Founder Profile / GenAI Security
James Pham
He thinks the next endpoint worth defending isn't a laptop or a phone. It's the AI itself. As co-founder and CEO of Opsin, he's making sure the machine only sees what it's allowed to.
He thinks the next endpoint worth defending isn't a laptop or a phone. It's the AI itself. As co-founder and CEO of Opsin, he's making sure the machine only sees what it's allowed to.
Give an enterprise AI assistant the keys to your company and it will do something terrifyingly helpful: read everything you can read. Every file, every folder, every half-forgotten spreadsheet a colleague shared "just in case." Microsoft Copilot doesn't ask whether the salary review buried three clicks deep was meant for your eyes. It just answers the question.
That gap - between what an AI can see and what it should see - is the business James Pham is in. His company, Opsin, sits between the enterprise and its generative AI tools, continuously detecting where sensitive data is overshared, explaining why, and then routing fixes to the people who own the data. The tagline is three verbs: see, secure, scale.
Pham co-founded Opsin in 2024 with Oz Wasserman (chief product officer) and Jeremy Mailen (chief technology officer). What began as a tool for catching oversharing in Copilot and Gemini has grown into a full enterprise agent security platform - visibility, governance, and remediation over the autonomous agents companies are now turning loose on their own data. As Pham puts it, the agents have moved "from saying to doing," and somebody has to watch what they do.
One manufacturing customer found that most of its AI prompts were quietly pulling from data that shouldn't have been exposed. Then they tuned it down.
Figures as reported for Barry-Wehmiller. Lower is better.
Before the customer logos and the term sheets, there was a student in Vietnam with a plan that required leaving. Pham made it to MIT, where he earned an MBA focused on data analytics and machine learning - and, in a detail that says a lot about him, stayed close enough to the material to teach it. He worked as a teaching assistant for a course on advanced data analytics and machine learning in finance, which is a polite way of saying he was explaining the hard parts to other very smart people.
From classroom to product floor: he became a senior product manager for machine learning at Abnormal Security, building the models meant to catch the attacks humans miss. It's the kind of role that teaches you a specific lesson - that in security, the threat is rarely the dramatic one. It's the quiet misconfiguration, the door left open, the access nobody remembered to revoke.
Then generative AI arrived in the enterprise, and the quiet door got a lot bigger. Pham saw it early. But rather than assume he was right, he did the unglamorous thing: he talked to more than 300 industry leaders to find out whether the problem he'd spotted was the problem they felt. It was. The leap into founding Opsin meant convincing himself, convincing his wife, and clearing the immigration and personal hurdles that come with building a company as a newcomer. He describes the whole thing in the plainest possible terms - you don't know until you do it.
What makes the story land isn't the pedigree. It's the through-line: a person who keeps choosing to stand next to the hardest part of a hard problem, whether that's a finance ML syllabus, an adversary's next move, or an AI agent reaching for a file it was never meant to open.
Begins working in AI/ML; TA at MIT for advanced data analytics and ML in finance.
Senior product manager, machine learning - building models to protect customers.
Co-founds Opsin with Oz Wasserman and Jeremy Mailen; takes the CEO seat.
Opsin raises seed funding to build out GenAI data-security.
Opsin expands into a full Enterprise Agent Security platform.
Continuously scans AI interactions to surface what sensitive data is exposed across cloud file systems and collaboration tools - and, crucially, why.
Decentralizes the fix: automated, step-by-step instructions sent to the business owners who actually control the data, instead of dumping it on a lone security team.
Visibility and policy enforcement over autonomous enterprise agents as they move from answering questions to taking actions.
A sit-down on the founding thesis and where enterprise AI security is going.
The "Born In Silicon Valley" conversation on accidental data exposure.