AIMinds #049 | Karun Kaushik, Co-Founder and CEO at Delve
About this episode
Karun Kaushik, Co-Founder and CEO at Delve. Delve helps fast-growing companies get SOC 2 and HIPAA compliant in days, not months.
Listen to the episode on Spotify, Apple Podcast, Podcast addicts, Castbox. You can also watch this episode on YouTube.
In this episode of AIMinds, Karun Kaushik, CEO and co-founder of Delve, shares with us his entrepreneurial journey and the innovative strides Delve is making in the compliance sector. Karun goes on to talk about his unique academic path, dropping out of both high school and college, and how early ventures in healthcare tech at MIT led to co-founding Delve. Initially developed as an AI scribe for healthcare providers, Delve pivoted to a broader compliance focus, helping startups meet standards like HIPAA and SoC2.
Karun discusses the challenges of aligning security with innovation in AI and regulatory tech. He explains Delve’s strategic use of AI to streamline and automate compliance processes, reducing the manual burden. Reflecting on entrepreneurship, Karun highlights the importance of resilience, high standards, and adaptability. This episode illuminates the complexities of compliance in tech and the critical role of dynamic leadership in navigating these challenges.
Fun Fact: Karun Kaushik, despite being a double dropout from high school and college, managed to take 25 community college classes and conducted research at MIT, working on projects such as diagnosing COVID and pneumonia from chest X-rays.
Show Notes:
00:00 Entered MIT pre-med; aimed for impactful healthcare.
03:49 Helping startups achieve HIPAA compliance; building tools.
07:37 AI-first, automated, tailored customer service approach.
10:54 Automate compliance processes for scalable implementation verification.
16:10 Built wrong product; learn, adapt, persist forward.
17:54 Automating compliance with an AI native approach.
More Quotes from Karun:
Transcript:
Demetrios:
Welcome back to the AI Minds podcast. This is a podcast where we explore the companies of tomorrow. Built AI first. I am your host Demetrios. And this episode, like every episode, is brought to you by Deepgram, the number one speech to text and text to speech API on the Internet today. Trusted by the world's top conversational AI leaders, startups and enterprises like Spotify, Twilio, NASA and Citibank. In this episode I'm joined by Karun, the CEO and co founder of Delve. How are you doing today?
Karun Kaushik:
Doing great. Excited about this.
Demetrios:
So I am very intrigued by your story, which I want to start with because you're a double dropout, you dropped out of high school and you dropped out of college. Not many people can say that, but your high school was not the most traditional because you went and you decided to do a few college classes while in high school. Can you explain how that works?
Karun Kaushik:
Yeah, so I had a very non traditional route, right. I was going to this competitive high school and then as part of that, when I realized that this wasn't the best fit, dropped out and I took like 25 community college classes just as part of that experience. Wanted to really explore and push myself, like go for that exponential trajectory. And as part of that, you know, also did some research at mit. Did like this project that was diagnosing Covid and pneumonia from chest X rays. Bunch of fun stuff, but great experience in terms of like letting yourself loose on those one things.
Demetrios:
Okay. So you nonchalantly talked about how you did some research at mit, which is not necessarily something that most high school kids do. You then went and got yourself into MIT and started with classes there. What were you doing and why did you ultimately drop out?
Karun Kaushik:
Yeah, it's a fantastic question. I actually entered MIT pre med. Right. So it was one of those things where we boil our lives down at Delve to like impact equals value times volume. It's a function of like how many people can you touch and at what magnitude. And I thought at the time, from all the high school experience with healthcare and like health tech, that the best way to do this was in a clinical setting. And so I took a lot of like Orgo actually my first semester for fun stuff. We don't recommend that by the way, if you're thinking about it, and just had a bunch of like interesting kind of biochemistry classes.
Karun Kaushik:
And it's actually how I met my co founder. We had the same academic advisor and our first week at MIT we were just talking about biotech stuff and realized we had a joint passion for it, but it was a very like, fun time of just like, honestly getting used to the college environment. But after that first semester of like really like going through just like the college sync and like getting to know my co founder better, we kind of decided to build something in healthcare and health tech and that was the start of like the entrepreneurial bug.
Demetrios:
Okay, so healthcare and health tech is very different than what Delve does today. Can you connect those two dots for me? Because Delve helps folks get certified or helps folks pass regulations. Right. And healthcare health tech startup, I don't see the connection.
Karun Kaushik:
Yeah, so it's a good question actually. For those that aren't familiar, we help other Startups get HIPAA SoC2 compliant and are looking to build a bunch of other fun things. HIPAA compliance is required in the US if you are processing patient data and you're working with a covered entity. So something like a hospital or a clinic. And as part of our healthcare stuff, we built an AI scribe. It was used like a customizable version of it, which was given to doctors and clinics and they can kind of help them take their notes and do that stuff. As part of that, we had to go through the regulatory process of getting HIPAA compliant. And that's where the dots started to connect.
Karun Kaushik:
It was like, you know, hey, there's some AI here. There's some things that we can, we can improve.
Demetrios:
I see. So you recognize that, wow, this HIPAA compliance thing is kind of a pain in the ass. Maybe we're going to affect more people. And I love that formula that you put together of how many people you can touch or you can affect in the world. And so you pivoted.
Karun Kaushik:
Yeah, exactly. So we pivoted into compliance. We thought that we had a better shot at making exponential change working in compliance. And like the story of my life's kind of like pretty, pretty in line with just like taking those bets on myself and the people around me. And so that was kind of where this started. And my co founder and I applied to yc, we dropped out and the rest is history.
Demetrios:
Wow. So what exactly are you doing? There's the inspiration for it. But what does the product look like and what are you doing differently?
Karun Kaushik:
We have three kind of core differentiators right now. We are an AI streamlined platform, so we save you a lot of time getting compliant. We have great customer service, just really direct, especially for the startups that we work with and we focus on customization to the companies we support. It's not just a Black and white kind of compliance setup. It's very like streamlined for the startups that we're working with directly and as we grow here, right. Longer term a kind of vision for delve is like there's a diametrically opposed curve right now between security and innovation. And the goal is how do we start bridging that gap, making it easier to build in these regulated industries.
Demetrios:
And why do you say that there's this curve or these two are growing away from each other, this security and innovation?
Karun Kaushik:
Yeah, I guess. So much happening in AI right now, right. There's so many innovators that I would say like are building, you know, some great products, right. 11x AI bland, deepgram, right. Very few people are building strongly in the regulatory space. Right. It's like how do we actually safely build products that change the world? And our thesis is that like longer term there's going to be a point where, you know, there's revolutionary technology and nobody to actually like put some guardrails on it and make sure that we're doing it right. And that's the, that's the goal that we're trying to build towards now.
Demetrios:
The compliance space is very full or aggressively competitive. I could say. Is there something that you felt like was missing from all the other offerings on the market and you're plugging that hole. Is it in the customer support side of things? Is it in the more white gloved experience or the AI workflows that you talked about?
Karun Kaushik:
Yeah, it's a great question. I think it's definitely the AI workflow stuff, right? At the short term, like you know, customer support, white glove service, like that's, that's the startup do things that don't scale. I think the goal that we have and the gap that we see in the market is that I have a lot of respect for a lot of the companies that have been built so far. But just from a pure timing perspective, we feel that there is an AI first approach to this. Can we build an agent that pulls the data automatically instead of having an API integration? And even further than that, can we have an agent that automatically configures compliance properly? And that's like the fun stuff that we're working on right now. But you know, the core differentiation is like currently it's just like I think a better service and a more tailored product for startups. I think longer term it's going to be much more automation in terms of how we actually like set these processes up in a nice way automatically.
Demetrios:
So I'm not sure I fully understood the agent aspect of this versus using an API. How do you see those two things? Or what would me as an end user, what would my experience be and how would it be different?
Karun Kaushik:
Great question. So classic example for compliance is like encryption enabled on a database in aws, right? It's like a very standard thing that you're going to have to do for pretty much any compliance framework currently you're going to hook into an API with a compliance vendor, we'll like kind of ping it saying hey, is this encryption or not? And if it's not, we'll kind of flag that in a ui, right? And that's like kind of the standard way things are done across all the competitors. Our thoughts like, hey, can we just go into AWS for you, click the button, come back and store that evidence for the auditors and like do that all in one click. And like the kind of like new innovation happening right now enables this. And our take is that like there's platforms yet to be built that are like conceptualized around the possibility of that technology. You know, like it's, it's a fundamental difference. Just like how TurboTax was for tax law. It's like a similar step up.
Karun Kaushik:
And you're seeing this across the board in every other industry and our takes, like why not compliance too?
Demetrios:
Wow. So first of all, it is crazy to me that you can have non encrypted databases. That's like a setting that you have to, it feels like, shouldn't that just come straight out of the box like that always? But there's probably reasons because I do not know enough about security and compliance to know why or why not. That is like it is. So I won't speak on that, but what I do like is how you say you can automatically make sure that things are complied and that implies that you are going to have AI agents that know what compliance looks like. Right? And I don't think everyone's compliance is the same and everyone's systems are the same. How do you think you're going to tackle that problem?
Karun Kaushik:
Yeah, it's a fantastic question and I think you're hitting on one thing that's super important, which is that everybody's compliance is different and everyone's like approach is different. And if you look at enterprises, right, it's all done in house on varying tools that aren't our direct competitors right now. And I think longer term, right, it's not a forcing function of can we like enable encryption on AWS or not at a large scale that's already done everywhere. It's more of a, you know, given a guardrail, where compliance fundamentally, if you look at the core, it's always a control, something you need to implement, and a test procedure of how you check that it's implemented. And our goal is to automate the process of those two things. Given a to do, how do we prove that the to do has been implemented? That's something that we hypothesize. Scales infinitely across a startup all the way to an enterprise.
Demetrios:
Oh, so that's why you take the screenshot and you bring it back and you have a folder that has a bunch of screenshots of, like, everything was compliant when our agent looked through it. Because I'm very green in the compliance world, you have these audits that you go through with the compliance providers. And then what happens if I just go into my AWS account and turn off encryption right after that?
Karun Kaushik:
Yeah, it's a fantastic question. So compliance in general will sit on the corporate level of your business. So both technical and administrative standards. Think of it as like AWS, GitHub, your other vendors being secure, along with, like, do you have background checks? Do you have performance evaluations, like, stuff like that? And so we'll kind of help you secure all of those aspects. And compliance in general sits on that, like, kind of larger, broad landscape.
Demetrios:
Okay, but if I'm nefarious and I turn off my encryption right after the compliance check, is there a way to know about that? Is the agent hanging around? Is it continuously scanning things to make sure that it's always up to date, like, daily? What does that look like
Karun Kaushik:
Right now? We'll kind of recurringly scan stuff, and so we'll say like, hey, you know, we noticed this fell out of compliance, like, fix it. and then depending on different standards, there's like, different observation periods for, like, SoC2, for example, where an auditor is going to find a dip in the graph. HIPAA compliance is more of like, something you kind of just maintain. and there's like, varying levels of this. But generally speaking, I would think of us almost as, like, observability into, like, are you compliant or not? And like, anytime you're not, we'll kind of remind you to fix it.
Demetrios:
Okay. And there's a lot of things that you can be compliant for, right?
Karun Kaushik:
Yeah.
Demetrios:
Have you thought about what you're gonna tackle next?
Karun Kaushik
We're still looking into it. I think we're definitely like, you know, shipping the obvious frameworks very soon. Right. So like, HIPAA, SoC2, GDPR ISO, PCI, the kind of like core set of like fintech, health tech, and just general regulation. Beyond that, we're kind of interested in how we, how we look at the broader picture. Right. Is there some AI stuff that we can do? Right. Like there's so much happening and like, are these the really the regulations that, you know, help us regulate, you know, things like OpenAI or like, is there, is there a better approach there? And like, that's something that we're still thinking about.
Karun Kaushik:
That's probably not a question we're going to answer in the next year or two, but maybe the next five. And I think that that's something that we're very curious on.
Demetrios:
That's awesome. So as you're looking back at the company you've started so far, what are some of the challenges or roadblocks that you've had and what have you learned from them?
Karun Kaushik:
Building a company is hard, I think like you can have an idea, but going in and doing it is a very different experience. I think we learned a few things right. One, I think as you're building your company, right, the biggest and most important thing is just keep trying. I think there's so many hurdles you're going to face. There's so many like problems you're going to have. The single biggest factor into whether you succeed or not is if you just kept going through the process or not. 2 would be like really making sure that you're trying new things. I think it's easy to just take the standard approach, but like a lot of times the answer is hiding in the clouds and you have to go and get it.
Karun Kaushik:
And so it might mean a different angle, a different take, something like that. It's worth your shot. And 3 is just like keeping your standards high. I think a lot of times it's easy to compromise, it's easy to like fall in the face of comfort. And that's one thing that like you can't do, especially in the other stages.
Demetrios:
And as you look at your journey, where are some places that you feel like you went left where the majority of folks probably would have gone, right.
Karun Kaushik:
We've, you know, built the wrong thing for months, right? Like we've, we were originally doing like a platform as a service for HIPAA compliance, right? Like HIPAA compliant infrastructure, one click deployment, stuff like that. And we just realized that like, hey, this is not the right market to be targeting and things like this where it's like sometimes that second point of like find the answer on the clouds, you might go into the ground instead. And I think that it's one of those things where startups are all about bets. And I think you get a finite number of risky calls that you get to take as a founder, and it's about recognizing those quickly and learning from it. Um, and then most importantly is like, that number one point is just keeping your foot on the gas regardless, because that's like the single biggest determining factor.
Demetrios:
Do you have any Spidey senses now when one of these risky bets comes up and you're faced with that difficult.
Karun Kaushik:
Decision, the actual answer is like, maybe. I think, like, genuinely, like, do feel more confident that, like, as you see those things coming, I would say it's not like you're gonna know the right answer, but pattern recognition. And just like, you'll kind of like, recognize. It's like when you're driving, right, somebody's merging in your lane, you can kind of tell if they're gonna hit you or not. I think because you've driven so much, I think it's like a similar analogy here of, like, you can't be certain, but you have more just intuition around it. Um, in that sense, yeah, you just.
Demetrios:
Said that you started in the wrong space. And your platform as a service versus what you're doing now, what is the difference between the two?
Karun Kaushik:
It's kind of that overall journey, right? Like, first it was like that, that AI scribe, like, doing all this stuff. Um, then it was like, HIPAA compliance platform as a service, right? Can we give you, like, HIPAA infrastructure? So, like, can we click on that AWS encryption box for you and instead just show you a UI that, along with like, some of the hipaa, like, just legal stuff. We eventually realized that, like, everyone has their own setup, everyone has their own custom things, just like how you were saying in this interview. And like, we realized that the better, more direct solution to this problem is just like, is there an AI native approach to compliance itself? Right? Can we just like, automate that entire thing, regardless of the aws, GCP or Azure setup? And that's kind of like how we stumble into what we do now, right? It's like, given any company, any startup, how do we get you compliant as quickly and securely as possible, trying to reverse those curves and doing so in a manner that helps us change the world one step at a time?
Demetrios:
Well, I know it is quite tedious, so I appreciate that you're doing that. And I'm going to make sure that every startup that I know hits you up and gets their compliance real quick, because for startups, it is very important to have the SoC2 if they want to sell into the enterprise. So it just shows that what you're doing is hugely valuable.
Karun Kaushik:
Absolutely. No. Thanks so much. If anyone's listening, that needs sock too. We'll throw a grand off if you mention the podcast Terrorize.
Demetrios:
A whole thousand dollars? No way. That's awesome.
