- Paris-based MokN raises $15 million Series A led by GV, marking Google Ventures’ first investment in a French startup
- The cybersecurity company protects more than 1 million users and aims to create a new category called Active Identity Recovery
- Funding will support expansion across the US and UK and the launch of a multi-product identity protection platform
For decades, cybersecurity has largely followed the same playbook: detect a breach, investigate the damage, and respond after attackers have already gained access. Paris-based MokN wants to reverse that model.
The cybersecurity startup has raised $15 million in Series A funding led by GV (Google Ventures), with participation from Datadog, Moonfire, OVNI Capital, and several angel investors. The round represents GV’s first-ever investment in a French startup.
The funding comes seven months after MokN announced a €2.6 million seed round and follows rapid enterprise adoption of its identity protection technology. Today, the company protects more than one million users across large enterprises, including Fortune Global 500 companies.
The new capital will help MokN build what it describes as the world’s first multi-product platform dedicated to Active Identity Recovery, while accelerating expansion across France, the United States, and the United Kingdom.
From SOC manager to cybersecurity founder
MokN was founded in 2024, by Gautier Bugeon, a former Security Operations Centre (SOC) manager at mining multinational Eramet who experienced firsthand how difficult it was for organisations to respond to credential theft. Other co-founders include Adrien Casteleiro, Alexis Georges, and Antoine Coudoux.
While most cybersecurity solutions focus on detecting compromised credentials after they appear on the dark web or are actively abused, Bugeon saw an opportunity to intervene much earlier. That insight became the foundation for MokN.
The company specialises in protecting organisations against credential theft, one of the most common attack vectors in modern cybersecurity. According to ENISA’s Threat Landscape 2025, phishing remains responsible for roughly 60% of reported cyber intrusions across Europe.
Rather than waiting for attackers to exploit stolen credentials, MokN attempts to recover them first.
The phish-back technology designed to trap attackers
At the centre of MokN’s platform is a technology the company calls “phish-back.” Its flagship product, Baits, deploys highly realistic decoy environments such as VPN portals, authentication pages, and webmail systems that mirror a company’s real infrastructure.
When attackers attempt to use stolen credentials, they unknowingly interact with these decoys, allowing security teams to identify compromised accounts and trigger recovery workflows before credentials are weaponised or sold.
“The rapid adoption by major companies and the results achieved with our first solution confirmed one thing: this approach must go further,” says Gautier Bugeon.
The company plans to expand beyond credentials and tackle other fast-growing attack vectors, including stolen browser cookies, active sessions, and customer account compromises.
Why investors see a new cybersecurity category emerging
Investors believe MokN is addressing a blind spot that traditional identity security platforms have largely ignored.
“We invested in MokN because of Gautier’s founder-market fit as a former SOC manager and our conviction in the team’s ability to address a critical gap in cybersecurity,” says Luna Schmid, partner at GV.
“With their initial product, Baits, they’ve developed a sophisticated wedge that turns the tide on attackers by leveraging high-fidelity decoys to trigger immediate, automated recovery workflows. We believe their approach is a game-changer for enterprises looking to neutralise credential theft before it can escalate,” adds Luna Schmid.
The competitive landscape
MokN enters a highly competitive identity security market dominated by well-funded players.
Among them is Acalvio Technologies, which has raised approximately $78.5 million in total funding across multiple rounds to pioneer preemptive cyber deception. The company focuses heavily on deploying autonomous honeytokens and deceptive pathways across enterprise directories to catch credential-scraping attackers early.
Another notable competitor is CounterCraft, which raised $5 million in a Series A funding round (its most recent publicly disclosed round, raised in 2020) to deliver specialized threat intelligence through high-interaction cyber deception. The company focuses heavily on crafting automated digital twins and realistic decoy environments, such as fake authentication systems and VPN portals, to safely lure, manipulate, and track adversaries.
MokN is differentiating itself through proactive credential recovery, attempting to intercept stolen identities before they can be exploited.
What’s next for MokN?
The company plans to significantly expand its research and development efforts while launching multiple new products by the end of the year.
Alongside enterprise identities, MokN will introduce protections for customer accounts, stolen sessions, and browser cookies, attack vectors that continue to grow but remain relatively underserved by existing security vendors.
With leadership teams already operating between Paris and New York, the company plans to establish a stronger presence in the US while opening new offices in the UK. By the end of 2027, MokN aims to hire 30 additional employees across engineering, customer success, sales, and marketing.
As cyberattacks increasingly target identities rather than infrastructure, MokN is betting that the future of cybersecurity will not be about detecting stolen credentials after the fact, but recovering them before attackers can use them at all.
