One other buyer of troubled startup Delve suffered a giant safety incident

The story of embattled compliance startup Delve retains hitting twists and turns.

TechCrunch has confirmed that Delve was the compliance firm that carried out the safety certifications for Context AI, the AI agent coaching startup that final week disclosed a safety incident which led to an information breach at standard app and web site internet hosting big Vercel.

However, Lovable, which had its personal safety incident, is now not a Delve buyer.

To recap: Final month, Delve got here below fireplace when an nameless whistleblower alleged that the startup was faking buyer knowledge, and utilizing rubber-stamping auditors in its compliance and certifications processes. Delve has denied these allegations. 

Quickly afterwards, hackers attacked one in all Delve’s safety certification prospects, LiteLLM, and planted malware in its open supply code. After the incident, LiteLLM advised TechCrunch it was dumping Delve and getting re-certified.

Delve was additionally accused of taking an open supply instrument and passing it off as its personal work with out correct license attribution. The startup’s repute grew shaky, prompting Y Combinator, the place Delve graduated from, to sever ties.

Quick ahead to final weekend, Vercel mentioned hackers had breached its inside programs and accessed some buyer knowledge. The corporate mentioned hackers broke in after an worker downloaded an app made by Context AI and linked that app to Vercel’s company account hosted by Google. The hackers abused that worker’s entry to their Google account to interrupt into a few of Vercel’s inside programs.

After Context AI was named within the Vercel assault, Gergely Orosz, creator of the engineering e-newsletter, The Pragmatic Engineer, mentioned in a post on X that Delve was the corporate that dealt with Context AI’s safety certification.

Context AI has now confirmed to TechCrunch that it did use Delve, but it surely has since ditched the startup and is within the strategy of getting re-certified. 

“Sure, Context was beforehand a Delve buyer,” a spokesperson for Context AI advised TechCrunch. “Following the reporting surrounding Delve in March, we transitioned our compliance program to Vanta and engaged Perception Assurance, an impartial audit agency, to conduct new examinations. As a part of the re-examination, we started updating our public supplies, and we’ll share the brand new attestation when it’s full,” the spokesperson added. 

Safety certifications on their very own don’t cease safety points. They’re meant to confirm that an organization has insurance policies and processes in place to hinder assaults and scale back the chance of buyer knowledge being compromised. 

Working example: Lovable was a Delve buyer, however after the whistleblower’s allegations came out, the vibe-coding platform mentioned it had ditched the startup again in late 2025. The corporate has already re-completed one safety certification, and is in strategy of redoing others, it mentioned. 

Nonetheless, Lovable on Monday admitted that it had inadvertently shared entry to buyer chat knowledge publicly. The corporate additionally mentioned it had dismissed vulnerability experiences that alerted the corporate to the issue months earlier. Lovable apologized for initially denying there was an information breach, although it mentioned the difficulty was brought on by a configuration error, moderately than a hack.

There’s even weirder information swirling round Delve. The nameless whistleblower, DeepDelver, has published another post alleging Delve was denying refunds to prospects, however nonetheless took its crew of greater than 20 individuals to an offsite assembly in Hawaii between April 15 and April 19.  

The whistleblower shared some compelling receipts with TechCrunch that lend credence to the alleged Hawaii journey, however TechCrunch couldn’t affirm different claims.

Delve didn’t reply to requests for remark and affirmation, and an e mail despatched to its media relations tackle bounced.