Home
Loading

aVenture is in Alpha: During this preview period, you should expect the research data to be limited and may not yet meet our exacting standards. We've made the decision to provide early access to our data to showcase the product as we build, but you should not yet rely upon it alone for your investment decisions.

aVenture is in Alpha: During this preview period, you should expect the research data to be limited and may not yet meet our exacting standards. We've made the decision to provide early access to our data to showcase the product as we build, but you should not yet rely upon it alone for your investment decisions.

Get in touch

  • Contact

  • Request a demo

  • Request data updates

  • Add a company

Research

  • Companies

  • Investors

  • People

aVenture

  • Sitemap

  • Feature requests

Member

Backed by

© aVenture Investment Company, 2026. All rights reserved.

San Francisco, CA, USA

Privacy Policy

aVenture Investment Company ("aVenture") is an independent research platform providing detailed analysis and data on startups, venture capital investments, and key industry individuals. It is not a registered investment adviser, broker-dealer, or investment advisor and does not provide investment advice or recommendations. The data provided by aVenture does not constitute recommendations or advice, whether by methodology, analysis, AI-generated content, or a statement written by a staff member of aVenture.

aVenture is not affiliated with any of the people, companies, organizations, government agencies, regulatory bodies, or investment funds we provide coverage for on this site unless explicitly stated otherwise. Users assume full responsibility for decisions made based on information obtained from this platform. Links to external websites do not imply endorsement or affiliation with aVenture. Any links that provide the ability to invest in a primary or secondary transaction in a company are for convenience only and do not constitute solicitations or offers to buy or sell an investment. Investors should exercise heightened precaution and due diligence when investing in private companies, especially those not independently audited.

While we strive to provide valuable insights with objectivity and professional diligence, we cannot guarantee the accuracy of the information provided on our platform. Before making any investment decisions, you should verify the accuracy of all pertinent details for your decision. To the fullest extent permitted by law, aVenture shall not be liable for any direct, indirect, incidental, consequential, or financial damages arising from use of this site, whether by consumers of its contents directly or by persons or organizations covered by our research, even if we are advised of the possibility. Our best-efforts processes and correction request forms do not create a warranty or duty of care.

Profiles on this platform may include content generated in part by large language models (LLMs, artificial intelligence) that aggregate publicly available sources (e.g., SEC EDGAR, public filings, press releases). Source attribution is provided where known; always verify statements and claims here against original sources before relying on any data. Content on our site may contain inaccuracies, omissions, or what are commonly called 'hallucinations' if generated in part or in full by AI / LLMs. The risk can also exist even when content is written by a human, as internal and third-party sources may also have inaccuracies for the same or different reasons. While we randomly audit a proportion of content, this is not exhaustive.

We recommend that an independent auditor be hired to verify the accuracy of the information before relying on it for any sensitive decisions. By accessing this platform, you agree not to rely solely on any information generated by AI, aggregated, or sourced or written otherwise on this site, for investment, financial, or other decisions. aVenture assumes no responsibility for inaccuracies, omissions, or hallucinations. You must independently verify all data from primary sources. Use of this platform constitutes your waiver of claims for reliance-based damages, including negligent misrepresentation. To report an error, request a correction, or dispute information about a company or individual, contact us via our request data updates form.

Loading
Loading
Home
News
Another customer of troubled startup Delve suffered a big security incident

From TechCrunch

By Julie Bort

April 23, 2026

Another customer of troubled startup Delve suffered a big security incident

Another customer of troubled startup Delve suffered a big security incident

The story of embattled compliance startup Delve keeps hitting twists and turns.

TechCrunch has confirmed that Delve was the compliance company that performed the security certifications for Context AI, the AI agent training startup that last week disclosed a security incident which led to a data breach at popular app and website hosting giant Vercel.

On the other hand, Lovable, which had its own security incident, is no longer a Delve customer.

To recap: Last month, Delve came under fire when an anonymous whistleblower alleged that the startup was faking customer data and using rubber-stamping auditors in its compliance and certifications processes. Delve has denied those allegations. 

Soon afterwards, hackers attacked one of Delve’s security certification customers, LiteLLM, and planted malware in its open source code. After the incident, LiteLLM told TechCrunch it was dumping Delve and getting re-certified.

Delve was also accused of taking an open source tool and passing it off as its own work without proper license attribution. The startup’s reputation grew shaky, prompting Y Combinator, where Delve graduated from, to sever ties.

Fast-forward to last weekend, Vercel said hackers had breached its internal systems and accessed some customer data. The company said hackers broke in after an employee downloaded an app made by Context AI and connected that app to Vercel’s corporate account hosted by Google. The hackers abused that employee’s access to their Google account to break into some of Vercel’s internal systems.

After Context AI was named in the Vercel attack, Gergely Orosz, author of the engineering newsletter The Pragmatic Engineer, said in a post on X that Delve was the company that handled Context AI’s security certification.

Context AI has now confirmed to TechCrunch that it did use Delve, but it has since ditched the startup and is in the process of getting re-certified. 

“Yes, Context was previously a Delve customer,” a spokesperson for Context AI told TechCrunch. “Following the reporting surrounding Delve in March, we transitioned our compliance program to Vanta and engaged Insight Assurance, an independent audit firm, to conduct new examinations. As part of the re-examination, we began updating our public materials, and we’ll share the new attestation when it is complete,” the spokesperson added. 

Security certifications on their own don’t stop security issues. They are intended to verify that a company has policies and processes in place to hinder attacks and reduce the likelihood of customer data being compromised. 

Case in point: Lovable was a Delve customer, but after the whistleblower’s allegations came out, the vibe-coding platform said it had ditched the startup back in late 2025. The company has already re-completed one security certification, and is in process of redoing others, it said. 

Still, Lovable on Monday admitted that it had inadvertently shared access to customer chat data publicly. The company also said it had dismissed vulnerability reports that alerted the company to the problem months earlier. Lovable apologized for initially denying there was a data breach, though it said the issue was caused by a configuration error, rather than a hack.

There’s even weirder news swirling around Delve. The anonymous whistleblower, DeepDelver, has published another post alleging Delve was denying refunds to customers, but still took its team of more than 20 people to an offsite meeting in Hawaii between April 15 and April 19.  

The whistleblower shared some compelling receipts with TechCrunch that lend credence to the alleged Hawaii trip, but TechCrunch could not confirm other claims.

After publication, Delve declined comment.

View original article on techcrunch.com

Most Recent

Neil Rimer thinks the AI money is coming back out

Neil Rimer thinks the AI money is coming back out

Neil Rimer, the venture capitalist who co-founded Index Ventures, predicts the historic wealth AI is generating in Silicon Valley will have to be redistributed, voluntarily or involuntarily.

Jul 17, 2026

Databricks hits $188B valuation, extending its run as AI’s favorite second act

Databricks hits $188B valuation, extending its run as AI’s favorite second act

Databricks has remade its image into an AI company and has published research on the cost savings of open weight AI models for coding.

Jul 17, 2026

Nuclear startup Valar Atomics in talks to raise new funding at $6B valuation

Nuclear startup Valar Atomics in talks to raise new funding at $6B valuation

The potential deal highlights a growing trend of complex, multi-stage funding rounds that mask true entry prices.

Jul 17, 2026

AI-powered travel agency Fora hits unicorn status, raises $60M

AI-powered travel agency Fora hits unicorn status, raises $60M

Travel agency Fora announced a $60 million Series D round led by Forerunner and Tactile Ventures, valuing the company at $1 billion.

Jul 16, 2026

Similar Posts

Oneleet raises $33M to shake up the world of security compliance

Oneleet raises $33M to shake up the world of security compliance

Founder Bryan Onel says too many companies are doing the bare minimum to meet their security compliance obligations, and raised $33 million to help his customers get both compliant and secure.

Oct 2, 2025

The reputation of troubled YC startup Delve has gotten even worse

The reputation of troubled YC startup Delve has gotten even worse

Delve faces new allegations that it violated the open source license of its customer, Sim.ai, by taking the customers's tool and passing it off as its own.

Apr 1, 2026

Relyance lands $32M to help companies comply with data regulations

Relyance lands $32M to help companies comply with data regulations

As the demand for AI surges, AI vendors are devoting greater bandwidth to data security issues. Not only are they being compelled to comply with emerging data privacy regulations (e.g. the EU Data Act), but they’re finding themselves under the microscope of clients skeptical about how their data is being used and processed. The trouble is, where it concerns tightening data security practices around AI, many orgs aren’t in a position to execute well. According to a survey from BigID, a data cont

Oct 10, 2024

Embattled startup Delve has ‘parted ways’ with Y Combinator

Embattled startup Delve has ‘parted ways’ with Y Combinator

The controversy around Delve appears to have cost the compliance startup its relationship with accelerator Y Combinator.

Apr 4, 2026

Most Recent

Neil Rimer thinks the AI money is coming back out

Neil Rimer thinks the AI money is coming back out

Neil Rimer, the venture capitalist who co-founded Index Ventures, predicts the historic wealth AI is generating in Silicon Valley will have to be redistributed, voluntarily or involuntarily.

Jul 17, 2026

Databricks hits $188B valuation, extending its run as AI’s favorite second act

Databricks hits $188B valuation, extending its run as AI’s favorite second act

Databricks has remade its image into an AI company and has published research on the cost savings of open weight AI models for coding.

Jul 17, 2026

Nuclear startup Valar Atomics in talks to raise new funding at $6B valuation

Nuclear startup Valar Atomics in talks to raise new funding at $6B valuation

The potential deal highlights a growing trend of complex, multi-stage funding rounds that mask true entry prices.

Jul 17, 2026

AI-powered travel agency Fora hits unicorn status, raises $60M

AI-powered travel agency Fora hits unicorn status, raises $60M

Travel agency Fora announced a $60 million Series D round led by Forerunner and Tactile Ventures, valuing the company at $1 billion.

Jul 16, 2026

Similar Posts

Oneleet raises $33M to shake up the world of security compliance

Oneleet raises $33M to shake up the world of security compliance

Founder Bryan Onel says too many companies are doing the bare minimum to meet their security compliance obligations, and raised $33 million to help his customers get both compliant and secure.

Oct 2, 2025

The reputation of troubled YC startup Delve has gotten even worse

The reputation of troubled YC startup Delve has gotten even worse

Delve faces new allegations that it violated the open source license of its customer, Sim.ai, by taking the customers's tool and passing it off as its own.

Apr 1, 2026

Relyance lands $32M to help companies comply with data regulations

Relyance lands $32M to help companies comply with data regulations

As the demand for AI surges, AI vendors are devoting greater bandwidth to data security issues. Not only are they being compelled to comply with emerging data privacy regulations (e.g. the EU Data Act), but they’re finding themselves under the microscope of clients skeptical about how their data is being used and processed. The trouble is, where it concerns tightening data security practices around AI, many orgs aren’t in a position to execute well. According to a survey from BigID, a data cont

Oct 10, 2024

Embattled startup Delve has ‘parted ways’ with Y Combinator

Embattled startup Delve has ‘parted ways’ with Y Combinator

The controversy around Delve appears to have cost the compliance startup its relationship with accelerator Y Combinator.

Apr 4, 2026