Delve, a startup focused on compliance technology, has quietly severed its relationship with the prestigious startup accelerator Y Combinator. Delve is facing growing allegations about its business practices and data security.
YC Removes Delve from Its Portfolio
Delve is no longer featured in Y Combinator’s list of portfolio companies. The startup’s dedicated page has disappeared from YC’s official site. Selin Kocalar, Delve’s chief operating officer, confirmed the split in a social media post, saying simply, “YC and Delve have parted ways.” She added a nostalgic note about their early days, recalling their interview at MIT with gratitude for the community and connections made.
But this isn’t the first sign that investors are pulling back. Insight Partners, another backer of Delve, erased posts about their investment—though one blog post was later restored. Investors pulling back suggests the startup might be dealing with serious problems.
Anonymous Accusations Shake Delve’s Reputation
Delve has been under fire since an anonymous Substack author, calling themselves “DeepDelver,” published a series of posts accusing the startup of deceptive compliance claims. The allegations include misleading clients by assuring them of privacy and security regulation compliance despite allegedly skipping key requirements. Worse, DeepDelver claims Delve generated automated reports for what they called “certification mills” that rubber-stamp compliance.
The anonymous critic also shared leaked internal Slack messages and videos, accusing Delve of passing off an open source tool as proprietary software without credit or permission. A security researcher independently reported being able to access sensitive Delve data, raising questions about the company’s data security practices.
On top of that, controversy spread when malware was found in an open source project developed by a Delve customer, LiteLLM, linking Delve indirectly to further security concerns.
Delve’s Response: Blaming a Malicious Attack
Delve’s leadership fired back. In a blog post, COO Kocalar and CEO Karun Kaushik denied the whistleblower claims, calling them a “mix of fabricated claims, cherry-picked screenshots, and data taken out of context.” They stressed that their AI automates 70% of security questionnaires, countering accusations that their technology is ineffective.
But their strongest defense was an accusation of a targeted smear campaign. They said a malicious attacker gained access to Delve’s internal data by purchasing the company under false pretenses. This attacker allegedly leaked internal documents and used them to fuel the negative coverage.
Delve said they hired a cybersecurity firm to investigate and are working to understand what happened.
The blog included a screenshot showing the attacker exfiltrating an audit tracking spreadsheet, supporting their claim of a coordinated effort to damage the company’s reputation.
What’s Next for Delve and Its Backers?
Delve’s split from Y Combinator marks a major setback for the startup. YC’s backing is often seen as a vote of confidence and a gateway to further funding and partnerships. Losing that support could make it harder for Delve to attract new investors or clients.
Insight Partners’ removal of mentions of their investment suggests other backers may be reconsidering their involvement. Still, Delve insists it’s committed to clearing its name and addressing the security concerns.
This controversy shows how risky it can be for startups working in compliance and security. Trust matters a lot, and even a small sign of misleading clients or weak security can ruin a company’s reputation.
Right now, Delve is stuck in the middle of accusations of wrongdoing and claims that it’s being sabotaged. Investors, customers, and regulators are all watching closely to see what happens next.
Delve is trying to prove it’s the victim of a smear campaign, but the harm to its reputation and investor ties is obvious. How Delve handles this crisis could decide its future in the competitive compliance tech market.
