AI skeptics aren’t the only ones warning users not to unthinkingly trust models’ outputs — that’s what the AI companies say themselves in their terms of service.

Take Microsoft, which is currently focused on getting corporate customers to pay for Copilot. But it’s also been getting dinged on social media over Copilot’s terms of use, which appear to have been last updated on October 24, 2025.

“Copilot is for entertainment purposes only,” the company warned. “It can make mistakes, and it may not work as intended. Don’t rely on Copilot for important advice. Use Copilot at your own risk.”

A Microsoft spokesperson told PCMag that the company will be updating what they described as “legacy language.”

“As the product has evolved, that language is no longer reflective of how Copilot is used today and will be altered with our next update,” the spokesperson said.

Tom’s Hardware noted that Microsoft isn’t the only company using this kind of disclaimer for AI.  For example, both OpenAI and xAI caution users that they should not rely on their output as “the truth” (to quote xAI) or as “a sole service of truth or factual information” (OpenAI).

A Democratic congressman had harsh criticism for Polymarket for allowing users to bet on the date the United States would confirm the rescue of Air Force service members shot down over Iran.

In a social media post on Friday, Representative Seth Moulton wrote, “They could be your neighbor, a friend, a family member. And people are betting on whether or not they’ll be saved. This is DISGUSTING.” (President Donald Trump announced early Sunday that the second service member, a weapons system officer, has been rescued.)

Moulton also described Polymarket as a “dystopian death market” and noted that Donald Trump Jr. is an investor. The congressman recently banned his staff from participating in prediction markets like Polymarket and Kalshi. 

Polymarket responded that it had taken the market down “immediately” for not meeting the company’s integrity standards.

“It should not have been posted, and we are investigating how this slipped through our internal safeguards,” the company said.

Polymarket previously saw hundreds of millions of dollars traded on contracts tied to the bombing of Iran by the United States and Israel.

The controversy around Delve appears to have cost the compliance startup its relationship with accelerator Y Combinator.

Delve is no longer listed among YC’s directory of portfolio companies, and the Delve page seems to have been removed from the YC website. In addition, the startup’s COO Selin Kocalar posted on X that “YC and Delve have parted ways.”

“I still remember the day we took our YC interview at MIT,” Kocalar said. “We’re so grateful to the community and every founder friend we’ve made.”

YC isn’t the first investor to distance themselves from Delve. Insight Partners also appears to have deleted posts about its investment in the company, although its primary blog post was later restored.

Meanwhile, Delve continues to push back against anonymous claims that it misled clients by telling them they were compliant with privacy and security regulations while allegedly skipping important requirements and auto-generating reports for “certification mills that rubber stamp reports.”

Those claims were first published in an anonymous Substack post attributed to “DeepDelver,” who described themselves as a former Delve customer who became suspicious after receiving leaked data about the startup’s clients.

DeepDelver published subsequent posts sharing what they said were Slack and video posts from the company, as well as accusing Delve of passing off an open source tool as its own, without giving credit or reaching an agreement with the developer. A security researcher also said he was able to access sensitive Delve data.

Meanwhile, Delve became part of a related controversy when malware was discovered in an open source project developed by Delve customer LiteLLM.

In the company’s latest blog post, Delve’s COO Kocalar and CEO Karun Kaushik declared their intention to set “the record straight on anonymous attacks.” Among other things, they claimed that the company has hired a cybersecurity firm “to help us understand what happened,” and said the “evidence points to a malicious attack rather than a genuine whistleblower.”

“It appears that an attacker purchased Delve under false pretenses, maliciously exfiltrated data, including Delve’s internal company data, and used it to launch a coordinated smear campaign against us,” they said. The blog post also includes a screenshot that they said “shows the attacker exfiltrating our audit tracking spreadsheet via file.io.”

Beyond this accusation, Delve also described DeepDelver’s criticism as “a mix of fabricated claims, cherry-picked screenshots, and data taken out of context.” For example, they said DeepDelver “dismisses our AI while acknowledging it automated 70% of a security questionnaire.”

On the question of using open source tools, Delve said it “built on an Apache 2.0 open-source repository, which explicitly permits commercial use, and significantly rebuilt it for compliance use cases.”

However, the executives also said they’ve been taking steps to ensure customers “feel confident in our platform and compliance outcomes.”

Those steps supposedly include cleaning up the company’s network to remove auditing firms “that don’t meet our standards,” “offering complimentary re-audits and penetration tests to all active customers,” and making it “unambiguously clear” that Delve’s templates for things like board meeting notes “are designed to be starting points only.”

In a post on X, Kaushik made many of the same points but also said, “[W]e grew too fast and fell short of our own standard. To our customers, we deeply apologize for the inconveniences caused.”

TechCrunch has reached out to Y Combinator and DeepDelver for any response to Delve’s comments.