MokN has closed a $15 million Series A, and the round says a lot about where identity security is heading. The Paris-based cybersecurity startup builds tools that stop stolen passwords before attackers can use them. GV, Google’s venture arm, led the round. According to EU-Startups and BeBeez, it marks GV’s first investment in a French company, which is a notable signal on its own.
The funds land at a moment when stolen credentials sit behind a huge share of breaches. Attackers test leaked passwords against VPNs, webmail, and single sign-on portals long before those credentials ever show up on dark web feeds. MokN built its whole approach around closing that gap.
How Phish Back Works:
Most security tools wait to detect a problem. MokN flips that around. Its platform sets up realistic decoy login pages that mirror a company’s real systems, things like fake VPN gateways or webmail portals. When an attacker tries to steal credentials against one of these decoys, the system captures the attempt instantly.
That capture triggers automated recovery workflows. Security teams learn which credentials are compromised and can lock them down before any real damage happens. The company calls this a phish back approach, and it turns a passive defense into an active one.
Inside the Baits Product:
MokN’s first product is called Baits. It deploys those decoy environments and connects directly into existing enterprise security stacks. So the response and containment happen automatically, without a team chasing alerts manually.
The traction here is real. MokN says its platform protects more than 1 million users across large enterprises and midsize companies, including Fortune Global 500 firms. That kind of adoption gave investors a clear reason to write the check.
A New Security Category:
MokN frames its work around something it calls Active Identity Recovery. The idea is simple. Instead of just watching for signs of compromised identities, organizations should be able to reclaim control of them quickly and proactively. It’s a move away from passive monitoring like dark web surveillance.
This positioning matters for the broader market. Credential theft protection has leaned heavily on detection and alerts for years. MokN argues that recovery deserves to be its own discipline, and the funding suggests serious backers agree. You can see why this resonates with teams tired of finding out about a breach after the fact.
Why Investors Backed MokN:
The round drew a strong investor list. GV led, with participation from Datadog, plus existing European backers Moonfire and OVNI Capital, and a group of angels. MokN raised a €2.6 million seed round led by Moonfire back in October 2025. SecurityWeek reports that this Series A brings total funding to around $18 million.
GV pointed to the founder market fit as a big draw. CEO Gautier Bugeon describes himself as a former SOC manager, so he lived the problem firsthand before building the fix. He cofounded MokN in 2024 alongside Antoine Coudoux. Luna Schmid, a Partner at GV, said the team uses high-fidelity decoys to trigger fast, automated recovery, calling Baits a sophisticated wedge against attackers.
What Comes Next:
The new capital funds a clear plan. MokN will grow its phish back platform, deepen its presence in France and the United States, and open up expansion into the United Kingdom with new offices. The team also plans to scale across engineering, sales, marketing, and customer success. Vestbee reports a target of around 30 additional hires by the end of 2027 as the company scales internationally.
On the product side, MokN wants to build the first multi-product platform focused on active identity theft protection. Upcoming releases will tackle customer account security, stolen browser cookies, and compromised sessions. These are attack vectors that show up more and more, and current tools handle them poorly. That roadmap reflects MokN’s ambition to make active identity recovery a global standard. For founders and security leaders watching the identity space, MokN is a name worth knowing.
