The controversy surrounding compliance startup Delve has led to the loss of its affiliation with Y Combinator (YC). Delve is no longer featured on YC’s portfolio directory, and COO Selin Kocalar has confirmed on the platform X that the two entities have ceased their relationship.
Reflecting on their journey with YC, Kocalar expressed gratitude for the support from the community and fellow founders during their startup interview at MIT. This parting is not isolated, as investment firm Insight Partners has also distanced itself from Delve by removing prior mentions of the company, although a primary blog article has since been reinstated.
Delve is currently facing allegations of misleading clients regarding their compliance with privacy and security regulations, with claims that they have been shortcutting essential procedures and automating reports for certification “mills.” These accusations were initially aired by a former customer under the pseudonym “DeepDelver,” who asserted in an anonymous Substack post that he uncovered suspicious activities after receiving leaked data.
Subsequent posts by DeepDelver suggested that Delve misrepresented an open-source tool as its own and included damaging Slack communications and video content. A security researcher also reported being able to access sensitive Delve data.
Adding to the turmoil, malware was found in an open-source project linked to a Delve customer, LiteLLM. In response, Delve’s leadership, including Kocalar and CEO Karun Kaushik, published a blog post claiming that the accusations stemmed from a coordinated smear campaign orchestrated by an attacker who allegedly obtained Delve data under false pretenses. They stated they are working with a cybersecurity firm to investigate the incident.
Delve described the claims from DeepDelver as a blend of falsehoods and selectively presented information, asserting that their AI system automates a significant portion of security questionnaires. They clarified their use of open-source tools by stating that their modifications were compliant with the Apache 2.0 license, allowing for commercial adaptation.
Additionally, to restore confidence among clients, Delve indicated ongoing improvements, including the removal of non-compliant auditing firms, offering free re-audits, and clarifying the usage of their templates as initial drafts only. Kaushik further acknowledged the company’s rapid growth and the resulting shortcomings, apologising to customers for any resulting issues.
TechCrunch has reached out to both Y Combinator and DeepDelver for their responses to Delve’s statements.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
