A security breach affecting Vercel was linked to an incident involving Context AI, which previously relied on the compliance startup Delve for its security certifications. The breach occurred when an employee downloaded a Context AI app, unwittingly allowing hackers access to Vercel's internal systems through their Google account.
Delve's reputation has suffered following allegations from a whistleblower regarding falsified customer data and the use of inadequate auditing practices. In light of these claims, several companies have severed ties with Delve. Notably, LiteLLM, another customer of Delve, announced plans to seek re-certification after malware was discovered in its open source code.
In response to the controversy, Context AI confirmed it is no longer using Delve's services. The company is transitioning its compliance program to Vanta and engaging Insight Assurance for independent audits. A spokesperson noted that updates to their public materials will follow the completion of the new attestation.