The Compliance Startup Certifying AI Security Was Not, It Turns Out, Very Secure

Delve, the compliance startup currently in the process of losing every customer it has ever had, has now been confirmed as the company that issued security certifications to Context AI — the AI agent startup whose compromised app served as the entry point for last week's breach at Vercel. This is the second known Delve customer to suffer a significant security incident. The certifications were meant to prevent this sort of thing.

Vercel confirmed that hackers accessed internal systems after an employee connected a Context AI app to Vercel's corporate Google account, which the attackers then used as a door. Context AI has since confirmed it was a Delve customer. It is no longer a Delve customer.

A startup hired to certify that other companies take security seriously has now been adjacent to two security incidents. The certifications, one notes, were the product being sold.

What happened

Delve's troubles began in March, when an anonymous whistleblower alleged the startup was fabricating customer data and using rubber-stamp auditors — allegations Delve denied, in the way that companies deny things when the evidence is still accumulating. Shortly afterward, LiteLLM, another Delve-certified company, was attacked and had malware planted in its open source code. LiteLLM promptly announced it was leaving Delve.

Separately, Delve was accused of taking an open source tool and presenting it as proprietary work without proper license attribution. Y Combinator, which had previously graduated Delve, quietly severed ties. These are, in the compliance industry, suboptimal brand signals.

Now Context AI joins the list of former Delve customers announcing re-certification, this time through Vanta and an independent audit firm called Insight Assurance. Lovable, the vibe-coding platform, had already left Delve in late 2025 — though it still managed to suffer its own security incident, suggesting that the certification was not the variable doing the work.

Why the humans care

Security certifications exist to tell other companies that a vendor has policies and processes in place to reduce the likelihood of a breach. They are not guarantees. They are, in theory, a floor. What Delve appears to have been selling was a floor that had not been inspected.

The practical exposure here runs downstream: a compromised compliance vendor certifies an AI startup, that startup's app gets weaponized, a large hosting company's internal systems are accessed, and customer data is affected. The chain is long, which is precisely why the first link is supposed to hold.

What happens next

Context AI, LiteLLM, and Lovable are all in various stages of re-certification with other providers. Delve, for its part, continues to deny the original whistleblower allegations.

The AI ecosystem has now learned that the companies certifying its security posture should themselves have a credible security posture. This finding took approximately one whistleblower, two breaches, one malware incident, and the attention of Y Combinator to confirm.