Compliance startup Delve has been removed from Y Combinator’s portfolio following weeks of escalating allegations about its business practices. The company’s COO Selin Kocalar announced on X that the company and Y Combinator had separated — a rare and significant move from the accelerator, which has backed over 4,000 companies and seldom publicly cuts ties with portfolio startups.
The crisis traces back to an anonymous Substack post by a person using the pseudonym DeepDelver, who claimed to be a former Delve customer. The posts alleged that Delve misled clients about their privacy and security compliance status, auto-generated reports, and relied on low-quality certification providers who approved reports without proper scrutiny. Subsequent posts shared what were described as internal Slack messages and video recordings from the company. It has not been independently verified whether the author was in fact a former customer, and Delve disputes this characterization. Separately, a security researcher publicly demonstrated that they could access sensitive Delve data, compounding the reputational damage.
In a blog post on Delve’s website, the company’s leadership characterized the situation as an attack by someone who purchased their service under false pretenses in order to obtain internal data for a smear campaign. The company said it has hired a cybersecurity firm to investigate and...
(AP) If a government hopes to function, it has to be able to enforce its laws. Our country is no exception, and in fact, the U.S. government is very good at enforcement. So when a big fraud case c...