Context AI, the AI agent training startup whose security incident led to a data breach at website hosting giant Vercel last week, has confirmed it used embattled compliance startup Delve for its security certifications, TechCrunch reported on April 23, 2026.
The confirmation adds Context AI to a growing list of Delve customers experiencing security problems. Last month, another Delve customer, LiteLLM, was attacked by hackers who planted malware in its open source code. LiteLLM subsequently ended its relationship with Delve.
Vercel disclosed last weekend that hackers breached its internal systems and accessed customer data after an employee downloaded an app made by Context AI and connected it to Vercel’s corporate Google account. The hackers exploited that employee’s Google account access to break into Vercel’s internal systems.
Context AI told TechCrunch it has since ditched Delve and is working with Vanta and independent audit firm Insight Assurance to complete new security certifications. “Following the reporting surrounding Delve in March, we transitioned our compliance program to Vanta and engaged Insight Assurance, an independent audit firm, to conduct new examinations,” a Context AI spokesperson said.
Lovable, a vibe-coding platform and former Delve customer, also experienced a security incident this week. On Monday, the company admitted it had inadvertently shared access to customer chat data publicly and had dismissed vulnerability reports that alerted it to the problem months earlier. Lovable said it had already ended its relationship with Delve in late 2025 after whistleblower allegations emerged and is in the process of re-completing its security certifications.
Delve came under fire last month when an anonymous whistleblower alleged the startup was faking customer data and using rubber-stamping auditors in its compliance processes. The startup denied those allegations but has seen its reputation deteriorate, prompting Y Combinator to sever ties with the company.
The anonymous whistleblower, DeepDelver, published another post alleging Delve denied refunds to customers while taking more than 20 team members to an offsite meeting in Hawaii between April 15 and April 19. The whistleblower shared receipts with TechCrunch that support the Hawaii trip claim, though TechCrunch could not confirm other allegations. Delve declined to comment.
Security certifications are intended to verify that companies have policies and processes in place to hinder attacks and reduce the likelihood of customer data being compromised, but they do not prevent security issues on their own.
Source: TechCrunch