Why YC Dropped Delve, and What It Says About YC Now

In September 2025, Garry Tan, the CEO of Y Combinator (YC, the Silicon Valley startup accelerator that funded Airbnb, Stripe, and Coinbase), tweeted that Delve was “now a top YC startup.”^[1] Two MIT dropouts, twenty-one years old, a $32 million Series A from Insight Partners six weeks earlier at a $300 million valuation.^[2] Tan stamped them on his way out the door of an MIT recruiting talk.

Six months later he asked them to leave Y Combinator.

What happened in between is straightforward fraud. The kind you'd expect from a company selling SOC 2 reports (Service Organization Control 2, the security and compliance audit standard every B2B software buyer asks for before signing). An anonymous Substack called DeepDelver pulled a leaked spreadsheet of 494 finalized audits Delve had sold to enterprise customers and showed that 493 of them were textually identical, including the same grammatical errors and placeholder strings (‘sdf’, ‘dlkjf’) that had survived the templating process and shipped to paying buyers.^[3] Customers named in the leak include Notion, Brex, Anthropic, and Gusto.^[4]

YC's response, on Bookface a week or two later: “We have asked Delve to leave YC. The founders in our community have to trust each other, and we have to trust them.”^[7]No public statement. Delve's COO Selin Kocalar posted on X that “YC and Delve have parted ways.”^[9]

That's the canvas. The question I actually want to think about is what the Delve story says about the YC that funded them. Because the easy takes are wrong. Delve got into YC's Winter 2024 batch. Tan personally vouched for them in 2025. YC alumni bought from Delve because Delve was YC. The fraud was theirs. The trust network that magnified it was YC's. And the question is whether YC's recent posture, under Garry Tan, makes another Delve more likely or less.

The Easy Takes Are Both Wrong

There are two stories about YC right now. Neither of them is the real one.

The first is “YC has lost its soul.” It's a meme older than Tan. The most-upvoted version on Hacker News (YC's own tech-news forum) is a thread from 2020, when the complaint was that YC was funding too many AdTech and crypto startups and had become venture capital cosplaying as a startup school.^[10] Founders have been saying YC has lost its soul roughly every other year since 2014. It's not nothing, but it's not new and it's not specific to Tan.

The second is “this is one bad apple, YC catches almost no fraud, leave them alone.” There's something to this. YC has graduated more than 5,000 companies, and serious fraud at the Delve scale is rare in the portfolio.^[11] The partners moved fast once the evidence was undeniable. Delve is exceptional, not endemic.

But neither story explains the actual surprise: that a company with auto-generated SOC 2 reports got into YC's Winter 2024 batch, raised a $32 million Series A from a top-tier VC, got publicly endorsed by YC's CEO, and accumulated 600 paying customers including some of the most security-conscious software companies on Earth, before an anonymous Substack pulled the thread. The interesting question isn't whether YC is broken. It's what about the system makes a Delve, specifically, an attractive bet, and what does that say about what YC has become.

YC's Real Product Was Never the Program

The thing people don't quite get about YC is that the program isn't really the product.

The check is $500,000, which is small. It's $125,000 for 7 percent on a post-money SAFE plus $375,000 on an uncapped most-favored-nation note. (A SAFE is a Simple Agreement for Future Equity, a standardized promise to convert into stock at the next priced round; an MFN note matches whatever terms a future investor gets.) YC has not changed any of these terms since January 2022.^[12]You can get bigger checks at lower dilution from Neo, from Sequoia Arc, from a16z's Speedrun, from South Park Commons. If money is what you're optimizing for, YC isn't the answer.

The program is also short, three months, and most of it is partner office hours and template advice. Useful, but not a moat.

The product is the network. More specifically, the trust network. When you do YC, three things happen. Other YC alumni take your call. They become your first customers. And outsiders, including investors and enterprise buyers, treat the YC stamp as a quick-and-dirty signal that someone has vetted you.

I think this is what made the Delve story sting. Sim.ai, the YC company whose open-source compliance tool Delve allegedly stole and resold as Pathways, was an alum buying from an alum. The buyers of the rebadged product, Notion and Brex and Anthropic and Gusto, weren't doing exhaustive vendor reviews because Delve came in through a YC introduction. The SOC 2 reports were, of course, the point: customers were buying Delve specifically to outsource their own due diligence to a stamp.^[4]

In other words, Delve weaponized the YC trust network at every layer. It hired through alum-adjacent referrals, sold to alum-adjacent customers who outsourced compliance to it, and used the YC brand as the mechanism that made any of that easy. The point landed clearest in a Hacker News comment from a founder named nfw2 the day after Tan's Bookface post.^[13]

What Tan Actually Changed

Garry Tan took over YC in January 2023. The structural changes he's made in the two years since are smaller than people remember.

He killed YC's late-stage Continuity Fund in March 2023, which he described as “a distraction from our core mission.”^[14] He moved from two batches a year to four in 2025. He kept the deal terms unchanged. The total throughput has stayed roughly flat at 500 to 600 companies a year. The W26 batch, which had its Demo Day in March, was about 196 companies, and Tan reported 14 of them hit $1 million in annual recurring revenue by Demo Day, the highest count ever for a YC cohort.^[15]

The cultural changes are bigger.

About 60 percent of the Winter 2026 batch is AI.^[15]Tan said in a March 2025 CNBC interview that for a quarter of the Winter 2025 batch, “95 percent of lines of code are LLM (large language model) generated.”^[16]He has said publicly, more than once, that founders “don't need a team of 50 or 100 engineers” and that an engineer who couldn't get a job at Meta or Google can now run a company doing $10 million a year alone.^[16] He has tweeted weekly batch-revenue growth numbers each Demo Day, escalating each cohort: 10 percent week-over-week for Winter 2025, 12 percent for Spring 2025, 14 percent for Winter 2026.^[17] The numbers are self-reported, computed across companies that volunteer revenue figures to partners. There is no audited dataset.

Then there's his personal output. On April 11, 2026, Tan tweeted that his agents were shipping 37,000 lines of code a day across five projects.^[18]Two days later a developer named Gregor audited Tan's homepage and found it required 6.42 megabytes across 169 server requests to load, against the 7 requests and 12 kilobytes Hacker News uses to do the same job.^[19]

It's a mistake to read these as separate things. The growth numbers, the 95 percent AI claim, the lines-of-code tweet, the celebration of the engineer building alone, are all expressions of the same posture. Ship fast. Trust the AI. Skip the review.

The posture is the thing. It selects who applies, what they pitch, what gets funded inside the partner discussion, what gets celebrated on Demo Day, what gets retweeted from the YC account. The structural knobs Tan has turned are minor. The cultural dial he's turned is loud.

Delve Is the Right Symptom of the Wrong Disease

Read Delve's failure mode against that posture and the parallel is uncomfortable.

Delve's product was, according to the DeepDelver allegations, a language model that auto-generated SOC 2 audit reports from a template. Of 494 leaked finalized reports, 493 contained the exact same boilerplate, including the same grammatical errors. 259 Type II reports contained identical conclusions claiming zero clients had any security incidents during their monitoring periods, which is statistically impossible across hundreds of companies.^[3]A separate Google Sheet leak in December 2024 first exposed the templating; CEO Karun Kaushik sent customers an email at the time claiming “the AI-generated email is fraudulent... you are in compliance and there is no impact to the validity of your audit report.”^[3] Fifteen months later DeepDelver confirmed the leak was real.

Strip the fraud out for a second. What's left is a product that generates a lot of code-equivalent output, very fast, with as little human review as possible. That's not a coincidence. It's a clean implementation of the cultural pitch. The pitch said the constraint was speed; Delve delivered speed. The pitch said AI was good enough to skip the second half; Delve skipped the second half. It just happened to be selling the second half as the product.

The customer flight after the scandal is the data. Lovable, 11x, Bland, and Context AI all publicly switched to Vanta within weeks of the DeepDelver posts.^[8]Context AI's statement put it on the record: “Yes, Context was previously a Delve customer. Following the reporting surrounding Delve in March, we transitioned our compliance program to Vanta.”^[8]

What those customers stopped trusting wasn't Delve. It was the inference chain that had brought Delve to their door. Delve was YC. YC was Tan. Tan endorsed them. Therefore: safe to outsource compliance to. When the chain broke, the customers reset to a vendor they could verify themselves.

This is the trust-network argument made concrete. The network held up until it broke. And when it broke, the cost wasn't just to Delve. It was to the next YC compliance startup, the next YC infosec startup, the next YC-stamped-vendor pitch into Notion or Brex or Gusto.

The Honest Answer

YC is still the strongest brand in startup accelerators, and the Winter 2026 demo-day numbers (14 companies at $1 million ARR, annual recurring revenue, the highest count ever) are real.^[15]If you're building a horizontal AI tool, a developer SaaS, a consumer app, or anything in the wide middle of YC's funnel, YC is still the best deal on the table.

But for some kinds of builders, the answer has changed.

If you're working on something where shortcuts kill you, compliance, security, healthcare, defense, anything where customers trust you with risk they can't easily verify themselves, YC's current cultural setting is actively a worse fit than it used to be. The posture that wins inside the batch (ship fast, the AI is good enough, skip the review) is exactly the posture that produces SOC 2 reports with placeholder strings in them. Notion and Brex didn't audit Delve carefully because they assumed YC had. YC, in some sense, assumed it had. The model breaks at speed.

The alternatives are real now. Sarah Guo's Conviction Embed funds the AI-frontier teams that would have been YC's flagship batch in another era. Its alumni list (Cognition, the makers of the AI engineer Devin; Pika Labs; Physical Intelligence) is the strongest non-YC startup roster in the market right now.^[20]Ali Partovi's Neo runs cohorts of about a dozen startups a year, $750,000 uncapped, in a model that looks more like 2008 YC than 2026 YC.^[21] South Park Commons explicitly markets itself as a place where companies are built over years, not weeks.^[22]None of them replace YC. They unbundle it. Pick the forcing function that fits what you're building.

I don't think YC is broken. It has spent down a piece of its actual product, the trust, in service of a cultural pitch about speed. The pitch may be right about the AI era. The trust was built over twenty years of slow work, and one MIT recruiting talk in September 2025 turned out to be enough to dent it.

The trust YC built over twenty years is the actual product. Speeding it up is fine. Spending it down is the question.