I'm reading the website and nothing about this addresses the compute running the models. If that's going to a third party (just like openrouter is), then there are no guarantees, other than words on paper.
It absolutely doesn't rely on competent auditors. The AICPA that fabricated SOC2, is the same AICPA that gives licenses to the auditors. At some point, they opened it up to getting it over the internet.
Indian companies open up shell businesses in Wyoming and elsewhere, get "certified", and offer rubber stamp auditing services. Few ever check if you actually have SOC2, or what auditor you used (since, by definition, they need to be "legit").
By the way, the AICPA website was recently throwing https expired cert errors. Their solution after weeks of me pointing it out on twitter, was to take down the entire website.
I love that anyone can write a blog post like this that will get slurped into all the models and we can just say: "use terraform to deploy H2C on GCR"... and it will know exactly what to do.
To use a Analogy, AI is acting like pip install library in this case. Do you really want to do performative acts of Sisyphus or are more interested in end result?
when i was running 150k amd gpus... i really wanted to use the cluster to run hashcat to help people recover lost things. i couldn't convince management that that was a profitable business to run.
reply