Apologies for not posting a Tech Things in a while. I have a lot that I want to write about and less time than ever because I’m spending a bunch of time thinking about and writing about coding agents.

It seems like the tech world decided to take a break from AI for a month and instead have all the big stories be about fraud. Interesting pivot, if you ask me. Let’s delve into it.

Delve

Traditionally, companies do not like regulation. There are obvious capitalist reasons for this. Regulation generally means that you have to spend money on things like paperwork and auditors and compliance teams and so on, which in turn means either the customer is getting charged more or the capitalist is making less money. But there are also less obvious but equally salient human reasons for this. Regulation is boring. If you’re a founder and you want to go out and change the world, you probably don’t want to sit around doing paperwork proving that your cancer-curing ai-powered glp-1 peptide minimizes harm to the Alaskan red-billed beaver population of Sonoma, or whatever.

Sometimes someone will propose that we get rid of all regulation. And then a river will catch fire a dozen times or someone will start a company called Enron or [everything with sports gambling] and then we go ‘ok maybe we do need regulation after all.’

Still. Even when we recognize some regulation is good, there is an inherent tension here. Regulation is a bit adversarial, because companies don’t really want to do it and because it is inefficient and costly to enforce.

The beauty of capitalism is that any time someone does not want to do something, someone else can make a bunch of money doing that thing.

A founder might go, ‘hey, wow, there are a lot of other companies that hate dealing with regulation. What if I came in and made that easier?’ And then that founder would start a company and would rake in tons of cash.

And a different founder might go, ‘hey, wow, all these audits are really expensive and could be streamlined. What if I came in and made that easier?’ And then that founder would start a company and would rake in tons of cash.

And then a third founder might go, ‘hey wow, there are a lot of people that hate dealing with regulation generally, what if I just helped companies do the audit thing and also did the audits myself?’ And then that founder would start a company, and rake in tons of cash, and then when people realized what was happening, that founder would go to jail. Obviously, obviously, you cannot be both the auditor and the auditee. It’s a massive conflict of interest!

Anyway, Delve. From TechCrunch:

An anonymous Substack post published this week accuses compliance startup Delve of “falsely” convincing “hundreds of customers they were compliant” with privacy and security regulations, potentially exposing those customers to “criminal liability under HIPAA and hefty fines under GDPR.”

Delve is a Y Combinator-backed startup that last year announced raising a $32 million Series A at a $300 million valuation.

The Substack post is credited to “DeepDelver,” who described themselves as working at a (now former) Delve client. In response to emailed questions from TechCrunch, DeepDelver said that they and their collaborators “chose to remain anonymous out of fear for retaliation by Delve.”

[DeepDelver claimed] Delve “achieves its claim of being the fastest platform by producing fake evidence, generating auditor conclusions on behalf of certification mills that rubber stamp reports, and skipping major framework requirements while telling clients they have achieved 100% compliance.”

DeepDelver also claimed that virtually all of Delve’s clients seem to have gone through two audit firms, Accorp and Gradient, which they described as “part of the same operation,” one that operates primarily in India, with only a nominal presence in the United States.

Delve responded to the accusations by saying it does not issue compliance reports at all. Instead, it’s an “automation platform” that ingests information about compliance, then provides auditors with access to that information.

“Final reports and opinions are issued solely by independent, licensed auditors, not Delve,” the company said.

In response to the accusation that it’s providing customers with “fake evidence,” Delve countered that it’s simply offering “templates to help teams document their processes in accordance with compliance requirements, as do other compliance platforms.”

“Draft templates are not the same as ‘pre-filled evidence,’” the company said.

Well, it kind of depends on what you mean by template, doesn’t it! If Delve is sending out, like, empty Google Forms, sure whatever. It’s a bit suspicious, Delve probably shouldn’t be even doing that because of the optics, but fine. But if Delve is sending out, like, finished Docusigns…that’s kind of a different thing altogether. There’s an ocean between ‘Google Form’ and ‘Docusign’, even if they are both ‘templates’ in a strict sense.

The claim is that Delve is doing the latter.

Delve’s model inverts this structure. By generating auditor conclusions, test procedures, and final reports before any independent review occurs, Delve places itself in the role of both implementer and examiner. This is not a technicality. It is a structural fraud that invalidates the entire attestation.

I’m not a compliance guy and I have no idea where this all falls on the axis of ‘totally fine and normal’ to ‘kinda shady’ to ‘jail time’. The Substack post is pretty in depth, feel free to take a look. But to be honest, it almost does not matter. Even if Delve didn’t commit fraud, the company is basically done. A compliance company in the center of a massive fraud scandal, caused by a leaked database due to poor compliance standards? Using Delve for compliance is practically inviting a malpractice lawsuit of some kind.

A few other misc thoughts.

30u30: The funniest thing to come out of the Delve saga is the realization that both Delve founders are Forbes 30 under 30 recipients. When I was growing up, 30u30 was a really impressive badge of honor. But the last ~10 years have not been kind to Forbes. 30u30 is a social club that now includes infamous luminaries like Sam Bankman-Fried (FTX) and Elizabeth Holmes (Theranos); Claude found fourteen prior examples of 30u30 winners who had then either been indicted or gone to jail for fraud. There aren’t that many 30u30 founders! The base rate of fraud has to be way higher than if you were to just random sample the population. At this point, the meme is that the 30u30 nominations are pay-for-play,1 that the only people who get the award are those who aggressively game the system, and that having 30u30 on a resume is a massive red flag possibly even signaling poor character. At least one friend of mine was offered a 30u30 spot and declined the award for that reason. Now there are two more data points.

YC: Delve hit the YC brand too. Delve is a YC company, part of the Winter ‘24 batch. YC is the most famous accelerator in the Bay, possibly the world. Historically it built its brand on:

• Selecting for fantastic talent

• Getting teams in shape to get more funding

• Having a track record of great exits.

Notice the one-two punch. YC appealed to future-round investors because it found great talent, and to talented founders because it could almost-guarantee future round investment. Not a bad place to be! But that brand value has steadily decreased as the company continued to expand its batch size while simultaneously (necessarily?) reducing selectivity. YC’s first batch, in 2005, was only 8 companies. Around 2012, it was ~40-80 per batch. Today, it’s over 150 per batch, and there were over 600 companies that graduated YC in 2025. That means less time per founder, more jockeying for attention at demo day, and, of course, a dramatically increased chance of fraud. Anecdotally, the common wisdom seems to be “join YC for distribution to companies in your batch, otherwise its mixed value,” and there seem to be more accelerators popping up that are trying to compete for the spot that YC previously occupied. All this to say, the Delve thing came at a really bad time for YC. The last thing YC needs is to fend off their previous (rather public) support for Delve. I suspect their PR department is unhappy right now.

AI: As with all things Bay Area ‘26, we must mention AI. One interesting note about the Delve story is how much their marketing leans on AI as their unique edge. Like, this is their home page:

“Delve AI agents eliminate compliance busywork,” they claim. If you squint, the pitch sorta makes sense. Compliance sucks because there’s a lot of manual-but-kinda-rote tasks that you have to do. AI agents are good at doing manual-but-kinda-rote tasks. The syllogism writes itself. The hard part though is, like, actually getting the AI agents to eliminate busywork. It’s a great pitch if the product was real, still gotta make the product real though.

There are elements of the Delve story that remind me of crypto mania a few years ago. With crypto, no one really understood how it worked. Arguably, that was the whole point of crypto. But that meant that you could more or less claim that it did anything, and it was hypey enough that people would fund it. Crypto solves centralization! Crypto will lead to new forms of corporate governance! Crypto will become the backbone of art, no wait, real estate, no wait, medical records, no wait, identity of a person. You could really just say anything! People who knew how crypto worked and who didn’t say insane things would get outfunded by the shameless folks who said whatever investors wanted to hear, regardless of feasibility.

Well, AI is hype now, and AI is technically complicated in a way that few people really understand, so AI is the new crypto. Just create a webpage that claims you can solve perpetual motion, slap some ‘powered by AI’ language on there, and watch the dollars roll in. Of course, AI has a much more obvious value-add than crypto ever really did. But that actually makes it harder to discern which companies are real and which ones are full of it. In some sense, the Delve story is just an old-fashioned memecoin rugpull.

Also, something ironic about naming the company after a word that is commonly used to identify low quality AI-generated slop.

DeepDelver: Speaking of funny names, DeepDelver is great. Really evokes, like, the Watergate scandal. 10/10, no notes.

Polymarket

Here’s an old story, tell me if you’ve heard it already. Back when the Brits were running Delhi, they had a small issue with cobras running amok. You’d step outside and BAM, cobra. It was hard. So to fix this, the colonial government decided to start a cobra bounty program. Folks would get paid for every cobra they killed and brought in. Within the system of the colonial government, this is an ideal solution. You create an essentially-infinite reward structure that effectively deputizes the entire country to act as animal control. The best cobra catchers get paid the most, and the cobra problem clears out pretty quick.

The problem, of course, is that optimizers don’t give a damn about your system, and humans are fantastic optimizers. After all of the low-hanging fruit cobras were picked, folks started breeding cobras for the express purpose of killing them and turning them in for cash. The amount of effort to break the system was less than the amount of effort to do things the ‘right’ way. Eventually the colonial government got wise to what was happening and shut down the program. All the breeders basically just let the cobras go, and overnight the cobra problem got even worse than when they started.

The broader lesson here is that any system subject to optimization pressure has an efficiency ceiling set by the difficulty of breaking out of the system itself. The walls and borders of the system act as a leash on the optimization process, and if they are too weak you won’t actually get much benefit out of the whole thing. Or, more broadly, “when a measure becomes a target, it ceases to be a good measure.”

Here’s a new story, tell me if you’ve heard it already.

On Tuesday, March 10, a massive explosion shook the city of Beit Shemesh, just outside Jerusalem, in yet another Iranian ballistic missile attack during the ongoing war.

Rescue services scrambled to the scene in search of possible casualties, though as it turned out, the projectile had struck a forested area just outside the city, around 500 meters from homes.

On The Times of Israel’s liveblog that day, I reported that the missile had hit an open area and no injuries were caused, citing the rescue services, as well as footage that emerged showing the massive explosion caused by the missile’s warhead.

Later Tuesday, I received an unusual email, in Hebrew, from someone named Aviv.

“Regarding your Times of Israel report that described today’s launch as an ‘impact’ — Beit Shemesh Municipality and MDA (Magen David Adom) later corrected their reports to clarify that what fell was an interceptor fragment, not a full missile,” he claimed…

The event that these people had bet on was “Iran strikes Israel on…?” More than 14 million dollars had been wagered on March 10.

The rules of the bet state: “This market will resolve to ‘Yes’ if Iran initiates a drone, missile, or air strike on Israel’s soil on the listed date in Israel Time (GMT+2). Otherwise, this market will resolve to ‘No’.”

However, there is a clause: “Missiles or drones that are intercepted… will not be sufficient for a ‘Yes’ resolution, regardless of whether they land on Israeli territory or cause damage.” …

Shortly after midnight between Saturday and Sunday, I started to receive threatening messages in Hebrew on WhatsApp from someone called Haim.

“You have exactly half an hour to correct your attempt at influence,” he wrote.

“Despite the fact that you received countless inquiries — you insist on leaving it that way.”

“If you do not correct this by 01:00 Israel time today, March 15, you are bringing upon yourself damage you have never imagined you would suffer,” he threatened, in a very lengthy message.,,

Haim also referred, with specific details, to my ostensible home neighborhood, my parents, and family.

“And as far as I know, there are also some people who don’t really care about the law, and you’re going to make them lose about 50 times what you’ll ever make.”

“86 minutes left. You are the only one responsible for your life.”

In regular markets, the price of an asset carries a lot of information about the future. For example, if oil futures are trading at $60 per barrel, you can infer that smart people think that the war in Iran may end soon, and if it is trading at $200 per barrel, you can infer that smart people think that the war in Iran won’t end soon. But this isn’t, like, the primary purpose of markets. When you buy oil at a certain price, you’re actually literally buying a claim on actual literal oil that is sitting somewhere. The price signalling thing is just a useful secondary byproduct of how markets are structured.

The core idea behind prediction markets is that you can use the decentralized brain of a public market to extract valuable signals about things. There is no asset, no underlying security — the whole point is to incentivize smart people to work on predicting the future (and only predicting the future) by getting paid for being right. Within the system, this works great. People who are right a lot get paid a lot and everyone is encouraged to be more right and eventually we can perfectly predict the future. The problem is that being right consistently is really hard. You know what isn’t hard? Hitting a journalist with a wrench.

Prediction markets have a lot of potential, but this is not the first time I’ve written about how they need more regulation. Right now, it is far too easy to break the system. I have many thoughts on laws that we can use to leash the markets (there’s at least some of this being proposed by lawmakers, see below), but the relevant one for this story is a no brainer: we need official resolution criteria that aren’t set by the random person who created the market! If you have a market that resolves only if “The New York Times reports that pigs can fly,” you may think you are evaluating whether swine are capable of taking to the air. But actually, any signal you uncover is something closer to “The New York Times takes bribes to report on ridiculous topics,” because it is easier to bribe the NYT than it is to have porcine aviation.2

Uncontrolled optimization is a theme that I want to keep returning to, because I think the Delve story also has roots in this kind of uncontrolled optimization for money. There, it turned out that lying about compliance is way easier than actually being compliant, so the optimizers (founders) decided to just lie. Same motivating principle as breeding cobras or harassing journalists.

Super Micro Computer

Supply and demand is econ 101. If there’s a lot of demand for something, and not a lot of supply, then the few suppliers get very rich. For the last few decades, we’ve mostly brought down barriers on who can supply and who can demand. You can be an Australian ordering an authentic New York bagel, and that’s just fine. You’re part of a global pool of demand for bagels and a global pool of supply of bagels, and the market does not care about the number of oceans and borders in between.

Except for a few small exceptions, of course.

If you’re an Iranian you can’t buy an authentic New York bagel, because the US government prohibits it. The US really cares about not giving the Iranians money or supplies — even before the current war — and as a result makes it really hard for anyone in Iran to buy anything at all, much less a bagel. The demand and supply are artificially constrained, which in turn means that if you are Iranian and you really really want a New York bagel, you need to pay up. Big time.

More generally, economic sanctions and export prohibitions don’t ever fully kill a market. Rather, they artificially increase the effective price of a good, making it so that the market clears way less frequently. Ideally, in the eyes of the one applying the sanctions, the market clears so infrequently as to basically be zero. No one would spend a billion dollars on a bagel, so it’s pretty easy to fully shut down the bagel black market with just economic pressure.

But people would spend a billion dollars on things like weapons, or rare metals, or, increasingly, computer chips.

Imagine you’re an executive of a computer chip company. Your chips cost $100 to make, and you normally sell them for $110, and you make a nice $10 profit. And then along comes a sanctioned buyer, and they say “hey, I’ll give you $100000 for one of your chips, wouldn’t you like $100000?” On the one hand, this is an illegal trade, and if you accept the $100000 you may go to jail. On the other hand, you make a nice $99900 profit, which is 9990x more than you would have made otherwise. And, like, how bad is jail, really? Apparently jails for rich people are kind of nice, and you’d get to pay off your kid’s college, and you’d get a nice car…the point is, you can see how this may be a tempting offer.

Too tempting for Super Micro Computer (SCMI):

The U.S. government has been trying to figure out how high-powered chips have reached China without authorization, as American artificial intelligence companies such as Anthropic and OpenAI face challenges from DeepSeek and other Chinese rivals.

In an indictment unsealed Thursday, the U.S. government alleged that Yih-Shyan “Wally” Liaw, Ruei-Tsan “Steven” Chang and Ting-Wei “Willy” Sun worked together to violate the Export Control Reform Act.

The server company’s products containing Nvidia chips “are subject to strict U.S. export controls barring their sale to China without a license,” the plaintiff said in the indictment. “Those controls are in place to protect U.S. national security and foreign policy interests, among other things.”

The efforts have yielded around $2.5 billion in sales for the server maker since 2024, with servers sold for $510 million between late April 2025 and mid-May 2025 going to the Southeast Asian company and on to China, the indictment said. The plaintiff said the server maker had no U.S. Commerce Department license to export servers featuring Nvidia GPUs to China.

“Roughly how many you can take by January? Feb? March? April?” Liaw wrote in a text message to an executive at the Southeast Asian company. “Just roughly forecast will be fine ... Then we can propose to [Nvidia] with the way they can accept ... This is the only way to have [Nvidia] to promise the B200 allocation so far as I know.”

When a broker who had bought Nvidia-powered servers from the Southeast Asian company sent Liaw a text message containing a link to an announcement about Chinese nationals being arrested for smuggling AI chips into China, Liaw allegedly responded with sobbing emojis.

Seems like Wally was breaking the Liaw.

We don’t know exactly how much the spread was between what the Chinese companies were paying and the normal server prices. The $2.5b is only what showed up on SCMI’s balance sheet. Claude thinks that the spread was about 50%, meaning that Wally and his conspirators captured ~$1.25b. That’s a lot!

I think that the most silly part of this story is that this isn’t even the first time SCMI has done this exact trade. Back in 2006, SCMI got in trouble for selling servers to Iran. And in 2016, SCMI got in trouble for selling servers to China. And then, in 2022, SCMI got in trouble for selling servers to Russia. And now, in 2026, SCMI is in trouble for selling servers to China, again. At this point, they basically specialize in selling to sanctioned countries! That’s their whole brand! Which, honestly, isn’t really the worst market niche, purely in business terms (not business advice). If you’re a sanctioned country, and you want chips, you know exactly who to go to. Extremely strong product market fit.

Other things

• Anthropic was granted a preliminary injunction on the supply chain risk designation. The judge in the case was really not happy with the US Government, stating bluntly that the “designation of Anthropic as a “supply chain risk” is likely both contrary to law and arbitrary and capricious…Nothing in the governing statute supports the Orwellian notion that an American company may be branded a potential adversary and saboteur of the U.S. for expressing disagreement with the government.” Generally if a judge uses the word ‘orwellian’ to refer to your side of the case, you should not be bullish on the odds of success.

• People are taking prediction market insider trading more seriously. “Reps. Nikki Budzinski (D-Ill.) and Adrian Smith (R-Neb.) will introduce the Preventing Real-time Exploitation and Deceptive Insider Congressional Trading Act, or PREDICT Act, Tuesday to ban members of Congress from participating in prediction markets related to political events or policy decisions. The ban would also extend to dependents and spouses of lawmakers, senior congressional staff, political appointees, the president, vice president and all senior executive branch employees, including special government employees.” In favor of this. Also, how much time do you think lawmakers spend just trying to come up with clever acronyms?

• NY proposes removing qualified small business tax exemption. Normally, if you start a small business and run it for a certain number of years, and then sell the business, you do not get taxed as much on the sale. This proposal would make it so that you would be taxed at the state level. Obviously I’m talking my own book here a bit, but I think this is bad. Startups are a center of innovation. Founders are actually job creators, they bring billions of dollars to the state, and in NYC in particular have been creating a economic (and political!) counterbalance to the bay. They are also highly mobile and very sensitive to risks to their exits, because startups are such a massively risky endeavor to begin with. Hoping they don’t pass this. If you know other founders in NYC, let them know.