Y Combinator Cuts Ties With Controversy-Plagued Startup Delve

Y Combinator Severs Relationship With Troubled Compliance Startup Delve

The wave of controversy surrounding compliance startup Delve has claimed another significant casualty — its relationship with one of Silicon Valley's most prestigious startup accelerators, Y Combinator.

Delve has quietly disappeared from YC's official portfolio directory, and its dedicated page on the YC website has been taken down entirely. Confirming the split, Delve's Chief Operating Officer Selin Kocalar took to X to announce that the two organizations have officially gone their separate ways.

"I still remember the day we took our YC interview at MIT," Kocalar wrote in her post. "We're so grateful to the community and every founder friend we've made."

A Growing List of Investors Backing Away

Y Combinator is not the only major backer creating distance between itself and Delve. Insight Partners also appeared to scrub references to its investment in the company from its online presence, though its primary blog post was eventually reinstated. The pattern of institutional retreat signals deepening concern among those who once championed the startup.

The Allegations Against Delve

At the heart of the controversy are serious accusations that Delve misled its clients. Anonymous claims suggest the company falsely assured customers they were meeting privacy and security compliance standards, while allegedly bypassing critical requirements and automatically generating reports through what critics describe as "certification mills that rubber stamp reports."

The allegations first surfaced in an anonymous Substack publication by a writer calling themselves "DeepDelver," who identified as a former Delve customer. According to DeepDelver, suspicions arose after receiving leaked information about the company's client base.

Subsequent posts from DeepDelver included what were claimed to be internal Slack messages and video content from within the company. The anonymous writer also accused Delve of presenting an open-source tool as its own proprietary product, without crediting the original developer or entering any formal agreement. Adding further fuel to the fire, an independent security researcher reportedly gained access to sensitive Delve data, raising additional red flags about the company's internal security practices.

Delve also became entangled in a separate but related controversy when malware was discovered within an open-source project developed by Delve customer LiteLLM.

Delve Fights Back Against Anonymous Claims

In their most recent official blog post, Kocalar and CEO Karun Kaushik mounted a vigorous defense against what they characterized as coordinated anonymous attacks. The pair announced they had engaged a cybersecurity firm to investigate the matter and asserted that available evidence points to a deliberate malicious attack rather than legitimate whistleblowing.

"It appears that an attacker purchased Delve under false pretenses, maliciously exfiltrated data, including Delve's internal company data, and used it to launch a coordinated smear campaign against us," the executives stated. They also shared a screenshot they claim shows the alleged attacker transferring the company's audit tracking spreadsheet via file.io.

Beyond pointing the finger at an external bad actor, Delve also pushed back on the substance of DeepDelver's accusations, describing them as "a mix of fabricated claims, cherry-picked screenshots, and data taken out of context." The company specifically highlighted that even DeepDelver acknowledged Delve's AI successfully automated 70% of a security questionnaire — a point Delve views as evidence of its platform's genuine capabilities.

Regarding the open-source controversy, Delve explained that it built upon an Apache 2.0 licensed repository, which legally permits commercial use, and stated that the company made substantial modifications to tailor the tool for compliance applications.

Steps to Rebuild Customer Trust

Despite its defensive posture, Delve acknowledged the need to rebuild confidence among its user base. The company outlined several corrective measures, including removing auditing firms from its network that fail to meet its quality benchmarks, offering free re-audits and penetration testing to all active customers, and making explicit that its document templates — such as those for board meeting notes — are intended as starting points rather than finished compliance materials.

In a separate post on X, CEO Kaushik offered a more candid admission, stating: "We grew too fast and fell short of our own standard. To our customers, we deeply apologize for the inconveniences caused."

As the situation continues to unfold, TechCrunch has reached out to both Y Combinator and DeepDelver for comment on Delve's latest statements. Responses, if received, are expected to shed further light on one of the more dramatic startup controversies of recent months.