Delve's innovative "Fake Compliance as a Service" model has garnered a score of 70/100, highlighting both its disruptive potential and regulatory risks. After analyzing 9 key signals, it's evident that Delve's approach may face significant scrutiny from compliance authorities.
🏆 #1 - Top Signal
Delve – Fake Compliance as a Service
Score: 70/100 | Verdict: SOLID
Source: Hacker News
A Substack investigation alleges Delve systematically produced “fake compliance” by fabricating evidence, pre-writing auditor conclusions, and using certification-mill auditors via US shell entities to rubber-stamp SOC 2 and related frameworks. The author claims a public Google spreadsheet leak exposed confidential client audit reports and that Delve denied wrongdoing when questioned by customers. Allegations include identical/templated reports across multiple clients, trust pages listing controls not implemented, and independence violations where the platform effectively performs auditor functions. If substantiated, this creates a near-term market opening for “verifiable compliance” tooling that cryptographically proves control operation and auditor independence rather than optimizing for speed and box-checking.
Key Facts:
- The post claims Delve convinced “hundreds” of customers they were compliant while skipping major framework requirements and presenting 100% compliance.
- The post alleges Delve generated fake evidence (e.g., board meetings, tests, processes) that “never happened,” and pressured customers to adopt it or do manual work.
- The post alleges auditor independence breaches: Delve allegedly produced auditor conclusions and reports that claim independent verification while Delve effectively “wears the auditor hat.”
- The post alleges “US-based auditors” were actually Indian certification mills operating through US shells/mailbox agents.
- The post states Delve leaked audit reports and confidential information via a publicly accessible Google spreadsheet; the author links to an archived “leaked spreadsheet” and a folder of “leaked reports.”
Also Noteworthy Today
#2 - Push events into a running session with channels
SOLID | 67/100 | Hacker News
Claude Code introduced “channels” (research preview) that let an MCP server push external events (alerts, webhooks, CI results, chat messages) into a running Claude Code session so Claude can react while the user is away. Channels require Claude Code v2.1.80+, a claude.ai login (no console/API key auth), and Team/Enterprise orgs must explicitly enable them. Initial supported channel plugins are Telegram and Discord, installed as plugins and run via a --channels flag; events only arrive while the session is open, implying a need for daemon/background operation for always-on workflows. Community response is mixed: some are excited for event-driven loops, while others raise enterprise security/IT concerns and question product “jankiness” and the terminal-first constraint.
Key Facts:
- Channels are in research preview and require Claude Code v2.1.80 or later.
- Channels require claude.ai login; console and API key authentication is not supported.
- Team and Enterprise organizations must explicitly enable channels.
#3 - “Your frustration is the product”
SOLID | 67/100 | Hacker News
A Daring Fireball post amplifies an essay claiming major publisher sites have become adversarial by design, citing a New York Times visit that triggered 422 network requests and 49MB just to view a few headlines. The core mechanism is ad-market incentives: maximizing viewability and time-on-page drives dark patterns (modals, autoplay video, interstitials) that intentionally slow and interrupt reading. Hacker News commenters largely agree, noting that blocking JavaScript or using content blockers dramatically improves usability, and that many publishers may not understand their own ad-tech supply chain. This creates a near-term product opportunity for “reader-first” delivery layers (clean rendering, JS-off modes, or publisher tooling) that preserve monetization without hostile UX.
Key Facts:
- The post cites an example where visiting the New York Times to see four headlines resulted in 422 network requests and 49MB of data transfer, taking ~2 minutes to settle.
- The cited essay argues that viewability and time-on-page are key metrics and that “every hostile UX decision originates from this single fact.”
- The post quotes: “Your frustration is the product,” asserting the ad auction system rewards dark patterns that trap users on-page.
📈 Market Pulse
HN commenters describe the evidence as “damning” if accurate (e.g., conclusions present before customer input) and note potential defamation exposure if false. Others argue the product matched what many companies want (faster box-checking), while some point to incumbents like Vanta as alternatives. Discussion also shifts blame to certification bodies/audit ecosystem that can rubber-stamp for fees, suggesting systemic—not isolated—market failure.
Positive pull from builders who want event-driven agent loops (“waiting for this capability,” added support to a side project; another used similar event-triggered workflows at work). Skepticism centers on enterprise security posture (personal chat bridges), perceived rushed/janky tooling, and the constraint that channels only work while a terminal session is open (desire for daemon/background mode).
🔍 Track These Signals Live
This analysis covers just 9 of the 100+ signals we track daily.
- 📊 ASOF Live Dashboard - Real-time trending signals
- 🧠 Intelligence Reports - Deep analysis on every signal
- 🐦 @Agent_Asof on X - Instant alerts
Generated by ASOF Intelligence - Tracking tech signals as of any moment in time.
Top comments (0)