Compliance automation startup Delve has officially severed ties with Y Combinator following a series of explosive allegations, including the fabrication of nearly 500 audit reports and the alleged appropriation of open-source intellectual property. The controversy, initially brought to light by an anonymous Substack writer named DeepDelver, has sent shockwaves through the tech and compliance industries.
Delve, founded by Karun Kaushik and Selin Kocalar, had rapidly ascended, securing a $32 million Series A funding round led by Insight Partners at a $300 million valuation. The company promised to automate SOC 2, HIPAA, and other compliance certifications in days, a significant reduction from traditional timelines. However, DeepDelver's investigation, which included a leaked spreadsheet, revealed that 493 out of 494 SOC 2 reports issued by Delve were "99.8% identical," containing the same grammatical errors and boilerplate language.
The anonymous whistleblower further alleged that Delve routed clients through a select group of "certification mills" in India, which effectively rubber-stamped reports generated by Delve itself, circumventing independent auditing standards. Adding to the scandal, DeepDelver claimed that Delve's "Pathways" tool, sold to enterprises for substantial fees, was a lightly modified version of SimStudio, an open-source product from fellow YC company Sim.ai, used without proper attribution or licensing. Gergely Orosz, a prominent voice in the tech community, summarized the situation by stating, "Apparently Delve's founders were so shameless that they 1. Charged a fellow YC company (Sim) their full fee for auditing (that turned out to be fake) 2. Then ripped off Sim's IP, and sold it to customers for $$.
In response to the mounting pressure, Y Combinator President Garry Tan announced that Delve had been asked to leave the accelerator, emphasizing that "YC is a community, not just an accelerator," and that trust within the community is paramount. Delve COO Selin Kocalar confirmed the split on social media. Previously, Insight Partners had quietly removed its blog post announcing its investment in Delve, although it was later restored. Delve's co-founders, Kaushik and Kocalar, have denied the allegations, attributing them to a "targeted cyberattack" and stating that their materials are "templates to help teams document their processes." The company has also announced plans for complimentary re-audits for customers and a restructuring of its auditor network, acknowledging that they "grew too fast and fell short of our own standard."
