Another customer of troubled startup Delve suffered a big security incident

2026-04-23 · Source: AI News & Artificial Intelligence | TechCrunch · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning, Emerging Technologies & Innovation · Depth: Fundamental Awareness, short

Summary

Compliance startup Delve is facing escalating scrutiny following multiple security incidents involving its former clients. TechCrunch confirmed Delve performed security certifications for Context AI, an AI agent training startup whose breach led to a data compromise at Vercel. Context AI has since transitioned its compliance program to Vanta and engaged Insight Assurance for new examinations. Previously, Delve was accused by a whistleblower of faking customer data and using rubber-stamping auditors, allegations Delve denies. Another former client, LiteLLM, experienced a malware attack and subsequently dropped Delve. Y Combinator also severed ties with Delve after allegations surfaced that Delve used an open-source tool without proper attribution. Lovable, another former Delve customer, admitted to inadvertently sharing customer chat data publicly, though it attributed the issue to a configuration error rather than a hack.

Key takeaway

For CTOs and VPs of Engineering evaluating compliance vendors, scrutinize the vendor's track record and internal processes beyond mere certification claims. The repeated incidents involving Delve's clients, including the Vercel breach via Context AI, highlight the critical need for due diligence. Your organization's security posture is directly tied to the integrity of your compliance partners, so consider re-certifying with a reputable firm like Vanta if your current vendor faces similar allegations.

Key insights

Security certification quality directly impacts downstream organizational and customer data integrity.

Principles

• Certifications verify policies, not prevent all attacks.
• Timely response to vulnerability reports is critical.

In practice

• Verify compliance vendor reputation and practices.
• Re-evaluate security certifications after vendor issues.

Topics

• Delve
• Security Certifications
• Data Breaches
• Compliance Fraud
• Vercel Security Incident

Best for: CTO, VP of Engineering/Data, Executive, Tech Journalist, Director of AI/ML, Consultant

Related on AIssential

• Delve accused of misleading customers with ‘fake compliance’ — Allegations suggest a compliance automation platform may be enabling "structural fraud" by generating fake evidence and pre-approving audits.
• Vercel breach prompts crypto projects to rotate API keys — A Vercel security breach via Context.ai compromised API keys, impacting crypto projects and raising concerns for Web3 infrastructure.
• Security leaders must regain control of vendor risk, says Vanta’s risk and compliance director — The rise of AI technologies has significantly amplified complex cyber threats, making supply chains a high-risk area, with 70% of UK security leaders reporting unprecedented security risks in 2025.
• Delve did the security compliance on LiteLLM, an AI project hit by malware — Open-source projects face significant supply chain risks, even with security certifications.
• Data leaks are finally on the radar of politicians. — France's recurring data breaches highlight a critical technical command deficit within the State's digital infrastructure.
• Ozempic Maker Novo Nordisk Confirms Security Incident After $25M Hacker Demand — Healthcare and pharma companies face escalating threats to high-value intellectual property, including clinical trial data and AI models.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by AI News & Artificial Intelligence | TechCrunch.