Adrianna TanDelve, a startup that claims to be able to help you get SOC2 compliance in days
Was not surprisingly revealed to have made it all up.
The only thing that offends me more than scammers are sloppy scammers. At least take some pride in your work and in your calling.
There’s a bunch of other compliance startups in this space worth billions of dollars. They’re all claiming to be AI-native but they’re forms stitched together (and not even doing anything remotely interesting or useful).
If you understand the tech you know that we are years away from a single AI, no matter what you say you’re doing with it, from being reliably able to perform this specific list of tasks in this order
The founders have also been on social media praising their devs for pulling all nighters
Now that this is out, I hope everyone is very proud of themselves
David Michaels@skinnylatte All nighters are such a phenomenally bad idea. Even if it weren't likely a lie I'd expect a compliance company to make more mistakes when doing that rather than less.
Denis 🌏@skinnylatte developers pulling all-nighters is a sign of failure, not success. You know that and I know that and will the tech bros ever learn that? Probably not.
eestileib (she/hers)I've been through compliance at a mega corp and as far as I can tell someone gets appointed to be the muggins who sits in a conference room while people who are paid to tick boxes tick boxes.
Perhaps this perception came from that company already having fairly strict internal rules, perhaps from a sock puppet auditor, I don't know.
I totally understand why someone who had only ever seen the process from the next room would think this is prime sinecure territory, it certainly seemed like an expensive no-op from my desk.
Sindarina, Edge Case Detective@skinnylatte Having done SOC2 before, I am kind of offended by the fact that their customers fell for it so easily. Like, do you even due diligence, bro?! 😂
Enia@skinnylatte it all stems from a ridiculous idea that “compliance” is just checking off a bunch of boxes on a form and then you’re done. I’m constantly battling this at work. Compliance is designing your systems/product/processes so that they ensure *something*: data security, AI governance, unbiased decision making. and then it’s continuing to audit that thing to make sure it’s still doing it. forever.
you can’t fucking have SOC 2/PCI/GDPR/HIPAA/AML/FedRAMP in two days no matter what anyone tells you.
Viss@skinnylatte i gave a talk once about a bunch of ways people can fake credibility, like buying certs and reviews. this didn't exist back then but hoooboy does it fit the bill
Harsh Shandilya@skinnylatte Forbes 30 under 30 continues to be the world's premier directory of scammers.
Marc Jacobs (he/him)Yikes and double yikes.
Proving again that fraud is faster than doing the work.
kf@skinnylatte I just had a conversation with a healthcare clinician about this yesterday 😭
context was clinicians in private practice adopting AI services to use with patient data
was telling them about how many tech workers don't actually build compliant services but slap badges on their software saying they did
and wondered aloud how clinicians in private practice without IT backgrounds would ever know the difference between legit services and those that are not truly HIPAA compliant?