Y Combinator-Backed Compliance Startup Delve Faces Whistleblower Fraud Allegations, Security Vulnerabilities Amid $300M Valuation

Y Combinator-backed compliance startup Delve, valued at $300 million, is under fire from an anonymous whistleblower alleging it fabricates compliance evidence, potentially exposing hundreds of clients to criminal HIPAA liability and GDPR fines, while a security researcher simultaneously uncovers critical vulnerabilities in its systems.

• Compliance startup Delve, backed by Y Combinator and valued at $300 million, faces serious accusations from an anonymous whistleblower claiming it produces fake compliance evidence, potentially exposing hundreds of customers to criminal liability under HIPAA and hefty fines under GDPR.
• Delve denies the allegations, insisting it operates solely as an automation platform where independent licensed auditors issue final reports, and that its document templates are standard industry practice, not fabricated evidence.
• Security researcher Jamieson O'Reilly reveals multiple critical vulnerabilities in Delve's external attack surface after a user claims to have accessed sensitive company data including employee background checks and equity vesting schedules.