Breaking
Wallarm closes $55M Series C led by Toba Capital - August 2025 Ivan Novikov: inventor of memcached injection, SSRF pioneer, Y Combinator S16 founder 134% enterprise net revenue retention at Wallarm in 2024 Bug bounties earned from Google, Facebook, Twitter, Tesla, Yandex & Honeywell Black Hat USA 2014 speaker - memcached injection techniques Wallarm protects APIs for enterprises across cloud-native environments GoTestWAF: open-source API security testing across REST, GraphQL, gRPC, SOAP Wallarm closes $55M Series C led by Toba Capital - August 2025 Ivan Novikov: inventor of memcached injection, SSRF pioneer, Y Combinator S16 founder 134% enterprise net revenue retention at Wallarm in 2024 Bug bounties earned from Google, Facebook, Twitter, Tesla, Yandex & Honeywell Black Hat USA 2014 speaker - memcached injection techniques
Founder & CEO, Wallarm

Ivan
Novikov

Quantum physicist turned offensive security researcher turned API security CEO. He found bugs in Google, Tesla, and Twitter before he built a company to stop them in yours.

$70M+
Total Funding
24yr
In Cybersecurity
210+
Team at Wallarm
10K+
CVEs Analyzed
API Security Y Combinator S16 Forbes Tech Council Black Hat Speaker d0znpp
Ivan Novikov, CEO of Wallarm

Ivan Novikov - CEO, Wallarm

Latest Wallarm raises $55M Series C (August 2025) - "a pivotal moment, not just for our company, but for the security industry at large" - Ivan Novikov
$55M
Series C Round
134%
NRR 2024
200+
Security Audits (ONsec)
2014
Black Hat Stage
5/day
API Exploits Tracked
2016
Y Combinator S16
Profile

The researcher who became the defender

In 2014, Ivan Novikov walked onto the Black Hat USA stage and showed the audience that memcached - that invisible caching layer no one bothered to think about - could be turned into a Remote Code Execution vector. The room went quiet in the way rooms go quiet when someone just changed the rules. He had not found a new bug in some obscure software. He had found a new category of bug that could exist in any application using a data store everyone assumed was safe.

That instinct - finding the attack surface everyone else overlooked - is the through line of his career. Before Black Hat, he was writing SSRF research and building what would become "The SSRF Bible," a canonical document in offensive security circles. Before that, he was running ONsec, a penetration testing consultancy in Moscow that conducted more than 200 security audits for companies like QIWI, Yandex, and Mailru Group. He was also collecting bug bounties from Google, Facebook, Twitter, Tesla, and Honeywell - not as a side hustle, but as a way to keep his threat models honest.

"What we've done is taken malicious hacker activity and turned it into a method for finding security bugs for companies."
Ivan Novikov, on Wallarm's approach

The academic background is worth mentioning because it surprises people: Novikov holds a master's degree in quantum magnetism from Lomonosov Moscow State University. Physics trains a particular kind of thinking - model the system, find the edge cases, push the variables. Applied to cybersecurity, that approach produced research that peer security practitioners still cite a decade later.

In 2016 he co-founded Wallarm with Stepan Ilyin and took it through Y Combinator's S16 batch. The premise was direct: the skills that let him find bugs in the world's largest platforms could be systematized and scaled into a product that finds and blocks those bugs in real time. Today Wallarm is an AI-powered API security platform with 210+ employees, offices in San Francisco, and customers in enterprise sectors where API vulnerabilities are not a theoretical concern.

The Company

Wallarm: security that ships with the API

The shift from perimeter-based security to API security happened faster than most enterprises were ready for. By the time organizations realized their APIs were being targeted at volume - credential stuffing, data scraping, SSRF, injection attacks - their WAF vendors were still selling products designed for a different threat model.

Wallarm's pitch is not just detection. It is detection with deep understanding of what an API is supposed to do, so the signal-to-noise ratio stays low enough that security teams actually pay attention to the alerts. The 134% net revenue retention Wallarm posted in 2024 - combined with near-zero churn - suggests that claim is holding up under scrutiny.

$70M+
Total Funding Raised

Series C ($55M) closed August 2025, led by Toba Capital.

134%
Net Revenue Retention

Enterprise account retention in 2024, with near-zero churn.

210+
Team Members

Distributed team across San Francisco, Austin, and globally.

The August 2025 Series C brought in $55 million led by Toba Capital - the largest funding round in Wallarm's history. Novikov described it plainly: "We're doubling down on innovation to equip security teams with the intelligence and automation they need to stay ahead of increasingly sophisticated and targeted API attacks." The round follows the launch of Security Edge, a SaaS-based API edge security product, and a period of record growth driven by enterprise demand.

Wallarm's stack reflects Novikov's own technical background: Kubernetes, PostgreSQL, Elasticsearch, Python, Go, React, Redis, and Terraform power a platform designed to sit inside cloud-native infrastructure rather than in front of it. The open-source GoTestWAF project - which simulates OWASP and API-specific attacks across REST, GraphQL, gRPC, SOAP, and XMLRPC protocols - is a public artifact of how Wallarm thinks about security testing.

Research

The papers that changed the attack surface

Before Wallarm, before ONsec, Novikov was contributing research that changed how the security community understood certain classes of vulnerabilities. Two contributions stand out.

Memcached Injection (2012-2014)

Memcached was ubiquitous and, almost universally, not considered a security surface. It stored cached data. It did not run SQL queries. It was not exposed to the internet. Novikov's research showed that applications accepting user-controlled input that eventually reached memcached could be exploited with techniques analogous to SQL injection - and, critically, that unsafe deserialization of cached data could escalate the attack to Remote Code Execution. He presented the full technique at Black Hat USA 2014, with working proof-of-concept code across Go, Ruby, Java, Python, PHP, Lua, and .NET.

SSRF Research and the SSRF Bible

Server-Side Request Forgery was known before Novikov's work, but his systematic documentation of how SSRF could be exploited against internal services - including memcached, Redis, Riak, and CouchDB - became the reference material for a generation of security professionals. The SSRF Bible is still cited. Later work extended the analysis to key-value injection techniques in the wild.

"API vulnerabilities are not categorized appropriately through any official institution."
Ivan Novikov, after analyzing 10,000 CVE reports spanning 1998-2022

That observation about CVE categorization - made after Novikov and his team analyzed over 10,000 vulnerability reports, bug bounty submissions, and documented exploits - points at a systemic problem he has been trying to fix: the threat intelligence infrastructure around APIs lags the actual threat landscape by years. Wallarm's products are, in part, a commercial answer to that gap.

Timeline

24 years in motion

2004
Began as a security researcher and active bug bounty hunter - earning rewards from Google, Facebook, Twitter, Tesla, Yandex, and Honeywell
2009
Founded ONsec in Moscow, a penetration testing consultancy that would grow to conduct 200+ security audits for major enterprises
2011
ONsec wins first place at Yandex's "Month of Search of Vulnerabilities" competition
2012
Discovers memcached injection attack class and pioneers SSRF research; authors the SSRF Bible
2014
Presents "The New Page of Injections Book: Memcached Injections" at Black Hat USA - first major public disclosure of the attack class
2016
Co-founds Wallarm; enters Y Combinator Batch S16 in San Francisco
2019
Speaks at BSidesSF on using AI to reduce false positives in WAF and NGWAF detection
2020
Launches GoTestWAF as open-source; tool enables API security testing across REST, GraphQL, gRPC, SOAP, and XMLRPC
2022
Joins Forbes Technology Council; publishes "Why is there no silver bullet in cybersecurity?"
2024
Launches Wallarm Security Edge SaaS; achieves 134% enterprise NRR with near-zero churn
2025
Closes $55M Series C led by Toba Capital - largest round in Wallarm's history - to accelerate AI-powered API protection
Achievements

What he has actually done

  • Inventor of the memcached injection attack class - presented at Black Hat USA 2014
  • Authored "The SSRF Bible" - canonical reference on Server-Side Request Forgery exploitation
  • Bug bounty awards from Google, Facebook, Twitter, Tesla, Yandex, and Honeywell
  • Founded and scaled Wallarm to 210+ employees and $70M+ in total funding
  • Y Combinator S16 alumnus (2016) - one of 107 companies in the batch
  • 134% enterprise net revenue retention at Wallarm in fiscal year 2024
  • Forbes Technology Council member
  • Creator of GoTestWAF - widely adopted open-source API and WAF security testing tool
  • ONsec completed 200+ penetration testing engagements across major Russian internet companies
  • Analyzed over 10,000 CVE reports and bug bounty submissions to map the API threat landscape
  • Regular speaker at Black Hat, HITB, BSidesSF, and SyScan 360
  • HackerOne profile: active contributor with verified research disclosures
In His Own Words

What he says

We're doubling down on innovation to equip security teams with the intelligence and automation they need to stay ahead of increasingly sophisticated and targeted API attacks.

On Series C, August 2025

Our goal is to give security teams precision tooling that integrates natively with modern stacks, and stops threats before they become incidents.

On Wallarm's product direction

Security issues affect lives of people across all walks of life on the daily basis. I look forward to talking about security to the broader audience in language that non-technical people can understand.

On joining Forbes Technology Council

5 API exploits happen every day. API vulnerabilities are not categorized appropriately through any official institution.

From 10-year API security research summary
The Details

Things that don't fit anywhere else

01 / Physics

His master's degree is in quantum magnetism from Lomonosov Moscow State University. Not a traditional cybersecurity pipeline.

02 / d0znpp

The hacker handle he has used across every platform since the early 2000s. LinkedIn, GitHub, Twitter/X, HackerOne - all d0znpp, all the way down.

03 / Tesla

Among the companies that paid him a bug bounty is Tesla - specifically through its vehicle security program. The attack surface was not a web app.

04 / Piano

Plays piano on an 84-key keyboard. Not 88. The two missing keys remain unexplained.

05 / Memcached

At Black Hat 2014 he demonstrated RCE through a data store that most engineers still don't think of as a security boundary.

06 / Remote

Relocated from Moscow to San Francisco, then to Austin, Texas - while building a company with teams across multiple continents.

Writing & Media

Where to find his thinking

Novikov writes prolifically on API security, OAuth, SSRF, and application security fundamentals. His Medium blog has 1,700+ followers and covers topics from threat modeling to webhook security to how to bypass libinjection in modern WAF deployments. Dark Reading, Security Boulevard, and Infosecurity Magazine all carry his bylines.

Conference talks span Black Hat USA (2014), BSidesSF (2019), HITB, and SyScan 360. The Techstrong TV appearance from November 2024 offers one of the cleaner recent explanations of why the old WAF model breaks under API-native architectures.

Medium Blog

1,700+ followers. Long-form on SSRF, OAuth, API abuse, CSRF, threat modeling, and remote work culture.

Read on Medium →
🎙

Dark Reading

Regular contributor covering enterprise security, API threats, and vulnerability management for security professionals.

Read on Dark Reading →
🎬

Techstrong TV

Interview on Wallarm's Security Edge SaaS platform and the competitive API security landscape (Nov 2024).

Watch Interview →
Technology

The stack behind Wallarm

Wallarm runs on a cloud-native infrastructure stack that mirrors the environments it protects. The platform integrates directly into Kubernetes deployments, sits alongside API gateways, and supports deployment via Helm charts.

Kubernetes PostgreSQL Elasticsearch ClickHouse Python Go React Redis Terraform Docker Nginx Envoy Rust Amazon AWS Google Cloud Ansible Prometheus Grafana

Share this profile

Found this useful? Pass it along.

Sources & Further Reading

linkedin.com/in/d0znpp x.com/d0znpp d0znpp.medium.com github.com/d0znpp wallarm.com lab.wallarm.com - 10 Years API Security wallarm.com - Series C Press Release blackhat.com - 2014 Speaker Profile darkreading.com - Author Profile techstrong.tv - Interview Nov 2024 github.com/wallarm/gotestwaf hackerone.com/d0znpp crunchbase.com - Ivan Novikov 4imag.com - Bots & Breaches Interview securityboulevard.com - Author Profile