Delve, the AI compliance startup that was one of Y Combinator’s most celebrated portfolio companies, has officially parted ways with the accelerator. Co-founder and COO Selin Kocalar confirmed it on X on April 4: “YC and Delve have parted ways. I still remember the day we took our YC interview at MIT.”
The statement is the most public acknowledgment yet of a collapse that has unfolded rapidly over the past three weeks — and it caps one of the most dramatic falls from grace in recent startup history.
The Rise
Delve was founded in 2023 by Karun Kaushik and Selin Kocalar, both MIT dropouts. The company graduated from YC’s Winter 2024 batch with a clear pitch: use AI agents to automate the painful, time-consuming process of obtaining security and compliance certifications — SOC 2, HIPAA, GDPR. The idea resonated. Delve raised a $3M seed round, then a $32M Series A led by Insight Partners at a $300M valuation in July 2025. YC President Garry Tan called them “a top YC startup.” The founders made Forbes’ 30 Under 30 list for 2026. By every external signal, Delve was a rocketship.
The Unraveling
On March 18, 2026, an anonymous Substack writer called DeepDelver published a detailed investigation alleging that Delve was running what amounted to fake compliance as a service. The core allegation: 493 out of 494 SOC 2 audit reports generated by Delve were 99.8% identical — same paragraphs, same grammatical errors, same exact phrasing across hundreds of client files. Customers were allegedly told they were HIPAA and GDPR compliant when the evidence supporting those certifications had been fabricated.
The fallout was immediate. Hacker News hit 835 points within hours. Insight Partners quietly removed its investment blog post from its website. Delve disabled its demo pipeline.
Delve pushed back, describing itself as an “automation platform” where final reports are issued by independent auditors, not by Delve. Most observers, including prominent engineers like patio11, called it a textbook non-denial denial.
Also Read: The First $1 Billion AI Company With One Employee Is Here
It Got Worse
A second DeepDelver post on March 30 introduced a new allegation: Delve’s enterprise workflow product “Pathways,” sold to customers at $50,000 to $200,000+, was allegedly a lightly modified fork of SimStudio — the open-source tool built by fellow YC startup Sim.ai. The Apache 2.0 license requires attribution. Delve allegedly gave none, contracted an outside dev shop to maintain it, and told prospects they had built it from the ground up.
The detail that drew the most outrage: Sim.ai was an actual Delve customer. Delve had audited Sim.ai, charged them full price, and simultaneously sold their own product back to them — without credit or compensation. Sim.ai CEO Emir Karabeg, who had initially consoled the Delve founders after the first scandal, told TechCrunch he had not heard from them since learning of the allegation.
Where It Stands
As of April 4, Delve has released a statement citing “ongoing cybersecurity and forensics investigations” as the reason it could not comment earlier. Pathways has been scrubbed from the website. The media inquiries email no longer works. No formal regulatory action — no AICPA ruling, no HIPAA enforcement, no SEC investigation — has been initiated. The entire exposure came from one anonymous Substack writer.
That is perhaps the most important detail in this entire story. Seventeen hundred companies paid for security certifications. Many of them handle patient data. The system that was supposed to catch this — investors, auditors, the accelerator — did not. One pseudonymous writer on Substack did.
The Bigger Picture
Delve is being framed as a cautionary tale about Gen-Z founders and AI hype. That framing is too easy. The harder question is about incentive design. In a market where a clean pitch, a YC badge, and a $300M valuation creates enough social proof to skip due diligence, Delve was not an anomaly. It was an outcome.
