Naman Ambavi is hosting dinners for Middle Eastern CISOs. The topic, according to his public schedule, is shadow AI [Naman Ambavi, 2026]. It is a timely pitch. His company, Oximy, sells a system of record for enterprise AI activity, and its wedge is a network integration that promises to see everything. The platform claims to process millions of AI requests daily for clients in financial services and healthcare, though none are named [Y Combinator, 2026]. For security teams staring at a black box of employee ChatGPT use and unsanctioned API calls, that promise of visibility is the opening bid.
The Proxy as a Strategic Wedge
Oximy’s core bet is that governance must happen at the network layer. Instead of relying on endpoint agents or manual surveys, it deploys via a firewall or proxy, positioning what it calls the Oximy Gateway as a real-time filter for all AI model traffic [Y Combinator, 2026]. This architectural choice is its primary differentiator in a crowded security category. The platform then surfaces data in three core modules: Pulse for adoption analytics, Spend for cost tracking, and Oversight for policy enforcement [Oximy, 2026]. The value proposition is unified. A CISO can, in theory, discover an unknown AI tool, see its monthly spend, and block data leaks from it,all from the same dashboard.
Traction and the Team Build
Public traction is signaled by volume, not logos. Oximy reports processing millions of requests daily, a metric that suggests at least one or two substantial enterprise deployments are live [Y Combinator, 2026]. The company is small, with just four employees, and is actively recruiting its first founding full-stack engineer to build out the platform [Y Combinator, 2026]. Founder Naman Ambavi’s background includes an early role at Induced, an AI startup backed by Sam Altman and Peak XV Partners, and prior entrepreneurial experience running a web development agency [Weekday Works, 2026] [Naman Ambavi, 2026]. The current focus appears to be on commercial momentum, with Ambavi presenting at industry events like HumanX and the Cyber Security & Cloud Expo across the Middle East [Naman Ambavi, 2026].
The Competitive and Validation Hurdle
The landscape Oximy enters is not empty. It lists Lakera, Prompt Security, and cloud security giant Wiz as competitors. These firms range from pure-play AI security startups to broad-platform players adding AI governance modules. Oximy’s network-first approach is a clear point of differentiation, but it faces two immediate hurdles:
- The logo gap. No named customer references or case studies are in the public record after 24 months of operation. For enterprise security buyers, peer validation is currency.
- The integration burden. Convincing a large organization to reroute all AI traffic through a new gateway is a significant architectural commitment. The ease of that deployment, versus a lighter-weight agent, will be a key sales hurdle.
The company’s Y Combinator pedigree provides a stamp of early belief and some runway. The standard YC deal implies a $500,000 investment for the Winter 2026 batch, valuing the company at an estimated $7 million post-money [Y Combinator, 2026]. It is a classic seed-stage scenario: capital for product development and initial market proof, placed on a team betting it can own a new architectural layer in a frenetic market.
Seed (2026) | 0.5 | M USD
The next twelve months will test whether network-level control is the wedge that opens the enterprise purse. Can Oximy convert its reported request volume into named, seven-figure contracts with global banks? And for CISOs evaluating a dozen similar platforms, is the proxy the right place to govern AI, or just the easiest place to start watching?