Who Audited Your Auditor?

A $32 million compliance startup fabricated the security certifications your vendor assessment depends on. The cascade that followed exposed how thin the trust layer beneath the AI supply chain actually is.

Delve Technologies sold automated SOC 2 (the audit standard companies use to prove their security controls work) and ISO 27001 (international information security certification) compliance. Y Combinator, the startup accelerator whose backing is itself a credibility signal, funded it. Hundreds of AI companies bought it. An anonymous researcher who accessed a leaked Google Spreadsheet of Delve's draft reports found that 493 of 494 used identical boilerplate text, with only the client's name and logo swapped in. Auditor conclusions and test results were fully populated before clients submitted company descriptions, network diagrams, or evidence. The certifying firms were Indian entities operating through US shell companies, not the recognized CPA firms the reports implied. Y Combinator expelled Delve in early April.

One of those certified companies was LiteLLM, an open-source AI gateway present in roughly 36 percent of cloud environments. On March 24, attackers compromised a security scanner in LiteLLM's build pipeline, stole the token used to publish software packages, and pushed two malicious versions to PyPI (Python's public software repository). The poisoned code ran for 40 minutes before it was quarantined. In that window, Mercor, a $10 billion AI staffing platform that generated training data for OpenAI, Anthropic, and Meta, auto-installed the compromised package. Attackers exfiltrated four terabytes: platform source code, 40,000 contractor records including Social Security numbers, video interview recordings with passport scans, and internal communications. Meta reportedly froze its AI data work with Mercor after the breach.

Five lawsuits landed within a week. The one that matters: White and Beltran v. Mercor (Northern District of Texas) names Delve and LiteLLM's parent company as co-defendants alongside Mercor. The legal theory connects the compliance fraud to the breach to the data loss as a single chain of liability. A vendor's fake certification made the next vendor's security unverifiable, which made the platform's data unprotectable.

The Takeaway: Your audit committee carries SOC 2 reports as proof that your AI vendors have controls. Pull the last twelve months of vendor certifications this quarter. If the auditing firm is a name nobody on your team recognizes, or if the report reads like a template with your vendor's logo pasted on top, the certification may be worth what Mercor's was. The Texas class action names the compliance vendor, the software vendor, and the platform as co-defendants. The legal theory: a fake certification makes everyone downstream liable for the breach it failed to prevent.

Sources: TechCrunch — Delve accused of misleading customers with fake compliance · TechCrunch — Delve parts ways with Y Combinator · TechCrunch — Mercor breach linked to LiteLLM supply chain attack · Datadog Security Labs — LiteLLM/TeamPCP supply chain campaign

A Thousand Sanctions and Iran Still Gets Paid

The United States has sanctioned more than 1,000 Iran-related targets since February 2025. Iran is collecting an estimated $20 million per day in transit tolls through the Strait of Hormuz anyway, in currencies that never touch a dollar. The sanctions weapon has never been swung harder, and it has never mattered less to the revenue it was designed to cut off.

The Treasury Department's April 24 press release announced the designation of Hengli Petrochemical, China's second-largest independent refinery, for purchasing "billions of dollars' worth" of Iranian crude that generated "hundreds of millions of dollars in revenue for the Iranian military." Dozens of shadow fleet tankers and shipping entities went on the list the same day. Meanwhile, Iran's Islamic Revolutionary Guard Corps collected those tolls in Chinese yuan, routed through Kunlun Bank via CIPS (China's cross-border payment system, built to bypass SWIFT, the network banks use to move money internationally), or in cryptocurrency. Iran's parliament codified the system on March 30 as the "Strait of Hormuz Management Plan." Blockchain analytics firms Chainalysis and TRM Labs independently documented the on-chain flows and called it the first known instance of a nation-state levying transit fees in crypto at a critical maritime chokepoint. Before its sanctions waiver expired April 19, India settled an Iranian crude purchase in yuan through an Indian bank's yuan-denominated channel, bypassing dollar clearing entirely. Russia and China now conduct over 99 percent of their bilateral trade in rubles and yuan, per Russia's finance minister.

Chatham House published a measured counterargument on April 20. Analyst David Lubin noted that the dollar's share of SWIFT (the Society for Worldwide Interbank Financial Telecommunication) transactions rose to 51.14 percent in March, up from 49.25 percent in February. The dollar is strengthening as a safe-haven currency during the crisis. He is correct. But SWIFT measures what flows through SWIFT. Transactions settled via CIPS, bilateral currency agreements, or cryptocurrency do not appear in that data. The dollar is winning on the scoreboard it controls. The rival systems are building separate scoreboards.

The Takeaway: Most sanctions compliance programs assume enforcement works through the dollar clearing system. It does. Your compliance officer should add one line to the next vendor questionnaire: what settlement currency and clearing network do you use for cross-border payments? The answer will tell you more about your actual sanctions exposure than the SDN list (the Treasury's master list of sanctioned entities). OFAC (the Treasury office that enforces economic sanctions) can designate a thousand more targets. If the payments don't clear through dollar systems, the designation doesn't reach the transaction.

Sources: U.S. Treasury — Hengli Petrochemical designation (SB0472) · Chainalysis — Iran's Strait of Hormuz crypto toll · TRM Labs — Iranian crypto tolls in Strait of Hormuz · Chatham House — Dollar dominance is surviving the Iran war, just about · Anadolu Agency — Russia, China conduct over 99% of trade in national currencies

Washington Showed Up to Stop the States

Three weeks ago this newsletter reported that 45 states were writing AI rules while Washington watched. Washington stopped watching. On April 24, the Department of Justice (DOJ) joined a lawsuit to block Colorado's algorithmic discrimination law before it takes effect June 30. The federal government did not file a suggestion or a letter. It became a plaintiff. The argument: the law forces companies to consider race and sex when building AI systems, which violates the Equal Protection Clause (the constitutional bar on government-imposed discrimination). This is the first action by a DOJ task force created specifically to dismantle state AI regulation.

The same week, the Fifth Circuit (a federal appeals court covering Texas, Louisiana, and Mississippi) stripped the Federal Trade Commission (FTC, the agency that polices unfair business practices) of its primary enforcement tool. The court ruled that the FTC cannot adjudicate deceptive-advertising cases through its own internal process. Those cases now have to go through federal court, with juries, where they take years longer and cost far more to prosecute. The FTC's 20-year order against Intuit over TurboTax marketing was thrown out. The current FTC chairman has signaled he may not even appeal.

One agency is actively blocking state AI rules. Another just lost the ability to enforce consumer protection efficiently. Meanwhile, Texas extracted $1.375 billion from Google for privacy violations. California fined Disney $2.75 million for ignoring opt-out requests. Forty-two attorneys general warned that AI enforcement is a 2026 priority.

The Takeaway: Colorado's algorithmic discrimination law takes effect June 30. If your company deploys AI in hiring, lending, insurance, or admissions, your General Counsel needs a list of which states those decisions reach and what each state requires. Colorado's law covers any AI system that affects a Colorado resident, regardless of where the company sits. Texas can levy $200,000 per day for violations. The compliance floor is being set in state capitals, not Washington.

Sources: DOJ — Complaint-in-intervention, X.AI v. Weiser (D. Colo.) · Fifth Circuit — Intuit v. FTC, No. 24-60040 (Mar. 20, 2026) · Bloomberg — DOJ joins xAI suit against Colorado AI law · Sidley Austin — Fifth Circuit holds FTC in-house adjudication unconstitutional

Insurance Closed Hormuz Before the Mines Did

Insurance closed the Strait of Hormuz before Iran's navy did. On February 28, 56 tankers transited normally. Within 72 hours, traffic fell to eight vessels. That happened before Lloyd's Joint War Committee (the body that designates conflict zones for the insurance market) redesignated the Arabian Gulf on March 3, before U.S. intelligence reported Iran planting naval mines by March 10, and before the first ship was seized on April 22.

What happened in between was an insurance cascade. On March 1, the major protection and indemnity clubs (the mutual insurers that cover liability for every commercial vessel) cancelled their Persian Gulf war-risk extensions with 72 hours' notice. War-risk premiums, which had sat at 0.125 percent of hull value for years, surged past 1.5 percent within days and hit 5 percent for vessels linked to the US, UK, or Israel. For a supertanker with a $100 million hull, that repricing alone added $1.5 to $5 million per voyage before cargo, crew, or fuel costs. The total cost stack on a single Hormuz transit today runs $6 to $10 million above pre-crisis baseline.

A paper published this month by the Irregular Warfare Initiative, a joint project of the Modern War Institute at West Point and Princeton, argues that commercial insurance logic achieved the blockade before the Iranian navy did. The physical interdiction (mines, gunboats, ship seizures) reinforced a closure that was already in effect through premium repricing alone. The author recommends every combatant command (regional military headquarters responsible for a given theater) with chokepoint responsibility establish a dedicated insurance-market watch function. During the 1980s Tanker War (when Iran and Iraq attacked commercial shipping for seven years during their war), ships kept sailing despite 451 attacks because the insurance market adapted gradually. In 2026, the market moved in 72 hours and traffic dropped 95 percent.

The Takeaway: Your board models Hormuz as a military crisis. The premium repricing added $6 to $10 million per transit before a single mine was confirmed in the water. A ceasefire is in place. The mines are the stated obstacle to reopening. But even in a cleared strait, underwriters are pricing Iran's Revolutionary Guard codifying transit tolls into law, a ceasefire with no permanent framework, and three carrier strike groups still on station. Shipping returns when Lloyd's says it returns. Your CFO should confirm this quarter what war-risk premium assumptions are embedded in your logistics contracts and at what cost rerouting around the Cape becomes the cheaper option.

Sources: Irregular Warfare Initiative — The Insurance Weapon · Insurance Journal — London marine insurers widen high-risk zone · Lloyd's JWC Circular JWLA-033 (PDF) · S&P Global — Marine war insurance for Hormuz dries up · HormuzToll — Cost stack analysis

The Chemical That Processes Everything Just Got Cut Off Twice

Sulfuric acid is the reagent that processes copper ore, nickel, uranium, rare earths, and phosphate fertilizer. Nothing substitutes for it at industrial scale. The two major supply routes just closed simultaneously.

The first closure was physical. The Middle East produces roughly a quarter of the world's sulfur (a by-product of oil and gas refining), and about half of all seaborne sulfur trade transits the Strait of Hormuz. That supply has been blocked since February. Sulfur prices are up more than 70 percent this year.

The second closure was a choice. On April 10, China announced a comprehensive halt on sulfuric acid exports starting May 1. China produces over 40 percent of the global supply and exported 4.6 million tonnes last year. Much of China's acid comes from copper and zinc smelter exhaust, a supply chain entirely independent of Middle East sulfur. When Hormuz closed, global buyers could have pivoted to Chinese smelter acid as a workaround. Beijing shut that door.

The cascade is already moving. Chile, the world's largest copper producer, imports over a million tonnes of Chinese sulfuric acid annually. Spot prices there surged 44 percent in one month. Indonesia produces 60 percent of global nickel and sources the majority of both its sulfur and its acid from the two routes that just closed. Nickel plants are already cutting output by 10 percent. Fertilizer costs are projected to rise 15 to 20 percent in the first half of the year. New acid production capacity takes 18 to 24 months to build. There is no near-term substitution.

The Takeaway: Your supply chain models Hormuz as an energy disruption. It is also a chemical-processing disruption, and the escape route through China just closed. If copper, nickel, fertilizer, or rare earths are anywhere in your input chain, your procurement team should be mapping acid-supply exposure this month. The shortage has no fix this calendar year.

Sources: Bloomberg — China to ban sulfuric acid exports as war hits supply · Exiger — China halts sulphuric acid exports as war squeezes global supply · S&P Global — China's sulfuric acid restrictions set to squeeze miners · MINING.COM — Iran war's sulfurous fallout spreads to copper and nickel

The Signature on the Filing Is the Liability

A CEO who signs a SOX certification (the annual sworn statement to the Securities and Exchange Commission that a company's internal controls work) is personally liable if the controls it vouches for don't exist. At Super Micro, a co-founder routed $2.5 billion worth of Nvidia AI servers through shell companies in Malaysia and Singapore to Chinese buyers between 2024 and 2025. Dummy boxes sat in Malaysian warehouses to fool compliance checks while the real hardware shipped. The DOJ unsealed the indictment March 19. Super Micro's stock dropped 33 percent, erasing roughly $6 billion in market cap.

The criminal charges hit three individuals under the Export Controls Reform Act (the law behind chip export restrictions to China). The company was not indicted. But seven securities class actions followed within days, naming the CEO and CFO personally. The liability standard is whether adequate controls existed, not whether the executives knew about the scheme. Signing the certification without that due diligence is the exposure.

The Takeaway: The co-founder moved the hardware. The CEO signed a certification that said the controls were working. Both are in court. The legal theory applies beyond export controls: any material compliance failure a SOX certification should have caught, whether sanctions, privacy, environmental, or financial. Before your next certification cycle, your General Counsel should pressure-test one question: would your compliance program detect a diversion scheme running underneath the signatories? The signature is the liability.

Sources: DOJ — Three charged with conspiring to divert AI technology to China · The D&O Diary — Geopolitics, export controls, and D&O risk · CNBC — Super Micro shares tank 33% on indictment

19 Days

More than a thousand solar farms, wind installations, and battery storage sites must register with NERC (the federal body that enforces power grid reliability) by May 15 and comply with cybersecurity standards for the first time. Most have never had a federal compliance obligation of any kind. The reason this is happening now: in 2021, a single electrical fault at a Texas solar facility cascaded across installations 200 miles apart and knocked 1,100 megawatts offline in seconds. The facilities were not connected to each other. They failed the same way because they were built the same way, with identical inverter settings that no federal regulator had reviewed.

These are mid-sized facilities, rated 20 MVA (megavolt-amperes, roughly enough capacity to power 15,000 homes) and above, that have operated outside federal oversight until this year. Many have never conducted a cybersecurity risk assessment, never inventoried their network-connected assets, never had a federal compliance obligation of any kind. They are going from zero to NERC CIP (Critical Infrastructure Protection) standards in a regulatory environment where non-compliance carries penalties up to $1.54 million per day per violation, plus potential loss of grid interconnection rights and energy market access.

The Takeaway: If your organization owns, operates, or invests in renewable generation assets, 19 days remain. Registration is step one. Cybersecurity compliance follows. If you don't own generation but your operations depend on grid reliability, ask your facilities team which utility serves your critical sites and whether that utility's renewable portfolio includes newly regulated assets. The weakest link on the grid just got its first inspection.

Sources: pv magazine — NERC Category 2 wake-up call · NERC CMEP Practice Guide — Category 2 registration criteria (PDF) · NAES — NERC Category 2 requirements

Know someone who needs this? Forward this email. The threats they don't know about are the ones that hurt.

Got this forwarded to you? Read past briefs and subscribe at stateofthethreat.com