The compliance startup Delve has lost its affiliation with the accelerator Y Combinator, as indicated by its removal from YC's portfolio directory. The company's Chief Operating Officer, Selin Kocalar, confirmed via a post on X that the two entities have ended their relationship. She expressed gratitude for the connections made during their time with YC.
Delve faces serious allegations of misleading clients regarding compliance with privacy regulations, which were first highlighted in an anonymous Substack post by an individual identifying as “DeepDelver.” This person, claiming to be a former Delve client, raised concerns over the startup’s practices, including the alleged use of auto-generated reports for compliance certification. Furthermore, a security researcher reported accessing sensitive Delve data.
In another twist, malware was found in an open-source project linked to Delve's client, LiteLLM. In response to the ongoing controversy, Kocalar and CEO Karun Kaushik announced in a recent blog post their efforts to combat the anonymous allegations and revealed they have engaged a cybersecurity firm to investigate the situation. They suggested that the claims stem from a coordinated attack rather than legitimate whistleblowing.