Overview
- Delve is no longer in Y Combinator’s public portfolio after the accelerator asked the startup to leave, and Insight Partners briefly scrubbed references to its investment before restoring a blog post.
- An anonymous whistleblower known as DeepDelver accused Delve of passing off Sim.ai’s SimStudio open-source tool as its own and of giving clients falsified compliance paperwork backed by auditors accused of rubber‑stamping reports.
- Delve’s founders denied wrongdoing, said a malicious actor bought access and exfiltrated company data, and hired a cybersecurity firm while offering free re‑audits, penetration tests, and a rebuilt auditor network for customers.
- Sim.ai CEO Emir Karabag told the whistleblower that Delve did not pay for a license and said he did not expect the tool to be sold as a stand‑alone product.
- A security researcher reported accessing sensitive Delve data, and separate malware found in a project used by Delve customer LiteLLM added supply‑chain and data‑security concerns for companies that rely on automated compliance.