What Delve Got Wrong: Why Compliance Evidence Needs to Be Cryptographically Provable

In March 2026, Delve.co was found to have fabricated 494 SOC 2 reports. Pre-written auditor conclusions. Identical templates across hundreds of clients. It went completely under the radar because the evidence was a PDF. You either opened and trust what you read or you didn't. That's not a Delve problem(though what people did find in those reports is truly wild). That's an architecture problem. Compliance evidence today can't prove itself. It can and should, by design. Built pip install agentmint for teams to build their own receipts: The Receipt AgentMint generates this for every agent action — allowed or blocked: { "receipt_id" : "7d92b1a4" , "agent" : "sre-bot" , "action" : "delete:database:production" , "in_policy" : false , "reason" : "no scope pattern matched" , "signature" : "Ed25519:a3f9c8e2..." , "prev_hash" : "sha256:e7f2a1b3..." , "timestamp_rfc3161" : "MIIb3gYJKoZI..." } Three things make this unfakeable: Ed25519 Signature — covers the entire receipt. Change one character, s