I'm Erez Yalon, an application security and vulnerability research specialist. I spent the early part of my career breaking software and finding the bugs others miss, and the better part of the last decade building and leading the teams that do it at scale, while making sure the people who have to act on the findings understand what was found. I co-authored the OWASP API Security Top 10, the industry-standard reference for API risk, and I co-lead several OWASP Projects. In 2019 I founded AppSec Village, the application security community at DEF CON, where I serve as Founder and Mayor.
My topics run across mobile, IoT, APIs, and software supply chains, and most recently the security of AI systems, agents, LLMs and the MCP attack surface. My work was covered by Fortune, Forbes, Wired, TechCrunch, and Dark Reading. I speak regularly at RSA Conference, Black Hat, DEF CON, OWASP Global AppSec, and DeveloperWeek. I'm currently the VP of Security Research at Checkmarx, where I founded and lead Checkmarx Zero, our offensive and defensive research team. I work at the intersection of vulnerability research, security practitioner and developer education, and community building.
When I'm not breaking things on stage or in research, I advise teams trying to stay ahead of the people who would. Contact me if interested.
Founder of Checkmarx Zero - our public threat-intel hub.
Security-native teams I help steer.
Sharing research, spreading awareness, educating.
AppSec Village - the application security community on the DEF CON floor since 2019.
Co-leads the OWASP API Security Project; committee member for global initiatives.