Another customer of troubled startup Delve suffered a big security incident

The headline frames this as a second customer incident, but the more significant detail is structural: Delve is a compliance certifier, not just a vendor. When the firm vouching for your security posture is itself implicated in repeated failures, the entire category of third-party AI compliance auditing loses credibility, not just one company.

This connects directly to a pattern Modelwire has been tracking around the fragility of AI evaluation and oversight mechanisms. The arXiv paper we covered on April 16 ('Context Over Content: Exposing Evaluation Faking in Automated Judges') showed that automated AI judges systematically distort their verdicts based on context rather than actual content quality. Delve's situation is the human-institution version of the same problem: the auditor's certification is being treated as a proxy for real security, and that proxy is failing. InsightFinder's $15M raise (covered April 16) was premised on exactly this gap, that companies lack genuine observability into AI-integrated systems and are relying on inadequate stand-ins. Delve's repeated customer incidents suggest the compliance certification market has the same blind spots.

Watch whether Context AI or any other Delve customer faces regulatory action in the next 60 days. If a regulator cites the third-party audit as a failed safeguard rather than a mitigating factor, that would signal real liability exposure for the compliance certification model broadly.