Karun Kaushik, the Indian-origin co-founder and CEO of Delve, responded to allegations that his company misled customers about regulatory compliance, saying rapid growth led to internal flaws while also claiming that the controversy was linked to a targeted cyber attack.Delve is a compliance technology startup that helps companies assess and manage security, privacy, and regulatory compliance. Its headquarters are located in San Francisco, California.In a video statement, Karun Kaushik said the company “grew too quickly,” which created gaps in operations and oversight. He acknowledged that regulations have not kept pace with expansion, leading to issues that are now under scrutiny.
The company also issued a public statement apologizing to customers for “falling short” of its own standards.
Meanwhile, Delve has aggressively pushed back on the origin of the allegations. The company said the allegations stem from an anonymous actor and not from a legitimate whistleblower. According to Delve, the person behind the posts carried out a “targeted cyberattack,” accessed internal data under false pretenses, and then used that material to launch what he described as a coordinated smear campaign.
Delve said internal company data was stolen and then used with fabricated claims and “cherry-picked” screenshots to make the company look bad. The company added that ongoing cybersecurity and forensics investigations have delayed its overall response.The allegations themselves, reported by TechCrunch and based on anonymous posts, allege that Delve misled customers about compliance with key regulatory frameworks.
These include the Health Insurance Portability and Accountability Act and the General Data Protection Regulation.The claims also allege that Delve provided clients with audit-related materials described as “fake evidence” and facilitated compliance certifications without completing full audit procedures. If true, such actions could expose clients to legal and financial risks due to their failure to meet required standards.Delve has disputed these characterizations. The company said any materials referenced were taken out of context and, in some cases, were templates intended to help clients prepare documentation rather than to prove a final audit.In response to the situation, Kaushik said the company has introduced changes, including a new auditor network, free re-audits and penetration tests for clients, and increased transparency in audit communications.
He said that Delve is reviewing its previous work, strengthening internal controls and working to rebuild trust.Despite the dispute, Kaushik said the company remains committed to its compliance work and “is not going anywhere.”Kaushik studied artificial intelligence at the Massachusetts Institute of Technology (MIT), previously founded a health technology venture, and led scientific research before launching Delve in late 2023. He oversees product, audit delivery, and client operations.
