Beleaguered startup Delve has spun off from Y Combinator

The controversy surrounding it Wading It appears that it cost the compliance firm its relationship with the Y Combinator accelerator.

Delve is no longer listed in the YC directory of portfolio companies, and Depth page It appears to have been removed from the YC site. In addition, the startup’s COO, Selin Kocalar Published on X That “YC and Delve have parted ways.”

“I still remember the day we had the YC interview at MIT,” Kocalar said. “We are so grateful to the community and every founding friend we have made.”

YC is not the first investor to distance itself from Delve. Insight Partners appears to have done so as well Delete posts about her investment in the companyalthough its primary blog post was later restored.

Meanwhile, Delve continues to push back Anonymous claims he misled customers By telling them they are compliant with privacy and security regulations while allegedly skipping important requirements and automatically generating reports for “certification mills that issue reports with a rubber stamp.”

These allegations were first published in Anonymous Substack post It is attributed to “DeepDelver”, who described himself as one of Delve’s former clients who became suspicious after receiving leaked data on the startup’s clients.

DeepDelver published subsequent posts sharing what he said Slack and video posts From the company as well Accusing Delve of passing off an open source tool as its ownwithout granting credit or reaching an agreement with the developer. A security researcher also said he could Access sensitive Delve data.

Meanwhile, he became a delph Part of the relevant controversy When malware was detected in an open source project developed by the Delve LiteLLM client.

in Latest company blogDelve COO Kocalar and CEO Karun Kaushik announced their intention to set “the record straight regarding Anonymous attacks.” Among other things, they claimed that the company hired a cybersecurity firm to “help us understand what happened,” and said that “evidence points to a malicious attack rather than an actual whistleblower.”

“It appears that an attacker purchased Delve under false pretenses, maliciously leaked data, including internal Delve data, and used it to launch a coordinated smear campaign against us,” they said. The blog post also includes a screenshot that they said “shows the attacker leaking our audit trail spreadsheet through it.” file.io“.

Aside from this accusation, Delve also described DeepDelver’s criticism as “a mix of fabricated claims, cherry-picked screenshots, and data taken out of context.” For example, they said that DeepDelver “rejects our AI while admitting that it automates 70% of security questionnaires.”

On the issue of using open source tools, Delve said it “built on the open source Apache 2.0 repository, which explicitly allows for commercial use, and has significantly rebuilt it for compliance use cases.”

However, executives also said they are taking steps to ensure customers “feel confident in our platform and compliance results.”

These steps are supposed to include cleaning up the company’s network to remove audit firms “that do not meet our standards,” “offering free re-audits and penetration tests to all active clients,” and making clear that Delve templates for things like board meeting notes are “designed as starting points only.”

in Share on XKaushik raised many of the same points but also said: “(We) grew too fast and fell short of our own standards. To our customers, we sincerely apologize for the inconvenience caused.”

TechCrunch has reached out to Y Combinator and DeepDelver for any response to Delve’s comments.