‘Malicious actor, not whistleblower’: Indian-origin founder Karun Kaushik reacts to ‘fraudulent’ accusations against startup

Karun Kaushik, the Indian-origin co-founder and CEO of Delve, responded to accusations that his company misled customers about regulatory compliance, saying rapid growth had led to internal shortcomings, while also claiming the controversy was linked to a targeted cyberattack.Delve is a compliance technology startup that helps companies assess and manage their security, privacy and regulatory compliance. Its headquarters are located in San Francisco, California.Karun Kaushik said in a video statement that the company was “growing too fast,” which resulted in gaps in processes and oversight. He admitted the system had not kept pace with expansion, leading to the problems now under review. The company also issued a public statement apologizing to customers for “falling short” of its own standards.Delph, meanwhile, has strongly refuted the source of the accusations. The company said the allegations came from an anonymous actor and not from a legitimate whistleblower. According to Delph, the individuals behind the posts conducted “targeted cyberattacks” to obtain internal data under false pretenses and then used that material to launch what they described as a coordinated smear campaign.Delph said internal company data was stolen and then used to create fabricated claims and “carefully chosen” screenshots to make the company look bad. The company added that ongoing cybersecurity and forensic investigations have delayed their public response.The allegations themselves, reported by TechCrunch based on anonymous posts, claim that Delve misled customers about its compliance with key regulatory frameworks. These include the Health Insurance Portability and Accountability Act and the General Data Protection Regulation.The charges also allege that Delve provided audit-related materials, known as “false evidence,” to clients and facilitated compliance certifications without completing full audit procedures. If true, such conduct could expose clients to legal and financial risks for failing to meet required standards.Delph questions these characterizations. The company said any materials cited were taken out of context and in some cases were templates intended to help clients prepare documents rather than final audit certifications.In response to this situation, Kaushik said that the company has made some changes, including establishing a new audit network, providing customers with free re-audits and penetration tests, and improving the transparency of audit communications. He said Delve was reviewing past work, strengthening internal controls and working to rebuild trust.Despite the controversy, Kaushik said the company remains committed to its compliance business and “isn’t going anywhere.”Kaushik, who studied artificial intelligence at MIT, previously founded a health tech business and led scientific research before launching Delve in late 2023. He oversees product, audit delivery and client operations.