Reporters: aicpnay@proton.me
Waybackmachine backup
Archive.ph backup
Karun Kaushik, the CEO of Delve, made a statement today in which he denied everything again:
Karun Kaushik@karunkaushik_
Over the past week, you may have seen an anonymous post about Delve. While we responded to it in a day, we want to provide more details about what’s true, what's not, and some changes we’ve made. There’s one question behind everything: did Delve fabricate compliance evidence or
9:18 PM · Mar 27, 2026 · 489K Views
16 Reposts · 265 Likes
The same message was posted on Linkedin, which was apparently supported by Y Combinator:
In his statement, the way Karun seems to dodge and deflect really solid accusations, that are backed by evidence, is mind-blowing.
So we’re going to do things differently than last time. Part II was supposed to be a long-form article again, like last time, but what I was planning to investigate and write will have to wait until Part III.
Why? Because a whistleblower came forward.
A Delve employee reached out after the previous article, and dumped a huge amount of data, screenshots and videos on me.
There is a ton of information, and it will take me a while to get through. But rather than keep you in suspense I’m going to post what I find every day for five days.
There are some spicy statements in there.
Karun about juicing capital:
That is a good way to juice any additional capital from a customer.
Ross about speeding up report generation using Selin’s report generator:
Normally I’ll get them their draft back in a week, so seven to ten days, but with this I’ll get their draft back to them within a day, basically using what Selin helped put together with automating these draft reports.
And then it’s however long it takes them to get that report back, maybe get that back (to the client) in like a day, and then it’s two to three days to finalize for auditors
And this exchange where they hint that Accorp does not look at evidence:
Karun: Does Accorp actually look at our platform at all? <smiles>
Ross: <laughs> Ehhh, it’s a good question.
Karun: By the way, they take all the liability. So it’s not like I’m complaining. It’s more like a risk mitigation. I’m just curious on your end.
Ross: They definitely go through the co…. Like, if I didn’t give them access to an account they would let me know. There’s never been a time where they’ve issued a report without having access to an account.
Karun: OK, that’s good. It’s a start. <laughs>
Ross: <laughs>
And then they continue talking about how the report is generated and how it is Accorp’s liability. Ross concludes by saying:
That would only work with Accorp
Delve claims to not generate reports. This screenshot shows otherwise:
Note that Sazzad Islam wrote on Saturday August 9th 2025 that v0 of Delve AI was live. Wasn’t that way after their series A?
And Ross Corey (together with Yuri Genyk, Agnes Shan, Jayu Patel) is actively participating in Project Audit Automation:
This is Delve’s series A pitch deck:
Let us zoom in on one particular slide:
Really? This notion says otherwise:
In early November Karun Kaushik (see top right) wrote the following:
As of now, Delve’s control system is not built for rapidly onboarding frameworks in a stable manner. It was built off of the initial SOC 2 control system, and then amended and modified for HIPAA, ISO 27001, and GDPR. Since January 15th, no new frameworks have been released in the platform.
So they did lie about the frameworks they support!
After that he writes:
To supplement, we’ve asked vCISO’s to instead support them off-platform, and in effect become exactly what we didn’t want to be: A services company.
This presents a large problem for us.
From January 2025 until November 2025? Isn’t that the period during which Delve raised their series A?
Uh-oh…
And then the chef’s kiss:
Delve has communicated to all their clients that they are switching their SOC 2 audits over to a firm named Ezzy & Associates.
Delve clients are being told that they would not need to restart their SOC 2 Type 2 observation periods when switching from FakeCorp (Accorp denies having any ties with Delve) to Ezzy. That is really strange, given how deficient Delve’s evidence and process is.
To be clear: Delve makes these commitments to clients. It is unknown whether or not Ezzy makes these commitments to its clients. So Delve could be lying, or Ezzy could be taking part in fraud.
Ironically, the founder of Ezzy is a Certified Fraud Examiner (CFE).
They are still working with Glocert for ISO 27001 as if they weren’t mentioned in the previous article.