Data Analysis

The Numbers Behind the Biggest Compliance Scandal

533 leaked audit reports. 455 companies affected. Here is what the data reveals about industrialized systematic template reuse.

Timeline: January 2025 - December 2025

533

Audit Reports Leaked

From the Delve compliance platform

455

Companies Affected

Startups to enterprises

99.8%

Reports Identical

Structurally indistinguishable

Exceptions Found

Across all reports

Report Type Breakdown

Distribution across 533 leaked reports

ISO 2700184

SOC 2 Type 1251

SOC 2 Type 2198

Infrastructure Distribution

Cloud providers used by affected companies

AWS110

GCP21

Supabase17

Azure15

Vercel12

Render11

Fly.io3

Heroku2

Key Findings

Patterns that prove these reports were mass-produced, not individually audited

1 Auditor, 487 Companies

The same auditor license number appeared across 487 different company reports - as if one person audited them all at the same time

Identical Page Numbers

Every report has the exact same structure and page layout. Different companies should produce different-length reports - unless nobody actually wrote them individually

220+ "No Problems Found"

Every single security check came back clean - 220+ times per report, across every company. In the real world, every company has issues. Zero problems means zero actual checking

Find & Replace

Reports were generated from one template - only the company name was swapped in. The security conclusions were written before anyone even looked at the company

Share with your network

the delve scandal in numbers: 533 reports 455 companies 99.8% identical 0 exceptions found 1 word template and they raised $32M for this

https://trustcompliance.xyz/stats

X LinkedIn Reddit WhatsApp Telegram

Data Sources

Transparency about where our data comes from

Primary Source

Our data comes from publicly leaked audit reports first reported by independent researchers. These reports were accessible without authentication on public URLs.

Cross-referencing

We cross-reference with public PCAOB and AICPA databases to verify auditor credentials and registration status where applicable.

Methodology

Our methodology is fully documented on the About page, including how we identify template fingerprints and calculate similarity scores.

Is your vendor in the database?

Check if your vendor's SOC 2 or ISO 27001 report was produced by the same template-based operation.

Check if your vendor is in the database

Loading statistics...