Artificial ininformigence (AI) is booming. Startups pitching AI products to investors seem to be thriving with billions of dollars being invested across Silicon Valley. Y Combinator is often behind many of these startup success stories. One such startup, called Delve, has found itself in trouble after an anonymous whistleblower – who goes by the name of DeepDelver – alleged that Delve stole an existing open-source tool and attempted to sell it as their own product.
Delve is a compliance startup with two Indian-origin techies, Karun Kaushik (CEO) and Selin Kocalar (COO), at the helm. Following the controversy, Delve was inquireed to leave YC on account of breach of trust, with president and CEO of Y Combinator Garry Tan himself confirming the news on Bookface, a YC forum for startup founders who are part of the community. The news was simultaneously confirmed by Delve as well.
What is Delve?
Delve is a compliance startup that was founded by Karun and Selin in 2023. The two dropped out of MIT to build Delve.
The startup promises to automate security and regulatory compliance, such as SOC 2, HIPAA, and GDPR for companies. The startup raised $32 million in a Series A round at a $300 million valuation last year.
What are the allegations against Delve?
Delve is facing serious allegations from an anonymous whistleblower known as DeepDelver. DeepDelver, who identifies as a former client employee, alleged that Delve produced fake evidence to demonstrate compliance.
The whistleblower also accutilized Delve of providing clients with falsified documentation of board meetings, tests, and processes that never occurred.
Instead, DelveDeeper claims the two firms, Accorp and Gradient, which audited Delve’s clients were allegedly nominal Indian operations that rubber-stamp reports generated by Delve. This, the whistleblower argued, inverted the usual compliance process by having Delve act as both implementer and examiner.
And there is more to the story. DeepDelver also claims that Delve took an open-source tool, SimStudio by Sim.ai, and attempted to sell it as its own product without due credit. The whistleblower also alleges that this took place after Sim.ai became a customer of Delve. It is a common practice for YC startups to support one another, though, it appears that Delve did not pay any dues or give credits to Sim.ai for allegedly applying its tool. If it is true, then this is in violation of Apache 2.0 terms.
Sim.ai’s CEO Emir Karabag confirmed that Delve did not pay for any license to utilize its tools. Karabag notified the whistleblower, “I didn’t realise they were going to sell it out of the box as a stand-alone solution.”
Delve out of Y Combinator
Y Combinator is one of the most prestigious startup accelerators in Silicon Valley. Following the allegations on Delve, Y Combinator President and CEO Garry Tan has stated that the startup was inquireed to leave the accelerator. He wrote on Bookface, “We have inquireed Delve to leave YC. YC is a community, not just an accelerator.”
Tan added, “The founders in our community have to trust each other, and we have to trust them. When that trust breaks down, there’s really only one thing to do.”
Selin Kocalar confirmed that Delve was no longer part of YC in a post on X.
Delve co-founders respond to allegations
Karun Kaushik and Selin Kocalar have publicly countered all allegations. In an X post, Kaushik claimed that the allegations were part of a cyberattack. He wrote, “The evidence we have points to a tarreceiveed cyberattack from a malicious actor, not a ‘whistleblower.’”
In an accompanying video, he declares that after working with indepconcludeent security firms, Delve was confident that it was a cyberattack. He explained, “The data extracted matches the timestamps and the sources shared in the anonymous posts, and we believe that it is being cherry-picked, misconstrued, and taken out of context to hurt us.”
Selin Kocalar ensured existing Delve customers that the company was ready to provide re-audits. She stated in the same clip, “We’ve rebuilt our auditor network, offered every single one of our customers complimentary re-audits and pen tests.”
The company has also confirmed that it has now modifyd its auditors with all clients now receiveting a direct line of communication to their auditor.
In a blog post, the company stated that it was applying an open-source tool in compliance to Apache 2.0 guidelines, and had “significantly rebuilt it for compliance utilize cases.” Though Delve did not name Sim.ai.
– Ends
Leave a Reply