Startup Delve Splits from Y Combinator Amid Turmoil

The Controversy Surrounding Delve and Its Fallout with Y Combinator

The compliance startup Delve has recently found itself in hot water, leading to the termination of its relationship with the prestigious accelerator Y Combinator. This fallout became apparent when Delve was no longer listed among YC’s directory of portfolio companies, and its page was seemingly removed from the YC website. COO Selin Kocalar confirmed the split by stating on X that “YC and Delve have parted ways.”

Reflecting on their journey, Kocalar expressed gratitude towards the YC community and the friends they had made along the way, reminiscing about the day they took their YC interview at MIT.

It’s worth noting that Y Combinator isn’t the only investor distancing themselves from Delve. Insight Partners also removed posts related to their investment in the company, although their main blog post was later reinstated.

Despite these setbacks, Delve has been vehemently refuting anonymous allegations that they misled clients by providing false compliance assurances and cutting corners on essential requirements. These claims surfaced in an anonymous Substack post attributed to “DeepDelver,” a purported former Delve customer who raised suspicions after receiving leaked data about the company’s clients.

DeepDelver continued to publish damning revelations, including leaked Slack and video posts from Delve, as well as accusations of intellectual property theft and inadequate data security practices. A security researcher even claimed to have accessed sensitive information from Delve.

Adding to Delve’s woes, the company got entangled in another controversy when malware was discovered in an open source project associated with one of their clients, LiteLLM.

In response to the mounting accusations, Delve’s COO Kocalar and CEO Karun Kaushik released a statement aiming to debunk the anonymous attacks. They revealed that a cybersecurity firm had been enlisted to investigate the allegations, suggesting that the company was a victim of a malicious attack rather than a genuine whistleblower.

The executives provided evidence, including a screenshot allegedly showing the attacker exfiltrating Delve’s internal data, to support their claims. They vehemently denied the accusations and dismissed them as a concoction of falsehoods and misinterpreted information.

Amidst the turmoil, Delve clarified their use of open source tools, emphasizing that they had complied with licensing agreements and tailored the tools for compliance purposes. They also reassured customers of their commitment to enhancing platform security and compliance standards.

Measures undertaken by Delve include purging auditing firms that fall short of their standards, offering complimentary re-audits and penetration tests to active clients, and clarifying the intended use of their templates and resources.

In a candid statement on X, CEO Kaushik acknowledged the company’s shortcomings due to rapid growth and apologized to customers for any inconveniences caused.

For further insights, TechCrunch has reached out to Y Combinator and DeepDelver for their responses to Delve’s rebuttals.