Profile
The man who secured APIs before the world knew it needed securing
Most security companies wait for an attack. Wallarm's Stepan Ilyin spent a decade building the wall before most enterprises admitted the gate existed. As Co-Founder and COO, he is the operational engine behind a company that has turned the unsexy problem of API security into a $65M+ funded, Fortune-500-serving enterprise that closed 2024 with near-zero churn and 134% net revenue retention.
Ilyin holds two master's degrees from Bauman Moscow State Technical University - one in Computer Science, one in Business and Managerial Economics. Bauman, as any Russian engineer will tell you, is not a school that produces generalists. It produces people who run toward hard problems. Ilyin ran toward cybersecurity at a moment when the most interesting work was happening at the intersection of offense and defense.
Before Wallarm, the co-founding team operated as whitehat hackers - people paid to find vulnerabilities before the adversaries do. That background is Wallarm's foundation. The platform is not built by people who theorized about API attacks. It was built by people who executed them.
"Back in 2016, nobody was talking about APIs. Now, everything is API-driven. AI is running on top of APIs, and every company is essentially becoming a technology company."
Stepan Ilyin, Black Hat USA 2025
Wallarm launched in 2013 and graduated from Y Combinator's S16 batch in 2016 with 70+ enterprise customers already onboard. The Y Combinator bet wasn't just capital - it was a signal that the API security thesis had legs, and that this Russian engineering team could operate at Silicon Valley pace. Ilyin relocated to San Francisco, embedded in the US enterprise market, and built the go-to-market muscle the company needed.
The company's name is a portmanteau of "Wall" and "Alarm" - protection and detection in a single word. Simple. But the product itself is anything but. Wallarm's platform covers API discovery, real-time threat blocking, CI/CD-integrated vulnerability scanning, and AI-powered attack detection. The stack runs across Nginx, Envoy, and cloud-native environments. The customer list includes Fortune 500 firms across airlines, finance, banking, energy, retail, and enterprise software.
$65M+
Total Funding Raised
~0%
Enterprise Churn 2024
70+
Enterprise Customers
2013
Year Founded
Company
What Wallarm actually does - and why it's winning
Every company runs APIs. Most companies don't know how many. Wallarm's pitch is brutally pragmatic: your API is live, public, and accessible 24/7 to anyone on earth. Your firewall doesn't know what a GraphQL mutation looks like. Your WAF was built for a web that stopped existing in 2015.
Wallarm's platform starts with discovery - mapping every API endpoint across your infrastructure, including the ones your developers shipped and forgot. Then it layers on real-time traffic analysis, machine-learning-based anomaly detection, and automated blocking. The whole thing plugs into CI/CD pipelines so that security is part of the build process, not the post-breach autopsy.
The AI Security Edge
As AI systems proliferate, they communicate through APIs. Every LLM integration, every agent-to-agent call, every model serving endpoint - all of it is API traffic. Wallarm's 2025 Security Edge product and agentic AI protection feature put the company squarely in the path of the next wave of enterprise security spending. Ilyin saw this coming.
The 2025 API ThreatStats Report, published by Wallarm in January 2025, quantified what the company has been watching for years: attackers are using purpose-built automated tooling to identify API vulnerabilities faster than manual security reviews can catch them. Authentication endpoint abuse, credential stuffing, business logic exploitation - the attack surface grew as fast as API adoption, and most enterprises were playing defense with decade-old tools.
The Series C announcement in July 2025 - $55M led by returning investor Toba Capital - came alongside a significant product push. Not just incremental feature work, but a platform bet: Wallarm as the security layer for the AI era, where the primary attack surface isn't a login page but a machine-to-machine API call.
Leadership
Running the machine - Ilyin's operating style
Co-founder dynamics at tech companies tend to be predictable: one person builds the product, one person builds the business. At Wallarm, the split is more nuanced. Ivan Novikov as CEO carries the company's external narrative. Ilyin as COO carries the infrastructure that makes the narrative real.
His 500+ published articles are not a content marketing exercise. They read like engineering documentation crossed with threat intelligence briefings - dense with specifics on OWASP vulnerabilities, NIST framework implementation, CI/CD security patterns, and the mechanics of credential stuffing attacks. It's the writing of someone who needs other practitioners to understand the problem, not someone trying to fill a blog calendar.
The conference circuit tells a similar story. Ilyin shows up at Black Hat and RSA - not as a keynote personality, but as someone who can engage with security engineers at depth. His Black Hat 2025 interview dissects the technical shift happening as AI systems replace human-to-API interactions with agent-to-API interactions. The threat model changes. The detection methods change. The attack surface expands. He has opinions on exactly how.
"We put a lot of effort into educating people about why API security matters. Your API is available to everyone in the world, 24/7."
Stepan Ilyin
That 134% net revenue retention figure from 2024 is the operational tell. Customers don't expand their spend on security tools they don't trust or don't use. They expand when the product catches things their other tools miss, and when the vendor can explain what was caught and why. Wallarm's near-zero churn in 2024 was built in part on this: a founding team that writes, speaks, and explains at practitioner level, rather than selling security theater to procurement committees.
Character
What makes Stepan Ilyin different
Practitioner-First
500+ technical articles for security engineers, DevOps teams, and developers. Not thought leadership - operational documentation.
Market Patience
Founded Wallarm in 2013. The API security market didn't formally exist until 2018. He built it anyway.
Offensive Roots
Former whitehat hacker. Knows how attacks work because he built them. Defense follows understanding.
Bilingual Operator
Dual master's in CS and Business. Rare combination: can run the technical roadmap and the revenue model at the same time.
Timeline
Career arc
Pre-2013
Completes two master's degrees at Bauman Moscow State Technical University - Computer Science and Business/Managerial Economics. Works in offensive security as a whitehat hacker alongside future co-founders.
2013
Co-founds Wallarm alongside Ivan Novikov, Anastasia Novikova, and Alexander Golovko. The initial focus: web application firewalls for enterprises who needed something smarter than signature-based blocking.
2016
Wallarm graduates from Y Combinator's S16 batch with 70+ enterprise customers. Formalizes role as Co-Founder and COO. Relocates to San Francisco to build the US enterprise go-to-market.
2018
Wallarm closes $8M Series A led by Toba Capital. The API security category begins to take shape in analyst coverage. Wallarm was already 5 years into it.
2019-2022
Speaker at AppSec California, Kong Summit DevOpsSpeakeasy, and other practitioner conferences. Builds publishing cadence that reaches DevOps and security engineers directly.
2023
Represents Wallarm at Black Hat USA 2023. Platform expands to cover AI-era API threats as LLM adoption accelerates across enterprises.
2024
Record year: 134% net revenue retention, near-zero churn. Named to IT Harvest Cyber150. Recognized as G2 Momentum Leader for Winter 2025. Three Cybersecurity Excellence Award wins.
2025
$55M Series C closes in July 2025, led by Toba Capital. Platform launches agentic AI protection and Security Edge product. Black Hat 2025 interview covers AI, APIs, and the changing threat model.
Achievements
What he has built
- Co-founded Wallarm in 2013, growing it to 210+ employees and Fortune 500 customers across the US, Europe, and APAC
- Raised $65M+ in total funding including a $55M Series C in July 2025 led by Toba Capital
- Achieved 134% net revenue retention with near-zero enterprise churn in 2024
- Authored 500+ technical publications on API security, DevSecOps, WAF, and AI threat prevention
- Won three Cybersecurity Excellence Awards in 2025: API Security, API Abuse Prevention, and Application Security
- Guided the company through Y Combinator S16 batch to enterprise scale
- Built a platform that now covers AI-era threats including agentic AI endpoint protection
- Company recognized in IT Harvest Cyber150 (2024) and G2 Momentum Leader (Winter 2025)
Technology
The stack behind the product
Wallarm is not a black-box appliance. The engineering stack is visible in the company's tooling choices and architecture. Kubernetes and Helm for deployment orchestration. Nginx and Envoy as the integration points where traffic inspection happens. ClickHouse for the high-throughput analytics that make real-time detection possible at enterprise scale. PostgreSQL and Redis underneath. Elasticsearch for log processing. Terraform for infrastructure.
The language mix - Go, Python, Rust, Ruby on Rails - reflects a team that picks the right tool for the performance envelope of each component. Rust in the traffic inspection layer. Python for ML model training. Go for the control plane. Rails for the management UI.
Kubernetes
Nginx
Envoy
ClickHouse
Elasticsearch
PostgreSQL
Redis
Rust
Python
Go
Terraform
Docker
Prometheus
Grafana
AWS
Google Cloud
Azure
React
Ansible
Links & Resources
Find Stepan Ilyin
