Delve-linked security breach hits Vercel via Context AI

A security incident at Vercel, a major app and website hosting platform, has been traced back to Context AI, an AI agent training startup that used Delve for its security certifications. Hackers breached Vercel's internal systems after an employee downloaded a Context AI app and connected it to Vercel's Google-hosted corporate account, abusing that access. Context AI confirmed it previously used Delve but has since moved to Vanta and Insight Assurance for re-certification. This follows a series of controversies surrounding Delve, including whistleblower allegations of faking customer data and rubber-stamping auditors, a hack on another Delve customer LiteLLM, and accusations of misusing open source code. Y Combinator severed ties with Delve. Separately, Lovable, a former Delve customer, admitted to inadvertently exposing customer chat data publicly, dismissing earlier vulnerability reports. The anonymous whistleblower DeepDelver also alleged Delve denied refunds while taking its team to Hawaii for an offsite meeting between April 15 and 19, providing receipts but unconfirmed claims. Delve did not respond to requests for comment.