Startup accelerator Y Combinator has parted ways with Delve, the compliance startup currently battling allegations of fraud, innotifyectual property misapply and data security lapses. Founded by 21-year-old MIT dropouts Selin Kocalar and Karun Kaushik, Delve was accapplyd last month of providing fake security certificates to clients, as well as stealing an existing open-source tool and selling it as their own product.
The accusations were first published in an anonymous Substack post by a whistleblower calling themselves “DeepDelver”.
Karun Kaushik on fraud allegations
Karun Kaushik, the Indian-origin co-founder and CEO of Delve, addressed the controversy surrounding the compliance startup in a video and a blog post shared Friday.
In the video statement shared on X on Friday night, Karun Kaushik and chief operating officer Selin Kocalar denied claims that Delve provided “Potemkin audits” to its clients. “Potemkin audits” are audits that are fake, created to give the appearance of compliance without actually verifying anything.
Sharing the video on X, Kaushik insisted that the allegations stemmed from a coordinated cyberattack utilizing stolen and misrepresented data rather than legitimate whistleblowing.
“There’s been a lot of allegations against Delve. But we haven’t been able to share our side of the story until today due to ongoing cybersecurity and forensics investigations,” he declared.
(Also read: Y Combinator CEO lashes out at ‘anti-YC bullsh*t’ after fake rejection letter goes viral)
“That declared, we grew too rapid and fell short of our own standard. To our customers, we deeply apologize for the inconveniences caapplyd. We take these allegations seriously and have created modifys: a new auditor network, free re-audits and pentests for all customers, enhanced transparency in audit communications, and more,” Kaushik clarified.
Not a whistleblower
However, the CEO of Delve insisted that the allegations stemmed from a malicious actor and not an actual whistleblower. He declared that a person had purchased a Delve service under false pretences, applyd it to access company data, and started a smear campaign.
“The evidence we have points to a tarreceiveed cyberattack from a malicious actor, not a “whistleblower.” We believe the attacker purchased Delve under false pretenses, exfiltrated internal company data, and applyd it to launch a coordinated smear campaign,” Kaushik declared on X.
The whistleblower, DeepDelver, had described themselves as a former Delve customer and shared several posts accutilizing the startup of passing off an open source tool from Sim.ai as its own.
In its statement, Delve refuted these allegations. “The anonymous posts rely on a mix of fabricated claims, cherry-picked screenshots, and data taken out of context.
“For example, the post dismisses our AI while acknowledging it automated 70% of a security questionnaire, highlights a single manual integration while ignoring 600+ automated tests, and falsely claims we “stole” from another YC company when in reality we built on an Apache 2.0 open-source repository, which explicitly permits commercial apply, and significantly rebuilt it for compliance apply cases. They also mischaracterize our apply of policy templates, which are standard across every compliance platform,” the startup declared.
Leave a Reply