Delve Whistleblower Alleges Fake Compliance Again

Just one day after Delve CEO Karun Kaushik publicly refuted claims of fabricated compliance audit evidence, the anonymous whistleblower has escalated the situation. Using the pseudonym DeepDelver, the source released a new set of alleged proof, including a video and internal Slack communications. DeepDelver also promised further revelations, signaling this is not the end of the story.

The controversy centers on Delve, a startup that automates security certification and helps companies prove adherence to regulations like the GDPR. Founded by young MIT dropouts and backed by a substantial $32 million Series A funding round led by Insight Partners, the company has positioned itself as a key player in streamlining a complex process. Yet, this process is often viewed with skepticism. Many in the industry question whether security audits and certifications genuinely prevent security incidents or merely serve as bureaucratic checkboxes.

This debate has gained new urgency following a security breach at one of Delve’s notable clients. Last week, the open-source project LiteLLM, which had used Delve’s services to obtain two security certifications, was infected with malware in a highly publicized incident. The timing is striking, casting a shadow over the value of the certifications Delve helps secure and placing the startup’s practices under intense scrutiny. The whistleblower’s latest allegations suggest the problem may not be with the concept of compliance, but with how it is allegedly being executed.