About Koh Cyber
We build email security tools that respect your privacy and don’t require a PhD to operate.
Our mission
Business email compromise (BEC) and phishing cost organisations billions every year — and the attack surface keeps growing. Most victims are not large enterprises with dedicated security teams. They’re professional services firms, non-profits, and small businesses who moved their email to Google Workspace and assumed “Google handles security”.
Koh exists to give those organisations access to the same quality of email threat detection that Fortune 500 companies have — without requiring an IT department, an MX record change, or a six-figure contract.
We built Koh on one conviction: good security tools should be simple, transparent, and respectful of user data. Every feature, every design decision, and every line of code is guided by that principle.
What we believe
Privacy by design
We never store email body text. Every design decision starts with the question: do we actually need this data?
Transparency over black boxes
Our detection is deterministic and explainable. Every quarantine action has a reason you can read and audit.
Minimal footprint
We request only the Gmail OAuth scopes we need. No admin SDK, no Drive, no Calendar — just email.
Security-first engineering
Regular security reviews, dependency scanning, input validation on every endpoint, and short-lived JWT sessions.
The team
Koh is a small, focused team with deep backgrounds in email infrastructure, application security, and enterprise SaaS. We’re headquartered in the United States and operate infrastructure on Google Cloud.
We’re not VC-funded. We’re building a sustainable, customer-funded business — which means our incentives are aligned with yours.
Ready to see Koh in action?
15-day free trial. No credit card required.
Start free trial