\n<\/p>\n
The controversy around Delve<\/a> appears to have cost the compliance startup its relationship with accelerator Y Combinator.<\/p>\n Delve is no longer listed among YC\u2019s directory of portfolio companies, and the Delve page<\/a> seems to have been removed from the YC website. In addition, the startup\u2019s COO Selin Kocalar posted on X<\/a> that \u201cYC and Delve have parted ways.\u201d<\/p>\n \u201cI still remember the day we took our YC interview at MIT,\u201d Kocalar said. \u201cWe\u2019re so grateful to the community and every founder friend we\u2019ve made.\u201d<\/p>\n YC isn\u2019t the first investor to distance themselves from Delve. Insight Partners also appears to have deleted posts about its investment in the company<\/a>, although its primary blog post was later restored.<\/p>\n Meanwhile, Delve continues to push back against anonymous claims that it misled clients<\/a> by telling them they were compliant with privacy and security regulations while allegedly skipping important requirements and auto-generating reports for \u201ccertification mills that rubber stamp reports.\u201d<\/p>\n Those claims were first published in an anonymous Substack post<\/a> attributed to \u201cDeepDelver,\u201d who described themselves as a former Delve customer who became suspicious after receiving leaked data about the startup\u2019s clients.<\/p>\n DeepDelver published subsequent posts sharing what they said were Slack and video posts<\/a> from the company, as well as accusing Delve of passing off an open source tool as its own<\/a>, without giving credit or reaching an agreement with the developer. A security researcher also said he was able to access sensitive Delve data<\/a>.<\/p>\n Techcrunch event<\/p>\n \n\t\t\t\t\t\t\t\t\tSan Francisco, CA<\/span> Meanwhile, Delve became part of a related controversy<\/a> when malware was discovered in an open source project developed by Delve customer LiteLLM.<\/p>\n In the company\u2019s latest blog post<\/a>, Delve\u2019s COO Kocalar and CEO Karun Kaushik declared their intention to set \u201cthe record straight on anonymous attacks.\u201d Among other things, they claimed that the company has hired a cybersecurity firm \u201cto help us understand what happened,\u201d and said the \u201cevidence points to a malicious attack rather than a genuine whistleblower.\u201d<\/p>\n \u201cIt appears that an attacker purchased Delve under false pretenses, maliciously exfiltrated data, including Delve\u2019s internal company data, and used it to launch a coordinated smear campaign against us,\u201d they said. The blog post also includes a screenshot that they said \u201cshows the attacker exfiltrating our audit tracking spreadsheet via file.io<\/a>.\u201d<\/p>\n Beyond this accusation, Delve also described DeepDelver\u2019s criticism as \u201ca mix of fabricated claims, cherry-picked screenshots, and data taken out of context.\u201d For example, they said DeepDelver \u201cdismisses our AI while acknowledging it automated 70% of a security questionnaire.\u201d<\/p>\n On the question of using open source tools, Delve said it \u201cbuilt on an Apache 2.0 open-source repository, which explicitly permits commercial use, and significantly rebuilt it for compliance use cases.\u201d<\/p>\n However, the executives also said they\u2019ve been taking steps to ensure customers \u201cfeel confident in our platform and compliance outcomes.\u201d<\/p>\n Those steps supposedly include cleaning up the company\u2019s network to remove auditing firms \u201cthat don\u2019t meet our standards,\u201d \u201coffering complimentary re-audits and penetration tests to all active customers,\u201d and making it \u201cunambiguously clear\u201d that Delve\u2019s templates for things like board meeting notes \u201care designed to be starting points only.\u201d<\/p>\n
\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 13-15, 2026<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n