Embattled Startup Delve Has ‘parted Ways’ With Y Combinator

The contention astir Delve appears to person costs nan compliance startup its narration pinch accelerator Y Combinator.

Delve is nary longer listed among YC’s directory of portfolio companies, and the Delve page seems to person been removed from nan YC website. In addition, nan startup’s COO Selin Kocalar posted connected X that “YC and Delve person parted ways.”

“I still retrieve nan time we took our YC question and reply astatine MIT,” Kocalar said. “We’re truthful grateful to nan organization and each laminitis friend we’ve made.”

YC isn’t nan first investor to region themselves from Delve. Insight Partners besides appears to person deleted posts astir its finance successful nan company, though its superior blog station was later restored.

Meanwhile, Delve continues to push backmost against anonymous claims that it misled clients by telling them they were compliant pinch privateness and information regulations while allegedly skipping important requirements and auto-generating reports for “certification mills that rubber stamp reports.”

Those claims were first published successful an anonymous Substack post attributed to “DeepDelver,” who described themselves arsenic a erstwhile Delve customer who became suspicious aft receiving leaked information astir nan startup’s clients.

DeepDelver published consequent posts sharing what they said were Slack and video posts from nan company, arsenic good arsenic accusing Delve of passing disconnected an unfastened root instrumentality arsenic its own, without giving in installments aliases reaching an statement pinch nan developer. A information interrogator besides said he was capable to access delicate Delve data.

Meanwhile, Delve became part of a related controversy erstwhile malware was discovered successful an unfastened root task developed by Delve customer LiteLLM.

In the company’s latest blog post, Delve’s COO Kocalar and CEO Karun Kaushik declared their volition to group “the grounds consecutive connected anonymous attacks.” Among different things, they claimed that nan institution has hired a cybersecurity patient “to thief america understand what happened,” and said nan “evidence points to a malicious onslaught alternatively than a genuine whistleblower.”

“It appears that an attacker purchased Delve nether mendacious pretenses, maliciously exfiltrated data, including Delve’s soul institution data, and utilized it to motorboat a coordinated smear run against us,” they said. The blog station besides includes a screenshot that they said “shows nan attacker exfiltrating our audit search spreadsheet via file.io.”

Beyond this accusation, Delve besides described DeepDelver’s disapproval arsenic “a operation of fabricated claims, cherry-picked screenshots, and information taken retired of context.” For example, they said DeepDelver “dismisses our AI while acknowledging it automated 70% of a information questionnaire.”

On nan mobility of utilizing unfastened root tools, Delve said it “built connected an Apache 2.0 open-source repository, which explicitly permits commercialized use, and importantly rebuilt it for compliance usage cases.”

However, nan executives besides said they’ve been taking steps to guarantee customers “feel assured successful our level and compliance outcomes.”

Those steps supposedly see cleaning up nan company’s web to region auditing firms “that don’t meet our standards,” “offering complimentary re-audits and penetration tests to each progressive customers,” and making it “unambiguously clear” that Delve’s templates for things for illustration committee gathering notes “are designed to beryllium starting points only.”

In a station connected X, Kaushik made galore of nan aforesaid points but besides said, “[W]e grew excessively accelerated and fell short of our ain standard. To our customers, we profoundly apologize for nan inconveniences caused.”

TechCrunch has reached retired to Y Combinator and DeepDelver for immoderate consequence to Delve’s comments.