YC severs ties with Delve

Delve was supposed to be a very modern kind of startup. Two MIT dropouts built software that promised to turn one of the least glamorous jobs in tech into an AI workflow. The pitch was simple and powerful: companies could get through security and privacy compliance faster, with less paperwork, and close enterprise deals sooner. Investors loved it. Delve went through Y Combinator, raised a $32 million Series A led by Insight Partners in July 2025 at a $300 million valuation, said it was profitable, and claimed more than 500 customers. (techcrunch.com) That story began to break on March 22, when TechCrunch reported that an anonymous Substack post had accused Delve of falsely telling hundreds of customers they were compliant with standards tied to HIPAA, GDPR, and other frameworks. The core allegation was not that Delve had cut a few corners. It was that the company’s product and process may have created the appearance of compliance without doing the underlying work that makes compliance real. That distinction matters because in this business, the paperwork is the product. (techcrunch.com) The scandal widened almost immediately. The whistleblower kept posting new claims. TechCrunch later reported fresh allegations that Delve had used fake data in compliance audits and relied on auditors who rubber-stamped reports. Another report said the company’s reputation worsened after claims that it had taken an open-source tool and presented it as its own without proper attribution. Even if every allegation is not ultimately proven, the pattern is what did the damage. Delve stopped looking like a startup with a bug. It started looking like a startup whose basic operating logic was in question. (techcrunch.com) That shift is why Y Combinator’s move matters. On April 4, TechCrunch reported that Delve was no longer listed in YC’s company directory and that its page had been removed from the accelerator’s website. Other coverage described the company as having been dropped or asked to leave. However it was phrased, the result was the same: one of Silicon Valley’s most influential startup brands decided Delve was no longer something it wanted to stand behind. (techcrunch.com) Investors were already backing away. TechCrunch reported on March 23 that Insight Partners had scrubbed an article about its investment in Delve from its website. That did not unwind the investment, but it was a public act of distancing. In startup land, where signal is currency, that kind of deletion says plenty. It tells customers, future investors, and employees that the old growth story is over. (techcrunch.com) Karun Kaushik, Delve’s cofounder and CEO, responded by arguing that the company had “grown too fast,” that some of the material came from a targeted cyberattack rather than a true whistleblower, and that Delve had real lapses it now needed to fix. He also promised free re-tests and audits for customers. That is a revealing defense. It does not really restore trust. It concedes that trust is the issue. A compliance startup can survive slow growth. It cannot survive doubt about whether its own controls were sound. (fortuneindia.com) The surprising part is not that a young startup got sloppy. The surprising part is where it happened. Delve sold certainty to companies that needed it for sales, procurement, and legal risk. It was backed by Y Combinator, funded by a top-tier venture firm, and celebrated enough to land its founders on Forbes’ 30 Under 30 list for 2026. Yet the company still reached a point where YC severed ties and customers were offered do-over audits after the fact. In compliance, that is not a minor cleanup. That is the whole case against the company, sitting in plain view. (forbes.com)