Delve Security Scandals Escalate: Vercel Data Breach Tied to Ex-Customer Context AI

In a deepening crisis for compliance startup Delve, Vercel has disclosed a significant security breach linked to former customer Context AI.

Hackers exploited access granted through a Context AI app connected to Vercel's Google account, compromising internal systems and stealing customer data.

Delve's Troubled History Unravels

Delve, once backed by Y Combinator, faced whistleblower allegations in March 2026 accusing it of faking customer data and using inadequate auditors.

Soon after, LiteLLM, another Delve client, suffered a malware attack in its open-source code, prompting it to abandon Delve for re-certification elsewhere.

Lovable, which ditched Delve late last year, recently admitted to accidentally exposing customer chat data due to a configuration error.

Widespread Impacts on Tech Ecosystem

The Vercel incident highlights vulnerabilities in security certifications, as former Delve customers repeatedly face breaches despite purported compliance.

Context AI confirmed its past reliance on Delve but has switched to Vanta and independent auditor Insight Assurance for new attestations.

These events erode trust in automated compliance tools, forcing affected firms into costly re-audits and public disclosures.

Future Uncertainty for Embattled Delve

Y Combinator severed ties with Delve amid accusations of misattributing open-source code as proprietary.

Whistleblower DeepDelver alleges Delve denied customer refunds while its team vacationed in Hawaii, further damaging its reputation.

As more ex-clients pursue independent verifications, Delve's survival in the competitive compliance market hangs in the balance.

Industry experts warn that such scandals could spur stricter regulations on certification providers.