Delve is no longer listed as a portfolio company of Y Combinator, marking a further escalation in the startup’s ongoing controversy involving allegations about its business practices.
The removal from Y Combinator’s directory was accompanied by a statement from Selin Kocalar, who said the two organisations had parted ways and expressed appreciation for the accelerator’s community.
Investor And Industry Fallout
The development follows signs that other backers have distanced themselves. Insight Partners previously removed posts referencing its investment in Delve, though its main announcement was later restored.
The controversy has unfolded alongside separate security concerns involving LiteLLM, a Delve customer, where malware was discovered in an open-source project.
Whistleblower Claims And Evidence Disputes
Allegations against Delve originated from an anonymous source known as “DeepDelver,” who claimed the company misled clients about compliance with privacy and security standards. The whistleblower said Delve automated reports and bypassed key requirements, sharing what they described as internal data, Slack messages, and video materials.
Subsequent claims also accused Delve of using an open-source tool without proper attribution or agreement with the original developer.
A separate security researcher reported being able to access sensitive company data, adding to scrutiny around the platform.
Company Response And Counterclaims
In a recent blog post, Delve executives including chief executive Karun Kaushik said the allegations stem from a malicious attack rather than legitimate whistleblowing.
They claimed an individual gained access to the company under false pretences, extracted internal data, and used it to launch what they described as a coordinated campaign. The company said it has engaged a cybersecurity firm to investigate the incident.
Delve disputed the allegations, describing them as a combination of fabricated claims and selectively presented information.
On the use of open-source software, the company said it built on an Apache 2.0 licensed repository, which allows commercial use, and stated that it had significantly modified the code for its own applications.
Remedial Measures And Customer Assurance
The company said it is taking steps to address concerns, including reviewing relationships with auditing firms, offering re-audits and penetration testing to customers, and clarifying the role of its templates as starting points rather than final compliance outputs.
Kaushik said the company had grown rapidly and acknowledged shortcomings, issuing an apology to customers for disruptions while stating efforts are underway to improve processes.
Featured image credits: Flickr
For more stories like it, click the +Follow button at the top of this page to follow us.