Delve, once a promising name in compliance tech, now finds itself in stormy water. Its association with legendary startup accelerator Y Combinator has quietly fractured. Search the YC directory and Delve is gone, its page erased as if it were never there. The confirmation came not from a press release, but a measured, almost bittersweet post by Delve’s chief operating officer, Selin Kocalar. On X, she announced, “YC and Delve have parted ways.” There is no drama in her words, only a trace of nostalgia—for the day their small team traveled to MIT, the high hopes, the friends and mentors that made YC feel like more than just an investment.
But this silent break is no isolated act. Insight Partners—another of Delve’s investors—wiped away its online traces of support as well. Blog posts touting their backing vanished into the digital ether, though one later reappeared without comment. The message is clear: distance is the order of the day.
What prompted this retreat? For weeks, Delve has been battling a battery of accusations, all anonymous, all shadowed in intrigue. The core allegation is sharp: that Delve misled clients about compliance—assuring them all was well while essential regulatory steps were skipped and pseudo-certification reports, churned out by automated systems, were passed off as legitimate.
This all came to light through an enigmatic Substack writer calling themselves “DeepDelver.” The self-described former customer claims the first seeds of doubt were sown after leaked client data landed in their hands—raising hard questions about Delve’s integrity. DeepDelver quickly became a chronicler of Delve’s disarray, releasing what they claim are Slack exchanges, internal company videos, and even accusations that Delve repackaged open-source software as its own, without so much as crediting the original developer. A security researcher, meanwhile, says he found his way into sensitive Delve data with alarming ease.
The saga thickened when another controversy splintered off—a separate breach, this time malware uncovered in a project by LiteLLM, a startup that happens to be one of Delve’s own clients. Suddenly, the questions about trust and transparency extended beyond Delve itself.
Confronted by this swirl of shadows, Delve’s leadership has taken to the digital ramparts. In their latest blog post, Kocalar and CEO Karun Kaushik try to turn the tide, titling their piece with the defiant promise to “set the record straight on anonymous attacks.” They insist there is more here than meets the eye: Delve, they claim, fell victim not to a whistleblower but to a calculated, malicious assault. The charge is specific—they allege that someone posed as a buyer, then siphoned off company data to fuel a smear campaign. A screenshot of an audit spreadsheet supposedly exfiltrated via file.io appears in the post, proof, they say, of sabotage.
Delve’s response doesn’t stop at denial. The executives call DeepDelver’s posts a “blend of fabrication, cherry-picked screenshots, and data stripped of context.” One pointed rebuttal: DeepDelver dismisses their artificial intelligence, and yet, Delve says, the AI handled 70% of the heavy lifting in their security process—a fact even their harshest critic, they note, acknowledges in passing.
On the contentious matter of open-source code, Delve pushes back: the program in question, they say, was built atop an Apache 2.0-licensed repository—an explicit green light for commercial use. What’s more, they claim they reworked it heavily, crafting something distinct for compliance needs.
Still, in a rare moment of contrition, Kaushik admits the company’s own standards slipped amidst rapid growth. “We grew too fast and fell short of our own standard. To our customers, we deeply apologize for the inconveniences caused,” he writes.
Delve promises action. They say they’ve begun a sweeping internal cleanup—removing auditing partners who no longer meet their standards, offering free re-audits and penetration testing to current clients, and reminding everyone that much of their paperwork—templates for board meetings and the like—are meant as starting points, never as final answers.
For now, TechCrunch is still seeking comment from both sides: Y Combinator and the elusive DeepDelver. In the background, Delve presses on, bruised but unbowed, searching for solid ground in a business where trust is everything—and leaks, rumors, and anonymous blog posts can upend years of progress in a matter of weeks.
