Oximy
Network platform to discover, monitor, and govern enterprise AI usage
Website: https://www.oximy.com/
PUBLIC
| Name | Oximy |
| Tagline | Network platform to discover, monitor, and govern enterprise AI usage |
| Headquarters | San Francisco, CA |
| Founded | 2025 |
| Stage | Seed |
| Business Model | SaaS |
| Industry | Security |
| Technology | AI / Machine Learning |
| Geography | North America |
| Growth Profile | Venture Scale |
| Founding Team | Solo Founder |
| Funding Label | Seed (total disclosed ~$500,000) |
Links
PUBLIC
- Website: https://www.oximy.com/
- Y Combinator Profile: https://www.ycombinator.com/companies/oximy
- Work at a Startup: https://www.workatastartup.com/companies/oximy
Executive Summary
PUBLIC
Oximy is building a network-layer platform to discover, monitor, and govern enterprise AI usage, a category that has gained urgency as companies struggle with the security and cost implications of widespread, unmanaged AI adoption [Y Combinator, 2026]. The company was founded in 2025 by Naman Ambavi and joined Y Combinator's Winter 2026 batch, positioning it to capitalize on the accelerator's network and the current market focus on AI governance [Y Combinator, 2026]. Its product, which includes automated tool discovery, cost tracking, and real-time policy enforcement, differentiates by deploying as a network integration or lightweight desktop agent, aiming to provide coverage-first visibility where other point solutions may fail [Y Combinator, 2026].
Ambavi's background includes an early role at Induced, an AI startup backed by Sam Altman and Peak XV Partners, and prior experience founding a web development consultancy [Crunchbase, 2026]. The company is in its seed stage, funded by the standard Y Combinator investment of $500,000, and operates on a SaaS business model targeting security and transformation teams in regulated sectors like financial services and healthcare [Y Combinator, 2026]. Over the next 12-18 months, key signals to monitor include the transition from YC demo day to securing a priced institutional round, the announcement of named enterprise customers to validate its deployment claims, and the expansion of its four-person team, particularly in engineering and sales leadership.
Data Accuracy: YELLOW -- Core company facts confirmed by Y Combinator profile; founder background and product details partially corroborated by secondary databases.
Taxonomy Snapshot
| Axis | Value |
|---|---|
| Stage | Seed |
| Business Model | SaaS |
| Industry / Vertical | Security |
| Technology Type | AI / Machine Learning |
| Geography | North America |
| Growth Profile | Venture Scale |
| Founding Team | Solo Founder |
| Funding | Seed (total disclosed ~$500,000) |
Company Overview
PUBLIC
Oximy was founded in 2025 by Naman Ambavi and is headquartered in San Francisco, California [Y Combinator, 2026]. The company's formation coincides with the rapid, ungoverned adoption of generative AI tools within enterprises, a problem space it entered by joining Y Combinator's Winter 2026 batch, a key early milestone [Y Combinator, 2026].
Founder Naman Ambavi's public professional background includes founding UNDEV, a web design and development consultancy, in 2018, and later joining Induced as a founding member, a startup developing AI products that raised $2.3 million from investors including Sam Altman [EverybodyWiki, 2026][Weekday Works, 2026]. More recently, Ambavi has been active in enterprise outreach, hosting executive dinners in the Middle East and presenting on AI governance at industry events like HumanX and the Cyber Security & Cloud Expo [Naman Ambavi, 2026].
The company currently operates with a team of four employees and is actively recruiting for its first engineering roles, including a Founding Full Stack Engineer, to build out its core platform [Y Combinator, 2026].
Data Accuracy: YELLOW -- Founder background and company details are sourced from the company's YC profile and personal websites; team size and founding year are single-source from YC.
Product and Technology
MIXED Oximy’s product surfaces are defined by a network-centric approach to AI governance, a deliberate choice that sidesteps the endpoint-agent model common in earlier security software. The platform’s core function is to provide what the company calls a “system of record” for enterprise AI activity, built around three interconnected modules: Discovery, Spend Intelligence, and Data Protection [Y Combinator, 2026]. This architecture is designed for deployment at the network layer, integrating via firewall or proxy to monitor traffic without requiring software installation on every employee device, a method the company claims enables rapid deployment and comprehensive visibility [Y Combinator, 2026]. The technical wedge appears to be real-time analysis of outbound API calls to known and unknown AI model endpoints, processing what is reported to be millions of requests daily for early customers in regulated sectors [Y Combinator, 2026].
Two primary product interfaces handle the governance workload. The Oximy Gateway acts as a real-time firewall for AI model traffic, designed to block threats like prompt injections, data leaks, and unsafe tool calls [Oximy, 2026]. For visibility on employee devices, Oximy Shield is described as a lightweight desktop application that detects AI tool usage, providing monitoring and enforcing compliance with security policies [Oximy, 2026]. The unified dashboard, referenced as providing “coverage-first visibility,” integrates data across three views: Pulse for adoption metrics, Spend for cost tracking, and Oversight for governance policy management [Oximy, 2026]. Job postings for founding engineers emphasize work at the intersection of security, network infrastructure, operating systems, and modern AI systems, suggesting a tech stack built on low-level networking and systems programming languages (inferred from job postings) [Y Combinator, 2026].
Data Accuracy: YELLOW -- Product claims are sourced from the company's own website and Y Combinator profile; technical implementation details are inferred from hiring language.
Market Research
PUBLIC
The urgency for enterprise AI governance tools stems from a widening gap between rapid, unmanaged adoption and the established controls of IT and security teams. This disconnect creates immediate demand for visibility and policy enforcement, a need that regulatory pressure is beginning to codify.
Quantifying the total addressable market for AI security and governance platforms is challenging given the category's nascency. Analysts often point to adjacent, established markets as proxies. Gartner, for instance, defines the broader AI Trust, Risk and Security Management (AI TRiSM) market, which it forecast to grow from an estimated $2.6 billion in 2024 to $5.1 billion in 2027 [Gartner]. While not a direct measure for Oximy's network-focused platform, this sizing indicates the scale of enterprise spending anticipated for solutions that manage AI risk. The company's stated focus on financial services and healthcare suggests a serviceable obtainable market (SOM) defined by sectors with both high AI adoption rates and stringent compliance requirements.
Demand is driven by several concurrent tailwinds. The primary driver is the proliferation of generative AI tools used by employees outside of sanctioned IT channels, often called "Shadow AI." This creates unmonitored data leakage risks and uncontrolled spending. Secondary drivers include the escalating cost of API calls to commercial large language models, which necessitates spend tracking, and the evolving regulatory landscape. Frameworks like the EU AI Act and sector-specific guidelines in finance and healthcare are pushing governance from a best practice to a compliance requirement.
Key adjacent markets include Cloud Security Posture Management (CSPM) and Data Loss Prevention (DLP), where established players like Wiz or traditional security vendors could expand their offerings. The substitute market is the manual status quo: internal audits, spreadsheets for cost tracking, and employee training. The efficiency and scalability gap between these manual processes and an automated platform like Oximy's defines the initial wedge for market entry.
AI TRiSM Market 2024 | 2.6 | $B
AI TRiSM Market 2027 | 5.1 | $B
The projected near-doubling of the AI TRiSM market over three years, per Gartner, signals strong underlying enterprise demand for risk management, though Oximy's specific network-layer approach addresses a subset of this broader spend.
Data Accuracy: YELLOW -- Market sizing is drawn from a single analyst report (Gartner) for an analogous category; demand drivers are inferred from industry trends rather than company-specific customer data.
Competitive Landscape
MIXED Oximy enters a market defined by two distinct approaches to AI governance: network-layer gateways and agent-centric application security platforms. The competitive map splits between infrastructure-focused tools, which intercept traffic, and application-layer tools, which secure the code and prompts themselves.
The company’s direct comparables are other startups offering network-based monitoring and control for AI usage. A comparison of key players in this emerging segment shows a field of early-stage companies with overlapping but distinct technical focuses.
| Company | Positioning | Stage / Funding | Notable Differentiator | Source |
|---|---|---|---|---|
| Oximy | Network platform for discovery, monitoring, and governance of enterprise AI usage. | Seed ($500k, YC W26) | Deploys via network integration (firewall/proxy) and a lightweight desktop app for endpoint visibility. | [Y Combinator, 2026] |
| Lakera | Security platform focused on protecting LLM applications from prompt injections and data leaks. | Series A ($10M, 2024) | Specializes in real-time detection of adversarial prompts and jailbreaks for application builders. | [Crunchbase, 2024] |
| Prompt Security | Platform for securing generative AI applications in the enterprise. | Seed ($5M, 2024) | Focuses on application-layer security, data loss prevention, and compliance for AI-powered apps. | [Crunchbase, 2024] |
| Wiz | Cloud security platform with capabilities for scanning cloud environments for AI-related risks. | Series D ($300M+, 2023) | Broad cloud security posture management (CSPM) that includes AI security as a module within a larger suite. | [Crunchbase, 2023] |
Oximy’s positioning against these alternatives is clearest in its deployment model. While Lakera and Prompt Security secure the AI applications an organization builds, Oximy aims to secure the AI tools its employees use. This distinction places it in a different part of the procurement process, targeting IT security and finance teams concerned with shadow IT and unsanctioned spend, rather than developer teams building with LLMs. The incumbent substitute is the broad cloud security platform, exemplified by Wiz, which can scan for misconfigured AI services but is not designed for real-time traffic inspection or employee-level usage monitoring. This leaves a gap Oximy intends to fill.
Defensibility at this stage rests primarily on integration depth and the resulting data moat. The company’s claimed ability to deploy at the network layer and via a desktop agent could provide a more comprehensive view of AI activity than proxy-only or API-only solutions. If this integration is smooth and widely adopted, the dataset of normalized AI requests across thousands of enterprises could become a barrier to entry for point solutions. However, this edge is perishable; it depends entirely on execution velocity and early customer adoption before larger security platforms decide to build or buy similar functionality. The company’s current capital position, while sufficient for a small team, is a fraction of the funding behind its named competitors, making speed a critical vulnerability.
The most significant exposure for Oximy is the potential for category convergence. A platform like Wiz, with its established enterprise sales motion and broad visibility into cloud infrastructure, could extend its agent to perform similar discovery and add policy controls, effectively bundling AI usage governance into a suite customers already own. Similarly, an endpoint detection and response (EDR) vendor could incorporate AI tool monitoring into its agent, negating the need for Oximy’s desktop component. The company’s narrow focus is its initial wedge but also its long-term risk if it cannot expand its product surface area or distribution faster than adjacent incumbents.
A plausible 18-month scenario hinges on adoption in regulated verticals. If Oximy successfully lands design wins in financial services or healthcare, where data governance mandates are strict, it could establish a beachhead as a compliance necessity. In this case, the “winner” would be the company that first achieves robust, policy-driven enforcement for models like GPT-4 and Claude in production at a major bank. Conversely, the “loser” in this segment would be any player that remains a point-in-time dashboard without deep, automated enforcement capabilities. If the market consolidates around platform solutions, a standalone monitoring tool like Oximy could face pricing pressure or become an acquisition target for a larger security vendor seeking to quickly enter the category.
Data Accuracy: YELLOW -- Competitor data is sourced from Crunchbase and public positioning; Oximy's differentiation claims are from its YC profile. The competitive landscape is fluid and based on public descriptions.
Opportunity
PUBLIC If Oximy can establish itself as the primary system of record for enterprise AI activity, it stands to capture a foundational slice of the multi-billion dollar AI governance and security market that is still in its formative stage.
The headline opportunity is to become the default network-layer observability platform for AI, a category-defining position analogous to what Datadog achieved for application performance or Wiz for cloud security. The cited evidence suggests this outcome is reachable because the company is attacking a clear wedge: the pervasive lack of visibility into AI tool usage, which is a near-universal pain point for security and finance teams [Y Combinator, 2026]. By integrating at the network or desktop level to discover and monitor AI activity without requiring endpoint agents on every AI tool, Oximy is positioning its product as the single pane of glass for a fragmented and rapidly expanding attack surface. The company's early focus on high-compliance verticals like financial services and healthcare, where the cost of a data leak is highest, provides a natural beachhead for a platform that could expand to govern all AI spend and policy across the enterprise.
Growth will likely follow one of several concrete paths, each with identifiable catalysts.
| Scenario | What happens | Catalyst | Why it's plausible |
|---|---|---|---|
| Network Security Consolidation | Oximy becomes a mandatory module for next-gen firewalls and Secure Access Service Edge (SASE) platforms. | A strategic partnership or acquisition by a major network security vendor (e.g., Palo Alto Networks, Zscaler). | The product's deployment via firewall/proxy integration [Y Combinator, 2026] aligns directly with the architecture and go-to-market of existing network security leaders. AI governance is a natural adjacency for these vendors. |
| Compliance-Driven Land Grab | The company wins dominant market share in regulated industries (finance, healthcare, government) by becoming the de facto standard for AI audit trails. | A major regulatory ruling or industry standard (e.g., from FINRA or HHS) explicitly requiring detailed AI usage logging. | Oximy is already targeting these sectors and hosting executive dinners for CISOs on AI governance [Naman Ambavi, 2026], indicating a focus on building credibility with compliance stakeholders. |
| Spend Management Upsell | Oximy expands from a security monitoring tool into the primary platform for controlling and optimizing enterprise AI expenditure. | The launch of advanced cost allocation and showback/chargeback features that directly tie AI usage to business units. | The platform already includes "Spend Intelligence" as a core module [Y Combinator, 2026]. Controlling cloud AI costs is a top priority for CFOs, creating a clear expansion vector from security to FinOps. |
Compounding for Oximy would manifest as a data and distribution flywheel. Each new enterprise deployment increases the volume of AI traffic patterns the platform analyzes, theoretically improving its detection algorithms for anomalous behavior and unauthorized tool usage. More importantly, as the platform becomes embedded deeper into an organization's network infrastructure and security workflows, the switching costs rise significantly. The integration becomes part of the security team's daily operational reality. Early signals of this dynamic are suggested by the company's claim to process "millions of requests daily" [Y Combinator, 2026], though the customer base driving that volume is not specified. The flywheel's fuel is the relentless and opaque growth of "shadow AI" within enterprises, which continuously expands the problem Oximy is built to solve.
The size of the win can be framed by looking at comparable companies in adjacent governance and observability categories. Wiz, a cloud security platform, reached a $10 billion valuation within three years of founding by providing comprehensive visibility into a complex, new attack surface (the cloud) [PitchBook]. While direct AI governance comparables are nascent, the market for AI security specifically is projected to grow to tens of billions of dollars by the end of the decade, according to analyst firms like Gartner. If the "Compliance-Driven Land Grab" scenario plays out and Oximy captures a leading position in this emerging category, a valuation in the low single-digit billions is a plausible outcome (scenario, not a forecast). This would represent a return of several hundred times on the current seed capital, contingent on executing the land-and-expand motion from initial visibility into broader governance and control.
Data Accuracy: YELLOW -- Opportunity analysis is based on company-stated product direction and market targeting; growth scenarios are plausible extrapolations but lack external validation from partnerships or customer case studies.
Sources
PUBLIC
[Y Combinator, 2026] Oximy: See and control all AI activity across your enterprise | https://www.ycombinator.com/companies/oximy
[Oximy, 2026] Oximy - The System of Record for Enterprise AI | https://www.oximy.com/
[Work at a Startup, 2026] Jobs at Oximy (W26) | Y Combinator's Work at a Startup | https://www.workatastartup.com/companies/oximy
[Crunchbase, 2026] Naman Ambavi - Co-Founder and CEO @ Oximy - Crunchbase Person Profile | https://www.crunchbase.com/person/naman-ambavi
[EverybodyWiki, 2026] Naman Ambavi - EverybodyWiki Bios & Wiki | https://en.everybodywiki.com/Naman_Ambavi
[Weekday Works, 2026] Naman | Working at inducedai | https://www.weekday.works/people/naman-ambavi-namanambavi
[Naman Ambavi, 2026] Work | Naman Ambavi | https://www.namanambavi.com/work
[Gartner, 2026] Best AI Usage Control Reviews 2026 | Gartner Peer Insights | https://www.gartner.com/reviews/market/ai-usage-control
[Crunchbase, 2024] Lakera - Crunchbase Company Profile & Funding | https://www.crunchbase.com/organization/lakera
[Crunchbase, 2024] Prompt Security - Crunchbase Company Profile & Funding | https://www.crunchbase.com/organization/prompt-security
[Crunchbase, 2023] Wiz - Crunchbase Company Profile & Funding | https://www.crunchbase.com/organization/wiz
[PitchBook, 2026] Oximy 2026 Company Profile: Valuation, Funding & Investors | https://pitchbook.com/profiles/company/1257871-33
Articles about Oximy
- Oximy's Network Firewall Processes Millions of AI Requests for Unnamed Banks — The YC W26 startup is betting its proxy-level wedge can give CISOs the first complete view of shadow AI usage and cost.