Compliance in days. That was the pitch that Delve raised $32 million on it in July 2025 at a $300 million valuation.

No surprise, right? They fit a certain profile:

The founders were MIT dropouts & YC alums. They were building AI-powered compliance automation, and they were growing fast. Big name investors and corporates were backing them.1

Earlier this week, a group of Delve’s own customers published a 15,000-word teardown. In the piece, the writers allege that what Delve actually built was automation of the appearance of compliance, not compliance itself.

We back founders whose right to win comes from lived experience inside the industries they’re building for (we call them buyer-builders) so regulated industries are a key focus area for us.

We think domain expertise combined with the speed of today’s startups creates a an unfair advantage that compounds; when a founder who already understands the regulatory landscape can also ship fast, every iteration is informed by judgment that would otherwise take months of customer discovery to develop.

So when Delve, a compliance startup, blew up this week, our inbox lit up with questions from investors, founders, and LPs about what we thought and I wanted to share.

When we look at Delve, we see a profile we’ve seen before. One that often doesn’t end well:

Venture-backed founders who encountered a regulatory system just long enough to find it painful, but not long enough to understand what that system is actually protecting.

It’s not a new pattern.

Elizabeth Holmes had one encounter with clinical diagnostics before founding Theranos.

SBF traded ETFs at Jane Street, which is not the same as understanding market structure, running a market maker, or operating an exchange.

Karun Kaushik and Selin Kocalar were MIT dropouts and YC alumni who hit a HIPAA wall while building a medical scribe. That single encounter with compliance led them to build Delve which, according to the expose, provided sham compliance verification.

Specifically, they pre-fabricated board meeting minutes, templated & reused auditor conclusions despite companies having no auditor review, and published trust pages claiming security controls that the product never verified. Now, hundreds of companies that relied on Delve’s reports now face potential GDPR fines up to 4% of global revenue and HIPAA criminal exposure based on assurances that were fabrications.

Different founders, different scale, and substantially different stakes, but still the same mistake: each had enough contact with a regulated system to tell a credible story about it.

From the outside, they look indistinguishable from the ones who are genuinely right and the pattern keeps repeating because the story is legible to venture long before the founder’s understanding is.

The Uber mistake

Venture’s mental model for regulated markets comes from Uber. Founder identifies a painful regulated process. Founder says the process is broken. Founder builds technology to remove the friction. Incumbents complain. Regulators catch up. Venture wins.

The archived Insight Partners investment thesis for Delve shows how natural this pitch is to underwrite. Compliance is too slow. It is too expensive. It is too manual. AI can make it proactive. Delve can get companies compliant 10x faster, automatically collect evidence across their software stack, and remediate 90% of surfaced issues without human intervention. That framing is powerful. It just does not tell you which kind of friction is being removed.

The Uber playbook worked because taxi medallions were protectionist friction, not protective friction. Medallion systems were not designed to protect passengers. They were designed to control supply. Technology removed the friction, consumers got a better product, and regulation adapted because demand was undeniable.

SOC 2 independence requirements are not protectionist. They exist because auditors used to write favorable conclusions and companies downstream got destroyed. HIPAA is not protectionist. It exists because patient data exposure ruins lives. Controls around custody, segregation, and market structure are not protectionist. They exist because when customer assets, conflicts, and counterparty exposure are not controlled, people lose money they thought was safe. The observation period in a Type II audit is not protectionist. It exists because you cannot verify ongoing security controls from a single snapshot.

From a pitch deck, “compliance is broken and slow” sounds exactly like “taxi licensing is broken and slow.” The two pitches have the same shape. The difference between them is invisible from a slide.

The entire difference between a $90 billion outcome and a criminal indictment lives inside whether the founder can tell which friction is protectionist and which is protective.

Why venture misses it

The selection error is structural, not moral.

A compliance startup applies to YC. The founders are MIT dropouts. YC accepts them, which tells the seed investor that the team passed a filter designed to identify exceptional founders. The seed investor writes a check, which tells the Series A investor that someone with access did diligence. The Series A investor writes a larger check, which tells the next investor that someone with more access did more diligence. Each node in the chain is checking whether the previous node checked. None of them are checking whether the founder understands what the regulation protects.

The system is coherent on its own terms. It was designed for markets where the cost of being wrong is a write-down. In those markets, pedigree validating pedigree works well enough. A brand-name accelerator validates talent. A strong seed lead validates judgment. A credible Series A validates traction. By the time the company is fully financed, the endorsements themselves have become the diligence.

Nobody in that chain needs to independently evaluate whether the founder understands what the regulation protects, because nobody in that chain needs to in order to do their job.

In regulated markets, the cost of a false positive is not a write-down. It is borne by a patient who received an incorrect screening, a company that relied on a fabricated SOC 2 report, or a depositor whose assets sat inside an institution built by someone who did not understand the controls that made it trustworthy. The investors who funded these companies on credential signals write LP letters, take the loss, and close the next fund. The cost never lands on them. It lands downstream.

The other side of the coin

The same selection model that lets through founders who should not be building in regulated markets also screens out founders who should be.

A founder who spent fifteen years inside a regulated industry and is now building software to fix what they watched break does not look like what generalist venture is optimized to fund. They do not have the pedigree stack. They cannot be validated by checking whether other credentialed people already validated them. Their credibility lives in operating knowledge and hard-earned judgment, not in institutional signals.

When that founder walks into a generalist fund, one of two things happens. The GP cannot evaluate what the founder actually knows, so the conversation stays at the surface and the check never gets written. Or the GP gets it, brings it to the partnership, and the deal becomes the one that is harder to fight for at the Monday meeting. It is not the MIT dropout doing AI compliance. It is a pharma sales manager who built a training platform. The partnership has no pattern to match it against, and in the absence of a pattern, the deal gets less conviction, less support, and worse terms than it deserves.

Nobody in that room is acting in bad faith. The system is optimized for a different signal, and founders who carry their credibility in domain knowledge rather than in credentials feel that optimization every time they walk into the room. They are not the thesis the firm was built to execute. They are the exception somebody has to argue for.

Our edge comes from this structural gap. We are not competing for the same deal flow as funds that select on credential signals. We are playing in a talent pool that the generalist model systematically undervalues. The founders we want have already learned that most funds do not know how to see them.

When those founders meet a fund whose entire thesis is organized around the value of what they know, the conversation is different from the start. If the GP can pressure-test their domain expertise in the first meeting and recognize it on contact, the founder does not need to be sold. They have been waiting for that meeting. We win those deals not on terms but on the founder knowing they will not spend the next three years educating their own investors about why the business works.

PraxisPro

We recently invested in PraxisPro, an AI-powered training platform for pharmaceutical sales reps, and it is worth using as a concrete example because on the surface it is going after the same kind of problem as Delve: a heavily regulated, compliance-intensive industry with expensive, inefficient legacy processes that technology should be able to improve.

Cameron Badger, PraxisPro’s CEO, spent he career as a pharma sales rep and manager, working his way from rep to regional manager at Otsuka and Avanir before running sales and business development at Limbix. He did not encounter pharma sales training as an outsider who found it annoying. He lived it, and the difference in what he knows is not subtle.

He knows why a new rep takes three months to become field-ready and up to 15 months to perform at a high level. He knows that only 16% of sales rep training is retained after the first three months, because that number followed him everywhere when he was the one responsible for retention results. He knows what an FDA promotional fine looks like from the inside, not the headline but the internal scramble, the compliance costs beyond the fine itself, what it does to a sales team’s ability to operate in the field. From 2000 to 2024, the FDA levied roughly $124 billion in promotional fines across the pharmaceutical industry. Cameron has watched colleagues deal with that fallout firsthand.

His co-founder, Dr. Benjamin Alouf, was a customer in the most literal sense. As Chief Medical Officer at Aetna Better Health of Pennsylvania and at Limbix, he spent years on the receiving end of pharma sales calls. He has a precise and personal understanding of what good looks like and what bad looks like from the provider side, which is exactly the perspective a platform designed to train those reps actually needs.

Generic horizontal sales platforms are built on a simple premise: capture everything. Record every call, transcribe every interaction, log every note, build analytics on top of it. In most industries, that’s fine. Nobody with enforcement authority is ever going to pull your Gong recordings. In pharma, the FDA and plaintiff’s attorneys are actively looking for exactly that kind of material. Data lakes invite fishing expeditions, and in pharma, the people holding the rods have subpoena power. The FDA is fishing for trophies. The plaintiff’s attorneys are fishing for payouts. Neither of them has any trouble finding what they’re looking for when a company has handed every rep a platform that records everything they say.

A founder like Cam knows which parts of the process can be modernized and which parts carry the kind of legal exposure that ends careers. PraxisPro’s products are designed with that understanding built in, structuring training to increase the surface area for compliance training without expanding it for regulatory exposure too. That is a product decision he made because the consequences of ignoring it were legible to him.

The LP question

Raising a first fund, many of our LPs are newcomers to venture investing. One of the questions we hear the most is some version of: how do you make sure the companies aren’t frauds?

The honest answer is that no diligence process is perfect. But there is a structural argument here that goes beyond process.

Domain knowledge can be tested in five minutes. You can ask a founder a question about their regulatory environment in the first meeting and know whether the knowledge is real or performed. The knowledge either exists or it does not. There is no narrative layer to hide behind.

This is not a claim that outsiders cannot build in regulated markets. It is a claim that founders who already understand the regulatory landscape start with a compounding advantage that is visible, testable, and underpriced. They make fewer unforced regulatory errors, which means fewer existential surprises. They design products that customers trust faster, because the product reflects an understanding of the constraints those customers actually operate under. They navigate edge cases that an outsider would not see coming, because they have watched those edge cases play out before.

We are starting with people whose credibility is structurally harder to fabricate, whose knowledge is independently verifiable, and whose value is less likely to be fully priced by funds still running the default selection model.