MokN Secures $15M to Build the Phish-Back Defense Category
Security startup MokN has raised $15 million in funding to develop and commercialize what it calls a "phish-back" platform — a new category of deception-based defense technology that turns credential phishing attempts against the attackers who launch them.
The company's platform deploys realistic decoy access points that mimic legitimate corporate login portals, cloud services, and internal applications. When an attacker attempts to harvest credentials using these decoys, MokN captures the compromised credential set and threat intelligence about the attacker, enabling defender teams to respond before any actual abuse of those credentials can occur.
How Phish-Back Works
Traditional phishing defense focuses on detection and blocking — identifying malicious emails before they reach users, or warning users not to click suspicious links. MokN's approach flips this model.
By seeding the internet and dark web communities with convincingly-staged fake credential stores and access points, MokN creates high-fidelity tripwires. When a threat actor attempts to use stolen or purchased credentials against one of these decoys, the platform:
- Captures the attacker's infrastructure details — IP addresses, browser fingerprints, timing patterns
- Identifies which specific credentials were compromised and tested
- Alerts the defender organization in real time before the real systems are targeted
- Provides actionable threat intelligence about the attack campaign
This approach is designed to address a core problem in credential-based attacks: by the time most organizations discover their credentials have been compromised (often via breach notification services weeks later), attackers have already moved through their environment.
The Credential Threat Landscape
The timing of MokN's funding is notable. Credential theft has surged in 2026, driven by:
- Info-stealer malware proliferation — tools like Lumma, Redline, and Remus are widely available on criminal markets and routinely harvest browser-stored passwords at scale
- Supply chain attacks — compromised npm, PyPI, and other package repositories have pushed credential-stealing code onto developer workstations
- AI-enhanced phishing — generative AI has dramatically lowered the quality bar for convincing spearphishing emails, increasing credential compromise rates
The 2026 Verizon Data Breach Investigations Report highlighted that vulnerability exploitation has overtaken credential theft as the top initial access vector for the first time, but compromised credentials remain the primary method for lateral movement once attackers are inside a network.
Investor Confidence in Deception Technology
The $15 million raise signals growing investor interest in deception technology — a category that includes honeypots, canary tokens, and fake infrastructure designed to detect and study attackers in action. The category has historically been viewed as niche, but its value proposition has strengthened as detection-focused tools struggle to keep pace with attacker sophistication.
MokN's differentiation is the offensive lean of its approach. Rather than passively waiting for attackers to hit decoys, the platform actively spreads convincing fake credential material into channels where stolen data is bought and sold, increasing the probability of early detection.
What This Means for Defenders
For security teams evaluating their credential defense posture, MokN represents a new option in an evolving toolkit. The practical benefits include:
- Earlier warning of credential compromise — potentially weeks or months before attackers attempt to use them against real systems
- Attacker attribution data that can be shared with law enforcement or threat intelligence communities
- Reduced dwell time — one of the most damaging metrics in incident response, reflecting how long attackers operate undetected inside a network
Organizations particularly at risk of targeted credential attacks — financial services, healthcare, critical infrastructure, and high-value tech companies — are the most likely early adopters.
Caution Points
Deception-based platforms carry operational considerations:
- Legality of active deception varies by jurisdiction and requires careful legal review before deployment
- False positives are possible if internal red team exercises or penetration tests trigger decoys
- Integration complexity with existing SIEM and SOAR workflows needs careful planning
MokN has not yet published detailed technical documentation on its approach to these challenges. Organizations considering the platform should request specifics on data handling, legal compliance frameworks, and integration architecture during any evaluation.
Summary
MokN's $15M raise validates deception technology as a maturing discipline in enterprise security. The phish-back model represents a genuinely proactive stance on credential defense — moving beyond detection and remediation to active adversary engagement. Watch for the company to emerge in competitive evaluations against established deception players like Illusive Networks, Attivo, and TrapX as it scales its go-to-market with the new funding.