The Rise and Fall of Delve: AI Compliance, Fabricated Certifications and the Y Combinator Split
Delve, a San Francisco-based startup that aimed to revolutionize the tedious world of corporate compliance, is currently facing a crisis that threatens its existence. Once a rising star in the AI sector with a $300 million valuation, the company is now battling allegations of systemic fraud and has officially parted ways with its prestigious accelerator, Y Combinator.
Who are the Founders of Delve?
Delve was founded in November 2023 by Karun Kaushik (CEO) and Selin Kocalar (COO). Both founders hold bachelor’s degrees in artificial intelligence from the Massachusetts Institute of Technology (MIT), where they met during their first week of study.
The inspiration for Delve came from a failed attempt to build an AI medical scribe. According to Kocalar, the duo spent months coding the tool from their dorm rooms, only to be halted by the complexities of HIPAA compliance. The process took six weeks and tens of thousands of dollars, involving lawyers and a team of 15 engineers. This friction led Kaushik and Kocalar to realize that compliance was a “black box” blocking growth for many startups, prompting them to leave MIT in 2023 to automate the process.
The Product and Market Promise
Delve builds software designed to automate compliance workflows. The company helps businesses obtain critical security and privacy certifications, including:
- SOC 2
- ISO 27001
- HIPAA
- GDPR
These certifications are essential for startups wanting to sign enterprise clients, as they serve as a signal that the company meets recognized security standards. This value proposition attracted significant investment, including a $32 million funding round led by Insight Partners.
The Controversy: “Certification Mills” and Fabricated Reports
The company’s trajectory shifted in late March 2026 when an anonymous Substack author known as “DeepDelver”—claiming to be a former customer—published allegations that Delve misled its clients. The primary claims include:
- Fabricated Certifications: Allegations that Delve issued hundreds of fake compliance certifications by skipping essential requirements and auto-generating reports.
- “Certification Mills”: The claim that Delve used rubber-stamp reports to give the illusion of compliance.
- Intellectual Property Theft: Accusations that Delve passed off an open-source tool as its own proprietary technology without credit or agreement.
- Data Security Failures: A security researcher reported being able to access sensitive Delve data.
The Fallout: Y Combinator and Investor Distance
The backlash has been swift. Y Combinator, which accepted Delve into its Winter 2024 batch, has removed the startup’s profile from its directory. Selin Kocalar confirmed on X that YC and Delve have “parted ways.”

Investors have also distanced themselves. Insight Partners reportedly deleted several posts regarding its investment in the company, although its primary blog post was later restored.
Delve’s Defense
In a statement issued on April 4, 2026, Delve attributed the wave of allegations to a “targeted cyberattack.” Even as the company acknowledged “internal lapses” resulting from its rapid growth, it maintained that the attacks were coordinated. CEO Karun Kaushik stated that the company could not respond sooner due to ongoing forensics and cybersecurity investigations.
Key Takeaways: The Delve Crisis
| Metric/Detail | Information |
|---|---|
| Founders | Karun Kaushik (CEO) & Selin Kocalar (COO) |
| Education | B.S. In AI, Massachusetts Institute of Technology (MIT) |
| Valuation | $300 Million |
| Core Product | Automated AI compliance (SOC 2, ISO 27001, HIPAA, GDPR) |
| Primary Allegation | Issuing fabricated compliance certifications |
| Current Status | Parted ways with Y Combinator |
As Delve attempts to navigate these allegations, the situation serves as a cautionary tale for the AI automation industry. The intersection of AI and regulatory compliance requires absolute transparency; when that trust is broken, even a $300 million valuation cannot shield a company from the consequences.
Keep reading