A compliance startup designed to help companies follow the rules is now facing serious accusations of breaking them. Delve, a Y Combinator graduate that raised $32 million from Insight Partners, has become the center of a growing scandal involving allegations of faked customer data, rubber-stamp auditors, and now, the unauthorized use of open source software .

What Exactly Is Delve Accused Of?

The troubles began when an anonymous whistleblower known as DeepDelver came forward with damaging claims about Delve's business practices. The allegations have escalated significantly in recent weeks, painting a picture of a company that may have cut corners in ways that directly contradict its core mission .

The latest accusation centers on a tool called Pathways, which Delve pitched to prospects as its own creation. According to DeepDelver, Pathways is actually a modified version of SimStudio, an open source agent-building product created by Sim.ai, another Y Combinator graduate. When asked about the similarities, Delve allegedly claimed it had built Pathways from scratch .

If true, this would violate the Apache software license, which requires developers to credit the original creator when using open source code. The irony is sharp: a startup selling compliance solutions may have violated a fundamental software licensing agreement.

How Did This Relationship Between Delve and Sim.ai Develop?

The situation becomes even more complicated when you consider the business relationship between the two companies. Sim.ai was actually a customer of Delve, paying the compliance startup for its services. At the same time, Delve was allegedly using Sim.ai's open source code without permission or proper attribution .

"We knew they planned to use Sim for something and later tried unsuccessfully to sell them an agreement," stated Emir Karabeg, founder and CEO of Sim.ai. "I didn't realize they were going to sell it out of the box as a stand-alone solution."

Emir Karabeg, Founder and CEO at Sim.ai

Karabeg initially expressed sympathy for Delve after the first whistleblower allegations surfaced, but his tone shifted once he learned about the Sim.ai code issue. He told TechCrunch that he and Delve's founders had not been in contact since the new allegations emerged .

What Does This Mean for Y Combinator and Venture Capital Due Diligence?

Both Delve and Sim.ai graduated from Y Combinator, the prestigious startup accelerator founded by Paul Graham. The scandal raises uncomfortable questions about how thoroughly venture capital firms vet their investments, particularly when it comes to intellectual property and compliance practices .

Insight Partners, the venture firm that led Delve's $32 million Series A round, has notably scrubbed its 2025 blog post about the investment from its website. The firm's LinkedIn post announcing the deal has also not been restored. Meanwhile, Delve has removed mentions of the Pathways tool from its website, and its media inquiries email address no longer works .

Steps to Protect Your Startup From IP Violations

• Conduct thorough code audits: Before launching any product, scan your codebase against open source repositories to identify any unattributed or improperly licensed code that could create legal liability.
• Maintain clear licensing documentation: Keep detailed records of all third-party software, open source libraries, and external tools your company uses, including license types and attribution requirements.
• Establish IP review processes: Implement internal checkpoints where legal and technical teams review new features and products to ensure they don't inadvertently incorporate external intellectual property without proper agreements.
• Create vendor agreements: If you plan to use or build upon another company's technology, negotiate formal licensing agreements upfront rather than assuming open source tools can be freely modified and resold.

The Delve situation illustrates how quickly a startup's reputation can unravel when multiple allegations compound. The company's core value proposition is helping other organizations stay compliant with regulations and best practices. Being accused of the very violations it claims to prevent creates a credibility crisis that may be difficult to recover from .

As of now, Delve has not responded to requests for comment. The allegations have generated significant discussion on social media platform X, where the topic became trending with community notes highlighting the apparent hypocrisy of a compliance company facing compliance violations .