We Read What Delve Ships to the Browser

security.redeux.ai · chasewarren · 9 days ago · view on HN · vulnerability
0 net
Tags
browser bug-bounty google microsoft oauth react ssrf websocket
We Read What Delve Ships to the Browser | Redeux Security ← Research Published 2026-03-22 Tags Posture Teardown Compliance Passive Recon Methodology 100% passive reconnaissance — certificate transparency, DNS, public pages, client-side JavaScript. No authentication. No exploitation. No state changes. Allegations of fabricated compliance reports originate from the DeepDelver investigation and TechCrunch , not from this research. Delve has disputed those allegations. Our findings are limited to technical observations about Delve's publicly observable security posture. Context On March 21, 2026, a Substack investigation alleged that Delve — a YC-backed compliance automation startup valued at $300M — fabricated 494 SOC 2 reports for its clients. TechCrunch reported the story the same day. We read what they ship to the browser. Certificate transparency logs, DNS records, public pages, and the JavaScript that demo.delve.co sends to every visitor. Everything below was observed on March 21–22, 2026. What Ships vs. What They Sell Delve sells automated SOC 2, HIPAA, ISO 27001, and GDPR certifications. None of the following constitutes a confirmed vulnerability. All of it is observable without authentication. What they sell What we observed Security posture management No CSP on marketing site; minimal frame-ancestors only on app Environment controls Server env schema shipped in demo client bundle (T3 Env tradeoff) Access control internal-tools.delve.co publicly routable (502) Development lifecycle hygiene ngrok bypass header and Railway staging URL in demo bundles Responsible disclosure No security.txt, no bug bounty, no published disclosure policy Data handling Session replays with canvas + console capture sent to PostHog Audit integrity impersonate auth flow + GHOST RBAC role in platform config The rest of this piece walks through the artifacts behind each row. The Server Secret Inventory One of demo.delve.co 's JavaScript bundles — 4040-ecf87143817c50a5.js — contains a Zod validation schema for the server's environment variables. This is a known tradeoff of the T3 Env pattern. The secret values are not exposed. The variable names, types, and requirements are: Server environment schema DATABASE_URL: z.string().url() BETTER_AUTH_URL: z.string().url() BETTER_AUTH_SECRET: z.string().min(32) ENCRYPTION_KEY: z.string().min(32) OPENAI_API_KEY_1: z.string().optional() OPENAI_API_KEY_2: z.string().optional() OPENAI_API_KEY_3: z.string().optional() ANTHROPIC_API_KEY_1: z.string().optional() ANTHROPIC_API_KEY_2: z.string().optional() ANTHROPIC_API_KEY_3: z.string().optional() FREESTYLE_API_KEY: z.string().optional() Alongside these, 14 OAuth client ID/secret pairs: OAuth integrations GOOGLE, JIRA, LINEAR, SLACK, GITHUB, GITHUB_REPO, X, CONFLUENCE, AIRTABLE, SUPABASE, NOTION, DISCORD, MICROSOFT, HUBSPOT An attacker who gains partial access — an SSRF, a log leak, a CI artifact — now knows every variable name to target, which service each one authenticates to, and the minimum entropy requirements ( BETTER_AUTH_SECRET and ENCRYPTION_KEY both require 32+ characters). The Redaction Gap The same bundle includes a client-side sensitive data redaction function: Redaction logic "apikey" === r.toLowerCase() || "api_key" === r.toLowerCase() || "access_token" === r.toLowerCase() || /\bsecret\b/i.test(r.toLowerCase()) || /\bpassword\b/i.test(r.toLowerCase()) ? n[r] = "***REDACTED***" : n[r] = e This catches apikey , api_key , access_token , secret , and password . It does not catch token , authorization , credential , private_key , connection_string , or DATABASE_URL . Any logging path that uses this redactor would pass those values through unmasked. The Staging Backend in the Demo Two client bundles hardcode a backend URL: baseUrl: "https://backend-copy-platform-staging.up.railway.app" The same URL appears in a Socket.io WebSocket connection with a session token. The demo environment connects to a staging backend on Railway — visible to anyone who opens dev tools. The same bundle also includes: "ngrok-skip-browser-warning": "69420" An ngrok tunnel bypass header, with that value, in the deployed code of a compliance platform. The "impersonate" Flow and the "GHOST" Role Delve uses Descope for authentication. The public Descope config endpoint lists ten auth flows. One is called impersonate (v1). Another is sign-in-enchanted-link-or-sso-testing (v2) — a flow with “testing” in its name, live in production. Separately, the client bundles define an RBAC role hierarchy: ADMIN, TECH_ADMIN, TEAM_ADMIN, AUDITOR, GHOST, MEMBER, CONTRACTOR The GHOST role appears in WebSocket event handling as ghost-orgChange . Its purpose cannot be determined passively. But for a platform handling client compliance evidence, the naming of an impersonation flow alongside a role called “GHOST” raises trust boundary questions that customers should be asking about. 32 Subdomains, Including Exposed Internal Services Certificate transparency logs at crt.sh reveal 32 subdomains. Most are expected. Three are not: internal-tools.delve.co resolves publicly and returns HTTP 502 Bad Gateway. The subdomain is routable; the backend is down or misconfigured. fleet.delve.co is a live FleetDM instance — endpoint security, device compliance, and MDM. It responds to API requests with an auth requirement, confirming the service is operational and internet-reachable. demo.delve.co serves the full Next.js application without authentication. Every bundle finding in this research comes from this environment. 27 Trust Portals Still in the Search Index Delve provides branded trust portals where clients publish their compliance posture. As of March 22, the portals themselves return connection refused or 429. But Google's search index still has all of them: trust.delve.co Lovable, Cluely, Sully, Browser Use, Morph, Counsel, micro1, Confident AI, DAERO, Kernel, Cyberdesk, Pointer, Portant, Sage, s2.dev, General Agency trust.platform.delve.co Bland, CoPlane, Context, Amdahl, Omi AI, Coframe, FactoryFix, Judgment Labs, Immergo Labs, Longevitix, Praxos Several trust.platform.delve.co clients — Omi AI, Judgment Labs, Immergo Labs, Longevitix, Praxos — are healthcare companies, implying HIPAA-scoped compliance. One indexed PDF artifact: Lovable Labs ISO27001.pdf , title “Issued on behalf of Gradient Certification Inc.” Gradient is named in the DeepDelver investigation as a Wyoming shell corporation. The Timing rsa.delve.co is a landing page for RSA Conference 2026 — Booth 2339, Moscone Center, March 23–26. The investigation published March 21. RSA starts March 23. doormats.delve.co — built with Lovable.dev — celebrates Delve's $32M Series A with custom doormats for clients. Lovable is named in the investigation as one of Delve's affected clients. Methodology Certificate transparency ( crt.sh ), DNS records, public HTTP responses, client-side JavaScript served to any browser, Google search index queries, and the public Descope config endpoint. No authentication was performed. No access controls were bypassed. No state-changing requests were made. Chase Norton is the founder of Redeux Security and an independent security researcher based in Honolulu, HI. Redeux Security 48-hour adversarial security audits for startups and scale-ups. [email protected] LinkedIn
← Back to stories