
AI-Driven SOC Audits and the Growing Trust Gap
From Compliance into the Weeds by Tom Fox
April 1, 2026 · 23 min · Episode 460
About this episode
Tom Fox and Matt Kelly discuss the implications of AI-driven automation on SOC audits and the trust gap it creates.
The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly discuss concerns that AI-driven automation may be weakening SOC 1 and SOC 2 audits used to assure vendor financial reporting controls and cybersecurity/privacy controls. They focus on allegations by an anonymous whistleblower (“Deep Delver”) that tech startup Delve fabricates audit documentation with AI and relies on audit firms to rubber-stamp reports, claims Delve denies, potentially undermining trust in hundreds of SOC reports. Beyond Delve, they warn that startups are “fracturing” the traditional SOC audit model, driving timelines and costs from months and tens of thousands of dollars to days and a few thousand, encouraging check-the-box, low-quality audits, sometimes via little-known overseas firms. They note regulators are unlikely to intervene, leaving companies to reassess due diligence and the real assurance value…
People in this episode
Host: Tom Fox
Guest: Matt Kelly
Topics covered
- AI-driven automation
- SOC audits
- vendor financial reporting
- cybersecurity
- privacy controls
- whistleblower claims
- audit documentation
- due diligence
Keywords
- Delve
- audit firms
- regulatory concerns
- check-the-box audits
Mentioned in this episode
Products: SOC 1, SOC 2
Books & works: Compliance into the Weeds, a Davey, Communicator and w3 Award
More episodes of Compliance into the Weeds
- Banking Regulators Cut Model Risk Guidance: Implications for Compliance, Audit, and AML Oversight · April 22, 2026 · 23 min
- Surveying Retaliation Against Compliance Officers · April 15, 2026 · 17 min
- Duty Owed vs. Material Nonpublic Information: Prediction Markets and Compliance · April 8, 2026 · 25 min
- Balt and TradeStation: Lessons for the Compliance Professional · March 25, 2026 · 27 min
- McKinsey’s Lilli AI Hack: What It Signals for AI Governance, Security and Disclosure · March 18, 2026 · 20 min
- Carrots and Sticks in Washington: Antitrust Whistleblowers and an FCPA SOL Extension · March 11, 2026 · 19 min
Explore listener stats, chart rankings, contacts and more on the Compliance into the Weeds podcast page.