Lewis

An AI compliance startup called Comp AI agreed to pay $30k for control of Reddit's r/ISO27001 subreddit, then used it to promote their own product. The community flagged it almost immediately, and Reddit admins shut it down. This came out about four months before the Delve scandal, making it the first in what's now a pattern of AI compliance startups getting exposed on Reddit. Here's the TLDR: > According to publicly shared documents, Comp AI offered $30k for control of r/ISO27001 with staged payments under a UK law contract. The first payment was made. > Comp AI's founder created a two-month-old Reddit account called TechnicalSupport7083 and became a moderator of r/ISO27001 alongside the subreddit's original founder > Once in control, they pinned a "resources" post listing Comp AI as the only tool under the "Platform" section, and posted separately asking for platform recommendations without disclosing they founded a competing product > They also ran a second account, Lewisbuildsai_, and used it to reply to their own threads before switching back to TechnicalSupport7083 to continue the conversation > The r/SOC2 subreddit had already flagged Comp AI with a vendor flair and encouraged users to report them when they went off topic > An auditor and accounting firm co-founder noticed the pattern, raised it in r/ISO27001, and was permanently banned for it > After the ban, they posted detailed warnings with screenshots in r/grc and r/cybersecurity, where the story gained traction > Reddit admins eventually intervened, returned control of the subreddit to the previous mod team, and banned accounts involved > The remaining payments from the $30k deal never came, despite repeated written assurances they were "coming" > The original mods are back and have confirmed the "CompAI takeover saga is officially over," with plans to remove spam, restore quality control, and rebuild the subreddit as a neutral space Once again, the Reddit community doing better due diligence on these compliance vendors than most clients.