Delve is a 2023 startup that pitched AI-driven compliance for HIPAA, SOC 2, and GDPR. Founders Karun Kaushik and Selin Kocalar aim to automate governance with a friendly UI and a steady hand. In 2026, the Open-Source ethos still matters, and the Delve story tests how startups navigate community licenses, trust, and transparent audits.
Delve and Open-Source ethics in 2026
Anonymous whistleblower DeepDelver alleges Delve copied an Open-Source tool, SimStudio by Sim.ai, and tried to sell it as a Delve product. The claim touches on the Apache 2.0 license and the fine print many startups overlook. The whistleblower also claims forged compliance evidence and a system where Accorp and Gradient acted as auditors who rubber-stamped reports. Delve denies the claims, calling them a cyberattack and promising re-audits. The incident underscores how Open-Source licenses can clash with startup ambitions and how trust is built or broken in the YCombinator ecosystem.
Open-Source licenses, Delve, and re-audits
The story quickly moves from rumor to policy talk. Kaushik says the company is ready for independent, third-party verification. Kocalar notes that Delve has rebuilt its auditor network and now offers clients re-audits and pen tests at no extra cost. In their words, they are replacing partners who rubber-stamped results with direct lines to actual auditors. This is not magic; it is the result of invested process and a clearer split between implementer and examiner. In short, the team wants to show that transparency can be more powerful than novelty.
On the legal front, the team argues that they used an Open-Source tool in compliance with Apache 2.0 guidelines and that the tool was significantly adapted for real-world compliance use cases. The pair says Sim.ai never paid for a license, and there are questions about the timing of the sale of the tool. The Sim.ai CEO, Emir Karabag, replied that Delve did not license the tool and that the plan to package it as a stand-alone solution surprised him. The tension between open collaboration and closed monetization sits at the heart of the debate.
Meanwhile, the YC universe weighs in. Garry Tan, the president and CEO of YCombinator, said on Bookface that Delve was asked to leave. He framed the move as a community decision, stressing that trust among founders is essential. Selin Kocalar later confirmed the parting on X, and the founders publicly pushed back, arguing that a cyberattack rather than a whistleblower drove the breach of trust. The back-and-forth is less about personalities and more about the shared expectation that ideas are protected by licenses, not hidden by deception. YCombinator remains a facilitator, not a spectator, in this staged audit of community norms.
Beyond the headlines, what can startups take away? First, licenses matter. A strong Open-Source posture demands you credit contributions and respect licenses, even when the business model hinges on speed. Second, auditors matter. Delve into the auditor network early, and maintain direct contact with each auditor so there is an auditable trail you can reference later. Third, trust matters. YC culture thrives on trust, and breaches require a clear, verifiable plan to restore it. The Delve case becomes a case study in open collaboration, responsible automation, and the art of re-auditing with integrity.
For readers who love insider detail, the timeline is a reminder that in AI and compliance, the best tech is often the most boring: it is built on solid processes, honest reporting, and a healthy respect for licenses. Delve’s response in the months ahead will signal whether a startup can recover from a trust breach or if the narrative ends up as a cautionary tale about open collaboration, not open innovation.
Original article attribution: Armaan Agarwal’s original piece. Thank you for the original source material.
Special thanks to Armaan Agarwal for expanding the discussion around AI compliance and Open-Source ethics.
Practical takeaways for startups
- Credit all contributions and respect licenses from day one, even when speed is critical.
- Build an auditable trail by design; separate the implementer from the examiner in every project.
- Establish a direct line to auditors and maintain open communication with clients about re-audits and tests.
Delve’s response and timeline
Kaushik and Kocalar publicly countered the allegations, framing them as the result of a cyberattack. They emphasized that independent security firms validated their posture and that data points align with the anonymous posts, suggesting misrepresentation. They continue to push for transparent, verifiable evidence to restore trust.
Open-Source licensing in practice
Open-Source licensing is a real concern for startups. It requires clear attribution, license compliance, and ongoing governance. The Delve case highlights the importance of a disciplined licensing strategy and auditable processes to sustain customer confidence.
Frequently asked questions
-
What is the core dispute involving Delve?
The core dispute centers on alleged use of an Open-Source tool without proper licensing and concerns about forged compliance evidence. Delve denies the claims and points to a cyberattack as the cause.
-
Why do Open-Source licenses matter for startups?
Licenses determine how software can be used, modified, and shared. Missteps can trigger legal risk, reputation damage, and losses in customer trust.
-
What should companies do to regain trust after a dispute?
Communicate transparently, provide independent audits, and maintain direct contact with auditors and clients. A clear plan for re-audits and ongoing governance helps restore confidence over time.
Conclusion
Delve’s case offers a practical lesson: strong governance, transparent audits, and honest licensing practices matter as much as product innovation. For startups, the path forward lies in accountable collaboration, not shortcuts that obscure provenance or compliance. The market will watch to see whether Delve rebuilds trust through verifiable audits and clear licensing discipline.

