Doesn't seem like a problem with SOC 2 compliance, seems like a problem where a company appointed someone who is not suited to handle a SOC 2 project.

As for the pre-filled stuff, that's what other SOC 2 companies mean when they try to sell you "compliance in a box." Not that bad if the company is starting from scratch (<1 year), but not realistic for a company that has an existing IT footprint.

However, the allegations here is that it is fraud. An "AI" company acting as a front for certification mills.