An anonymous Substack post accuses compliance startup Delve of "falsely" convincing hundreds of customers they were compliant with privacy and security regulations. The allegations suggest Delve's automated compliance assessments gave customers a false sense of security, potentially leaving them exposed to regulatory violations they believed were resolved.
Why it matters
If your organization uses AI-powered compliance tools, this is a direct warning: automated compliance ≠ actual compliance. CIOs and CISOs should verify that their compliance automation vendors deliver substantive assessments, not checkbox theater.
What to do
Audit your compliance automation vendor's methodology. Forward this to your CISO and General Counsel — if you're using any automated compliance platform, verify independently that certifications are substantive.