Wallarm just closed a $55M Series C, led by Toba Capital, and this wasn’t a polite handshake. It was a global power move from a team that didn’t just spot the storm coming in API and AI security, they built a platform that is the storm.
Founded by Ivan Novikov and Alexander Golovko, Wallarm didn’t emerge from the Y Combinator S16 batch with dreams, they came with code. Real, functional, AI-first, high-scale architecture engineered to defend APIs against threats most companies haven’t even named yet. Ivan’s not your average cybersecurity CEO. He’s the kind of guy who used to poke holes in Google, Facebook, and Twitter, for fun. Now he’s turned that firepower into a platform trusted by the likes of Panasonic, Miro, Victoria’s Secret, and Nasdaq. You want proof? Try 134% NRR, nearly zero churn, and 44 trillion API requests analyzed.
What makes this raise matter isn’t the number. It’s the signal. Wallarm didn’t just ride the wave of API growth, they’ve been carving it like Laird Hamilton with an ML board. In a space hurtling toward $10B by 2032, with every vendor claiming “AI-first,” Wallarm actually ships. Real-time blocking. Behavioral-based detection. Signature-free. Built-in AI agent protection. This isn’t security theater, it’s threat suppression for companies living in production.
Toba Capital, back again after leading Series A, knows what time it is. Rajan Aggarwal sits on the board. Runa Capital, Partech, Gagarin Capital, and Y Combinator laid the foundation. Now with Morgan Jay joining as President and CRO, Michelle Gerson stepping in as VP of Marketing, Tim Erlin shaping the product roadmap, and Greg Deisher locking in the numbers, the team reads like a cybersecurity Avengers lineup.
This $55M is fuel for more than scale. It’s about global expansion, AI agent protection, and a new frontier in real-time defense. Wallarm isn’t chasing traditional CDN players, they’re taking their lunch money with API honeypots and Agentic AI penetration testing before the competition finishes its compliance checklist.
You don’t build a real-time, edge-deployable API security platform with over 200 enterprise customers by playing it safe. You do it by engineering like your reputation depends on it, because it does.
