a ladder up that tree

by philip1209

4/4/2026 at 5:31:44 AM

Turns out you can't "fake it til you make it" with SOC2 compliance.

by jmcgough

4/4/2026 at 8:22:26 AM

Fake it til you make it [into the news for fraud allegations].

by cleansy

4/4/2026 at 5:43:06 AM

[dead]

by nnurmanov

4/4/2026 at 3:22:57 AM

Related from an hour earlier: Delve removed from YC website [archive.org] https://news.ycombinator.com/item?id=47634405

by cyrusradfar

4/4/2026 at 3:38:54 AM

an example of why to avoid archive links in submissions (save 'em for comments), because the source link here will win.

by ChrisArchitect

4/5/2026 at 3:05:32 AM

Thanks! felt crazy linking to a 404 ;) live and learn

by cyrusradfar

4/4/2026 at 5:43:13 AM

Not surprising that Cluely is using them.. they were probably like, what we're compliant, sure if you say so

by apt-apt-apt-apt

4/4/2026 at 3:19:11 AM

Interestingly, they show up in the company list. When you click the link it returns 404.

https://www.ycombinator.com/companies/?query=delve

by jaredsohn

4/4/2026 at 6:33:34 AM

Probably just a means of updating the Algolia index.

by whilenot-dev

4/4/2026 at 4:10:41 AM

Its quite ironical and interesting at the same time, seems like there is a threshold size/impact beyond which everyone would come and save you, anything less and you will have to bear the consequences.

by sandeepkd

4/5/2026 at 9:51:54 AM

I like that this sets the precedent that if you want people on HN to believe that they’ve dropped any arbitrary company you just have to point to a convincing-looking url on the ycombinator domain and the 404 signals that you are both correct and following the rules.

by jrflowers

4/4/2026 at 1:49:34 PM

Sadly looks like another example of “fake it till you make it” in highly regulated industries is playing with fire.

by cmiles8

4/4/2026 at 5:04:28 AM

Classic. I knew this would happen ever sine i first saw Delve on YC. I was right to trust my gut, and never used their product.

by phplovesong

4/4/2026 at 7:00:09 AM

it felt very forced from the start, there was no iteration, narrative or pivots

who got these kids into compliance? cause it wasn't them

by redanddead

4/4/2026 at 8:44:50 AM

The headline here says "Delve removed from Y Combinator", but the link doesn't go to a statement by Y Combinator. It goes to a 404.

Is there reason to believe that Delve has been removed from Y Combinator, the organization, or is this more an announcement that Delve has been removed from Y Combinator's website?

by thaumasiotes

4/4/2026 at 5:49:23 PM

404 == "removed from Y combinator"

by fg137

4/4/2026 at 9:45:34 PM

Meaning what?

by thaumasiotes

4/4/2026 at 7:04:30 AM

YC needs to go back to how it was. Choosing those who know what they are doing, and have been in the game for long and not blindly choose those who have graduated from tier-1 institutions. University degrees mean nothing at the end of the day.

And please stop investing in slop/wrappers. They do not solve World's problems.

I feel there has been complacency set into investing in general where investors are chasing quick money (first crypto and now AI slop) over solving hard/grueling problems that take a long time to fix but have huge returns down the line.

And we have a lot of tough problems that still need solving. AI won't magically fix that, despite being a great tool.

by kshri24

4/4/2026 at 11:32:16 AM

Yeah, used to be that a lot of companies in the batches made more or less sense, or you could at least see how they'd made sense if they managed to successfully reach their vision, even if it many times was a bit wishy-washy.

YC since then seems to have moved into a "spray and pray" approach where the ideas don't matter at all, they're 150% in on the "We invest in founders" idea now, almost too much, although I know that's always been a thing they've thought about. But all the batches since some years ago are just so uninspired and seem to be quick cash grabs, or obviously acquisition targets, rather than "solve a problem you experience yourself" which seemed to be much more popular (and realistic) before.

by embedding-shape

4/4/2026 at 1:00:06 PM

>choose those who have graduated from tier-1 institutions. University degrees mean nothing at the end of the day.

It means everything for YC's model.

YC does not care about the software.

They care about the founders.

YC's model and ecosystem is explicitly designed to be a who's who club of interconnected founders that are very, very encouraged to """rely""" on each other when building their companies.

YC uses a lot of double speak regarding this ecosystem, but if you explained the concept to a layman on the street they'd tell you exactly what this concept is in just a very few, very blunt words.

Elite-class founders and lots of cheap, imported, or "passionate" labor.

Let's get real here folks.

by whoknowsidont

4/4/2026 at 4:01:00 PM

yes obvious but this is not a secret, its the whole point of yc

yc is explicitly an imitation of harvard , right down to calling people 'alumni'

this is how to find supertalent. much like american idol it works well but not for everyone

by DaedalusII

4/4/2026 at 12:34:56 PM

It starts from the top

by an0malous

4/4/2026 at 11:01:45 AM

Agreed.

by rvz

4/4/2026 at 3:40:54 AM

While I do think Delve and the leadership there should be held responsible, it's a bit weird to see YC and others take shots at them for breaking the law when so many of their prized unicorns achieved what they did by being willing to just ignore laws and deal with the consequences later.

by bilalq

4/4/2026 at 4:56:52 AM

Working around arguably dumb regulations and making your customers happy in the process is not the same as defrauding your customers.

by olalonde

4/4/2026 at 5:47:54 AM

While I agree with you, I also find myself wondering who draws the line. Given the current political atmosphere and its increasingly fluid relationship with "truth," I have to consider that the line for others may not be where it is for me — especially given the nuance buried in the details of many B2B deals.

Their value prop had to be strong enough to get past YC, past the other founders in the batch, past due diligence. Given that, I'm no longer comfortable casting "fraud" as a clean binary.

To be clear — I do genuinely believe they are a fraudulent company that lied and deserved to be removed. But introspectively, I have to sit with the fact that the space between "working around dumb regulations" and "outright fraud" is murkier than we'd like to admit.

by arionhardison

4/4/2026 at 6:52:08 AM

The vast majority of crimes are still being prosecuted as such. You have to reach a certain size/notoriety and money to buy a POTUS pardon; I doubt that matters for a relatively unknown outfit like Delve.

by pm90

4/4/2026 at 5:42:16 AM

> Working around arguably dumb regulations...

...is breaking the law

by worik

4/4/2026 at 6:58:42 AM

Yes, but there is a difference between:

1. Customers want to do something, you help them do it, but it's illegal.

2. Customers want to do something, you tell them you did it, but you were lying and defrauding them.

by kaashif

4/4/2026 at 7:56:59 AM

And

3. Customers want to do something, you help them do it, and nobody has done it before, so whether it's legal or not is kind of up in the air.

E.G. Uber exploited a legal loophole that distinguished the kind of taxi service you hail on the street from the kind of taxi service you call on a phone.

The latter were much less regulated, and usually much more exclusive and pandering to a richer crowd. Nobody really knew which kind Uber should be classified as, it was the first kind in practice (same customer base as normal taxis) but the second in theory (ordered, not hailed).

by miki123211

4/4/2026 at 4:23:34 PM

Is there? At the end of the day both boil down to breaking the law. It’s not better to break the law because someone paid you to do so.

by NeutralCrane

4/5/2026 at 1:19:54 PM

Yes, I just described the difference.

It is clearly different because in one case you are not guilty of fraud.

Being guilty of a crime plus fraud is obviously worse than just being guilty of the crime.

Breaking the law by stealing a loaf of bread is obviously different to killing one million people but "both boil down to breaking the law" - I'm not sure that comment contains that much information.

by kaashif

4/4/2026 at 3:50:58 AM

Ignoring a law is different from knowingly and intentionally breaking the law, especially when that law is actual intentional fraud.

Also, there was no “endgame.” They weren’t trying to change the law; they were exclusively breaking it for profit.

by borski

4/4/2026 at 3:55:10 AM

Let me more clearly instead say that many successful startups knowingly and intentionally broke the law.

But I agree that Delve is a special case and should naturally be held to a higher standard here because their whole business is around being compliant with the law. When most other startups break the law, they do it to get an advantage over competition. Delve did it in a way that sacrificed their core value towards customers.

by bilalq

4/4/2026 at 6:54:40 AM

that's defrauding the customer

this will literally get them in court

by redanddead

4/4/2026 at 3:57:56 AM

Yeah, precisely.

by borski

4/4/2026 at 4:12:31 AM

> Ignoring a law is different from knowingly and intentionally breaking the law

This is something Airbnb has facilitated for a very long time, no? And Uber, back when it started.

From a legal perspective I don’t see that it matters whether you’re trying to change the law or not. You’re either following it or breaking it.

by afavour

4/4/2026 at 4:23:59 AM

Sure. Technically and legally, you’re right.

In reality, it makes quite a difference if public opinion is on your side or not.

“We decided to commit fraud by providing fake compliance reports” reads very differently from “we let homeowners make money by renting a room”

by borski

4/4/2026 at 5:17:21 AM

The difference is that Airbnb customers used Airbnb because they thought hotel regulations were dumb and overbearing (or at least, they didn't care about the laws). Delve customers were literally trying to obey the law and Delve (allegedly) lied to them about it.

by bpodgursky

4/4/2026 at 4:48:00 AM

> Ignoring a law is different from knowingly and intentionally breaking the law

This is like a line from a Naked Gun movie. The only way that this sentence could be true linguistically is if the party doesn’t break the law that they’re ignoring (e.g. I could ignore the rule against perpetuities while drunk driving through a zoo)

by jrflowers

4/4/2026 at 3:57:30 AM

> Ignoring a law is different from knowingly and intentionally breaking the law

Huh? In a legal sense I'm pretty sure they're the same thing.

by TurdF3rguson

4/4/2026 at 3:58:52 AM

I ignore the law every day when I jaywalk. Technically, you’re right that that is also breaking the law. I wasn’t being careful with my words.

How and why matters, though.

by borski

4/4/2026 at 4:51:08 AM

> How and why matters, though.

How and why you break a law matters (to a judge / jury). Whether you frame it as "ignoring" vs "breaking" in your legal defense, not so much.

by TurdF3rguson

4/4/2026 at 4:58:09 AM

I agree; I attempted to clarify that with my “not using words carefully” but that is a fair criticism of what I wrote.

by borski

4/4/2026 at 4:54:17 AM

That’s not how words work. This sentence

> I ignore the law every day when I jaywalk.

Means the exact same thing as “I intentionally break jaywalking laws every day”. They are equivalent sentences.

by jrflowers

4/4/2026 at 4:57:25 AM

I agreed with you; that is why I said I wasn’t being careful with my language.

by borski

4/4/2026 at 9:24:18 AM

What does that mean

by jrflowers

4/4/2026 at 5:43:41 AM

> I ignore the law every day when I jaywalk

Not illegal here, but I hope you not complain when caught and fined.

by worik

4/4/2026 at 7:06:30 AM

Jaywalking was illegal in NYC until 2025 but literally every crossing had people doing it constantly. This is not figurative, it actually is literal.

Including people doing it in front of police. Including the police themselves!

The law only existed for police to harass and fine blacks and Latinos. And indeed, that was how it was struck down.

It is critical to a just society that victims of unjust laws or uneven enforcement complain!

by kaashif

4/4/2026 at 4:25:40 AM

There is a difference between "fake it till you make it" and "blatant widespread fraud", but the line is blurrier than many startups would like to admit.

by tjwebbnorfolk

4/4/2026 at 5:39:30 AM

I think it's fairly straight forward why. It's because Delve broke the law and got other YC companies in trouble vs other industries & people not under the YC banner.

by HaloZero

4/4/2026 at 3:50:16 AM

There's a sliding scale between fake it `till you make it and fraud.

by colechristensen

4/4/2026 at 3:55:26 AM

Yeah, fraud is what happens when you don't make it.

by tikhonj

4/4/2026 at 9:30:49 AM

Laws don't apply to you if you are big enough (e.g. AI companies)

by rvnx

4/4/2026 at 4:12:31 AM

Can you provide examples of YC startups that knowingly broke laws and just dealt with those issues later? I'm not very aware.

by sky2224

4/4/2026 at 4:15:29 AM

Airbnb, DoorDash

by bix6

4/4/2026 at 4:30:08 AM

Uber

by antonvs

4/4/2026 at 5:34:15 AM

Uber is not YC backed.

by el_io

4/4/2026 at 8:28:58 AM

Oh my context window is apparently too small

by antonvs

4/4/2026 at 4:04:31 AM

The deal is to have plausible deniability and not get caught

by gmerc

4/4/2026 at 4:33:37 AM

They broke laws that programmers care about.

Like, it's a company that sells AI-slop powered regulatory compliance. How many laws do you think the "fake it ill you make it and you'll never make it" AI will break? But "regulatory compliance" is laws that startups hate, so breaking them is good.

Copyright and the copyleft licenses built upon it are the laws that support the software industry instead of just making sure innocent people aren't hurt by all this innovating and disrupting.

by Pxtl

4/4/2026 at 5:02:48 AM

fake it until you make it? at some point this attitudes of Silicon Valley start up will back fire.

by MangoCoffee

4/4/2026 at 4:42:46 AM

> At its core, this article argues that Delve fakes compliance while creating the appearance of compliance without the underlying substance.

Anderson Consulting er I mean "Accenture": "Hey, that's our job!"

PWC: "Yeah! Fuck off!"

KPMG: "Damn straight!"

Ernst & Young: "What they said."

Deloitte & Touche: "Ditto."

( https://en.wikipedia.org/wiki/Accounting_scandals#List_of_th... )

by KennyBlanken

4/4/2026 at 6:51:03 AM

Interesting! I worked for one YC startup that committed blatant fraud, with the founders vanishing when investors started chasing them to bring them to responsibility. And they haven't been removed. Just marked as "inactive".

by anovikov

4/4/2026 at 9:55:54 AM

As early investors, did YC benefit from the fraud at the expense of the newer investors ?

by rvnx

4/4/2026 at 10:19:55 AM

Nope. Founders just disappeared with whatever money was left.

They claimed to have a working product and a big list of paying clients while in fact they had a half-assed prototype written by one hapless dude who they paid to the tune of $15 an hour. Which i helped to transform into a somewhat-better prototype and they paid very well for it. But no actual paying clients ever existed and the idea was obviously brain-dead from day one. After they got tired of pretending, they stopped paying, then disappeared. Then years later i read in the news that subsequent investors launched an investigation into fraud and they were put on the list in some countries.

I'm sure no one except themselves ever made any money on it, certainly not YC.

by anovikov

4/4/2026 at 11:39:36 AM

What one? There’s little risk of naming the startup.

by orf

4/4/2026 at 3:19:26 AM

Can they keep their CISO out of jail?

by philip1209

4/4/2026 at 7:05:47 AM

waiting on the cluely scandal next

by redanddead

4/4/2026 at 6:42:24 PM

> 404 not found

"delve removed from y combinator" removed from y combinator

by xdavidliu

4/4/2026 at 4:38:46 AM

404s for me

by mememememememo

4/4/2026 at 4:41:01 AM

I think that's the point - they have been removed.

by bcraven

4/4/2026 at 4:40:16 AM

That's the point.

by OptionOfT

4/4/2026 at 4:47:02 AM

Sorry! I thought it would be announcement. And it was subsequently taken down due to the HN interest.

by mememememememo

4/4/2026 at 1:57:06 PM

hmm, how is this not like when Sam Altman was kicked out?

Post now seems deleted.....

Well, can see why...if its fraud you only post it when results of investigation by 3rd party is in due to defame concerns...

by fredgrott

4/4/2026 at 3:39:57 AM

There is no saving Delve after this.

The only next product launch is an investigation.

by rvz

4/4/2026 at 6:36:38 AM

An I the only one who has 404 not found when I click the link

by big-chungus4

4/4/2026 at 6:38:50 AM

That's the point...

by _morgs_

4/4/2026 at 6:54:21 AM

which means it was removed...which is the entire point of the post bruv

by edm0nd

4/4/2026 at 9:33:14 AM

This is where I'd actually appreciate "blog spam" i.e. a quick post to mention the URL, link to archive to show what was there before and explain the significance.

by mememememememo

4/4/2026 at 10:09:34 AM

The only good delve is the go debugger

by dankobgd

4/4/2026 at 3:49:23 AM

can't believe I almost spent 10 grand on this company a week before they blew up.

by baggy_trough

4/4/2026 at 4:27:33 AM

The two founders being early 20's with no background in compliance wasn't a red-flag?

by everfrustrated

4/4/2026 at 4:40:06 AM

Plus the 30u30 is now a signal.

by mememememememo

4/4/2026 at 1:56:36 PM

I didn't know about them or think to check into the founders.

by baggy_trough

4/4/2026 at 10:17:57 AM

streissand effect in action, surprised this thread was allowed to live.

by greenchair

4/4/2026 at 3:51:05 AM

"By combining the evidence I collected together with what the sim.ai team provided, I will show that Delve has stolen an open-source company’s tech by violating their license and then making a lot of money with it."

->

You mean like OpenAI, Anthropic and all these other 'unicorns'?

I'm happy we're all clear on how bad Delve is but in essence what they were doing is exactly the same as what these AI companies do.

by jacquesm

4/4/2026 at 3:54:48 AM

While I despise the sham commercial LLMs have made out of intellectual property, I think Delve is one step worse than that. The technology behind LLMs is innovative, even if the data used to train them have ethically and legally dubious origins. Delve doesn’t even have the ability to claim anything they’ve done as original, unless you count fraud as a service.

by Tyrubias

4/4/2026 at 4:06:57 AM

> Delve doesn’t even have the ability to claim anything they’ve done as original, unless you count fraud as a service.

I'd wager there's some prior art...

by chromacity

4/4/2026 at 3:57:24 AM

The only thing that makes delve worse in my book is that they're selling compliance, they have zero excuses. But the likes of OpenAI and Anthropic even if they don't sell compliance do whitewash bulk copyright violations and they have valuations far in excess of Delve. Too big to fail I guess.

by jacquesm

4/4/2026 at 4:07:17 AM

Fraud as a service! The next big thing!!!

by throwaway81523

4/4/2026 at 4:40:33 AM

Presidential pardon insurance, like audit insurance but for breaking laws instead of filing taxes.

by cjbgkagh

4/4/2026 at 3:40:21 PM

They delved too greedily and too deep.

by dataspencer

4/4/2026 at 10:36:55 AM

Having gone through the SOC2 process multiple times and having worked with and read SOC2 reports from many public companies, it's difficult for me to understand the outrage.

The specific fraud allegations are bad (lying about US based auditors) but it's completely normal and common for soc2 reports to be templates with no company specific information. It would be unusual for reports to include anything about the specific information found during an observation window as some have suggested.

SOC2 is basically fake and it isn't possible in practice to fail to be compliant. You really can apply the same template to all companies and automate the audit process.

by mgraczyk

4/4/2026 at 1:31:44 PM

We have done SOC2 and it's not fake. Its real and enforced some good practices and we spent a lot of time collecting evidence and submitting it. You can take it seriously or you can choose not to.

by ramraj07

4/4/2026 at 2:29:08 PM

What evidence did you collect that was not automated?

by mgraczyk

4/4/2026 at 7:11:19 PM

A startup might have trouble with, and might not have enough automation for:

- proving churned customer data was deleted completely and within the agreed-on period of time

  - - not enough to have a record

  - - auditors will ask you to prove the data is not laying around
- proving all changes shipped are reviewed and linked to tracked work

- proving branch rules are set to require PRs and prohibit changing history on release/trunk branches

  - - auditors will ask you to show live that you can’t approve your own changes

  - - some auditors might ask you for an audit log to prove no unexpected branch rule changes occurred —- depending on the observation period, you might have to build your own audit log capture to prove this
- proving you performed penetration testing

- proving you performed a disaster recovery test in production with the frequency you claim (e.g. annually)

  - - running a DR test might be more than a few hours depending on your data size and level of infra automation

  - - this is often something that startups are ready to execute, but don’t invest a lot of time automating
- proving you have and enforce full-disk-encryption on all your employee laptops

  - - this is automated with MDM but a startup might not be running an MDM yet
- proving you are rotating credentials on the frequency you ascribe to in your policies

  - - automated reports are available for some credentials, e.g. AWS keys, but takes more work for smaller vendors

  - - even with AWS, you might discover you forgot to rotate something, and it might be because it’s non-trivial to execute
- perform quarterly access reviews

  - - some systems are more difficult/time consuming to inspect against your employee and permissions list

  - - ideally this is automated, but often times at a startup, you might not have fully automated authorization and access control, such that when employees change teams or leave the company, that you get notified and don’t miss it
- proving that you act on performance or reliability alerts

  - - auditors will ask you to show live some examples of past alerts and that someone handled it

  - - auditors will often ask you to show live that these alerts are consistently configured for all your production system —- startups might not have the alerting and PagerDuty-like setup be fully automated (e.g. with Terraform)

by yearolinuxdsktp

4/4/2026 at 12:20:32 PM

There are typically two soc2 reports generated from an audit. The first is the one for general use, often just shared publicly. This is probably what you look at from public companies that you have no binding relationship with. The other is the restricted use report which details all the findings and controls. That is typically only shared under NDA.

by petcat

4/4/2026 at 12:48:54 PM

I haven't seen that and all the reports I got were under nda

by mgraczyk

4/4/2026 at 3:56:55 PM

>it's difficult for me to understand the outrage.

It's pretty simple. Compliance is legally important, and faking compliance exposes companies to extraordinary legal liability. Being lied to about your compliance warrants outrage.

>SOC2 is basically fake

This isn't true, but if it were, it would justify outrage in its own right.

by RIMR

4/4/2026 at 3:59:55 PM

I don't understand in what sense they faked the process. What I've heard described is substantially similar to other SOC2 processes I've seen

And yes SOC2 is fake. Have you ever heard of a startup failing to get soc2 or doing more than a few hours of work to get into compliance?

by mgraczyk

4/4/2026 at 5:56:48 AM

Orwellian memory hole engaged.

by SanjayMehta

4/4/2026 at 4:28:23 AM

friday news dump tho

by blast

4/4/2026 at 8:49:28 AM

I mean this is not the first time a YC company has stolen an open source project.

by your_challenger

4/4/2026 at 7:03:31 AM

Pretty disgusting behavior from the founders just posting as normal on linkedin/twitter as if this is run-of-the-mill. Fraudsters need to be nipped in the bud, lest we get trump-like scenarios.

by jazzpush2

4/4/2026 at 5:27:28 AM

[dead]

by getverdict

4/4/2026 at 8:17:48 AM

[dead]

by mt18

4/4/2026 at 7:41:43 AM

[dead]

by dfordp11

4/4/2026 at 3:11:09 PM

[dead]

by bongripper

4/4/2026 at 11:17:07 AM

[dead]

by ewuhic

4/4/2026 at 8:31:11 AM

YC invests in military startups, they have no problem killing people if it would make them money. What makes a fake HIPPA compliance cert worse than that?

by Devasta

4/4/2026 at 6:18:22 AM

Fairly inevitable. Like all YC companies, they were total frauds, but they made the cardinal mistake of defrauding other YC companies instead of the general public. Bad move.

by Bratmon

4/4/2026 at 12:53:53 PM

This thread is going to use very dressed up and lofty language discussing the issue, in order for the express purpose of dancing around the fundamental issue here.

Y Combinator as a concept, and all of its "children" are rotten to the core.

Every single company is "evil" in some form, and not in the usual "private companies are big baddies" kind of way. They grossly and recklessly violate laws and ethical boundaries day in and day out.

The sooner people are even willing to entertain this, the sooner we can have actual conversation around these issues.

by whoknowsidont