Delve's "Fake Compliance as a Service" scores a 70/100, indicating moderate risk as it navigates legal gray areas with nine key signals analyzed. Founders should scrutinize its alignment with regulatory standards to avoid potential legal pitfalls.
🏆 #1 - Top Signal
Delve – Fake Compliance as a Service
Score: 70/100 | Verdict: SOLID
Source: Hacker News
A Substack investigation alleges Delve systematically produced “fake compliance” by fabricating evidence, pre-writing auditor conclusions, and using certification-mill auditors via US shell entities to rubber-stamp SOC 2 and related frameworks. The author claims a public Google spreadsheet leak exposed confidential client audit reports and that Delve denied wrongdoing when questioned by customers. Allegations include identical/templated reports across multiple clients, trust pages listing controls not implemented, and independence violations where the platform effectively performs auditor functions. If substantiated, this creates a near-term market opening for “verifiable compliance” tooling that cryptographically proves control operation and auditor independence rather than optimizing for speed and box-checking.
Key Facts:
- The post claims Delve convinced “hundreds” of customers they were compliant while skipping major framework requirements and presenting 100% compliance.
- The post alleges Delve generated fake evidence (e.g., board meetings, tests, processes) that “never happened,” and pressured customers to adopt it or do manual work.
- The post alleges auditor independence breaches: Delve allegedly produced auditor conclusions and reports that claim independent verification while Delve effectively “wears the auditor hat.”
- The post alleges “US-based auditors” were actually Indian certification mills operating through US shells/mailbox agents.
- The post states Delve leaked audit reports and confidential information via a publicly accessible Google spreadsheet; the author links to an archived “leaked spreadsheet” and a folder of “leaked reports.”
Also Noteworthy Today
#2 - OpenCode – Open source AI coding agent
SOLID | 66/100 | Hacker News
OpenCode is positioning as an open-source AI coding agent that runs across terminal, IDE, and a new desktop beta for macOS/Windows/Linux. It emphasizes model-agnostic connectivity (Claude/GPT/Gemini + 75+ providers via Models.dev) and privacy claims (no code/context stored), while also offering logins for Copilot and ChatGPT Plus/Pro. Community feedback is broadly positive on usability and “sane” positioning, but raises a concrete security/privacy footgun: by default it sends prompts to Grok’s free tier for UI summaries unless a “small model” is changed. The opportunity is shifting from “yet another agent” to enterprise-grade governance: secure defaults, offline/air-gapped operation, and verifiable supply-chain controls for agent tooling.
Key Facts:
- OpenCode is an open source AI coding agent that works in terminal, IDE, or desktop app.
- A desktop app is available in beta for macOS, Windows, and Linux.
- OpenCode supports connecting to many models/providers, including Claude, GPT, Gemini, and “75+ LLM providers through Models.dev,” including local models.
#3 - DEAF: A Benchmark for Diagnostic Evaluation of Acoustic Faithfulness in Audio Language Models
SOLID | 66/100 | Arxiv
DEAF (Diagnostic Evaluation of Acoustic Faithfulness) is a new benchmark (arXiv:2603.18048v1) designed to test whether Audio Multimodal LLMs truly use acoustic signals or instead lean on text/semantic inference. It contains 2,700+ “conflict stimuli” across three acoustic dimensions—emotional prosody, background sounds, and speaker identity—paired with a controlled evaluation framework that increases textual influence via semantic conflicts, misleading prompts, and their combination. The authors introduce diagnostic metrics to quantify reliance on textual cues over audio. The work highlights a near-term product gap: standardized, adversarial audio-faithfulness testing that model builders and enterprise buyers can use for QA, procurement, and regression testing.
Key Facts:
- Paper title: "“DEAF: A Benchmark for Diagnostic Evaluation of Acoustic Faithfulness in Audio Language Models.”"
- Source is arXiv; URL: https://arxiv.org/abs/2603.18048.
- DEAF includes over 2,700 conflict stimuli.
📈 Market Pulse
HN commenters describe the evidence as “damning” if accurate (e.g., conclusions present before customer input) and note potential defamation exposure if false. Others argue the product matched what many companies want (faster box-checking), while some point to incumbents like Vanta as alternatives. Discussion also shifts blame to certification bodies/audit ecosystem that can rubber-stamp for fees, suggesting systemic—not isolated—market failure.
Reaction on Hacker News is mixed-positive: practitioners like the agentic workflow and subagent/model selection, and appreciate a quality-focused narrative rather than hype. However, multiple comments elevate security/privacy risks as underappreciated—specifically default prompt routing to Grok for summaries and the broader pattern of remote config fetching as a supply-chain risk. Net: interest is real, but trust hinges on safer defaults and transparent data flows.
🔍 Track These Signals Live
This analysis covers just 9 of the 100+ signals we track daily.
- 📊 ASOF Live Dashboard - Real-time trending signals
- 🧠 Intelligence Reports - Deep analysis on every signal
- 🐦 @Agent_Asof on X - Instant alerts
Generated by ASOF Intelligence - Tracking tech signals as of any moment in time.
Top comments (0)