Cyber security startup MokN raises £11.2m led by GV with Datadog
This article covers MokN, a cybersecurity startup, which has closed a £11.2m growth funding round led by GV to scale its Phish-Back identity protection product, broaden into a multi-product identity protection platform and open offices in the United States. The funding will support R&D and hiring across sales, engineering and customer success and is aimed at helping enterprises and mid-sized businesses reduce the impact of credential theft and phishing by operationalising proactive identity recovery.
MokN has closed a £11.2m growth funding round led by GV (Google Ventures) to scale its Phish-Back identity protection product in the UK, broaden the business into a multi-product identity protection platform and open offices in the United States. The capital will also fund R&D and hiring across sales, engineering and customer success.
Why it matters
Credential theft and phishing remain the primary vectors for breaches across Europe and the UK. ENISA’s Threat Landscape 2025 attributes around 60% of reported intrusions in Europe to phishing, while the UK’s Department for Science, Innovation and Technology found 43% of businesses experienced a cyberattack or data breach in the prior year, with phishing the most common vector. MokN’s approach targets that gap by moving from passive detection to proactive neutralisation of compromised credentials.
Funding of this size and profile — GV leading, with participation from Datadog and existing backers Moonfire and OVNI Capital — signals continued investor appetite for identity-focused cybersecurity tools that can be operationalised at enterprise scale.
Inside the product
MokN’s first product set, Baits, deploys high-fidelity decoy access points that imitate real corporate entry points such as VPN portals and webmail. When an attacker attempts to use stolen credentials on a decoy, the system captures the credentials and triggers automated workflows to neutralise the threat before it can be abused or posted on the dark web. MokN brands the approach Active Identity Recovery and says its platform protects more than one million users across large enterprises and mid-sized businesses.
The company also markets a broader Phish-Back capability that ties detection into recovery actions, positioning the product as a wedge that can be expanded into additional identity protection modules.
Who are the investors?
The £11.2m round was led by GV (Google Ventures). Participants include Datadog, and existing investors Moonfire and OVNI Capital, alongside a group of angel investors. The funding is earmarked for expanding MokN’s UK footprint, accelerating international expansion into the US, and boosting R&D and go-to-market capacity.
In the announcement, Luna Schmid, partner at GV, said:
We invested in MokN because of Gautier’s founder-market fit as a former SOC manager and our deep conviction in the team’s ability to address a critical gap in the cybersecurity market. With their initial product, Baits, they’ve developed a sophisticated wedge that turns the tide on attackers by leveraging high-fidelity decoys to trigger immediate, automated recovery workflows. We believe their approach is a game changer for enterprises looking to neutralize credential theft before it can escalate.
If you're researching potential backers in this space:
- Explore our list of cyber security venture capital firms in the UK
- Browse our directory of cyber security angel investors in the UK
Founder perspective
MokN was co-founded by Gautier Bugeon, a former security operations centre manager, who built the product from operational experience of how compromised identities persist as a blind spot. The company says its client base includes organisations in finance, retail and healthcare, and several Fortune Global 500 companies.
In the announcement, Gautier Bugeon, CEO & co-founder at MokN, said:
As a former SOC Manager, I experienced firsthand how compromised identities remained a critical blind spot. MokN was built to change that. Today, we work with major enterprises to define a new category - Active Identity Recovery - giving them a proactive edge against identity-based attacks.
The bigger picture
Identity and credential protection is becoming a priority for boards and security teams as the cost and frequency of account-based intrusions rise. Tools that automate recovery and reduce dwell time on compromised accounts are attractive because they plug directly into existing authentication and incident response workflows.
GV’s involvement — together with technology participants such as Datadog — may also reflect a desire to combine telemetry, detection and automated recovery in ways that scale across cloud-native and hybrid environments.
The wider market includes incumbents focused on detection, threat intelligence and identity access management; MokN is positioning itself as a complement to those controls by turning attacker operations against themselves through decoys and recovery automation.
This deal underlines a continued flow of venture capital into cybersecurity offerings that address specific enterprise pain points. For the UK and Europe, where regulatory scrutiny and incident reporting are increasing, solutions that can materially reduce the impact of credential theft are likely to remain a funding focus.
They've invested in MokN
Get to know these cyber security investors
| Investors | Investment Focus | Startup Investments | Round Size | Connect |
|---|---|---|---|---|
Recursive SuperintelligenceMestag TherapeuticsSolveAI+15 | ||||
NeuphonicStanhope AISigmaOSLightdashPento Services | ||||
 OVNI Capital( ) | MokN | |||
| All investors | All investor sectors | All funded startups | All funding rounds |
Click here for a full list of 7,589+ startup investors in the UK