Skip to main content

Pre-seed round, open now

Butterfly is raising pre-seed.

Identity disaster recovery. Solo founder, AI-CEO operating model, two OIN listings live, SOC 2 Type II kicking off with Drata this month.

Email MickBook 30 minutes

What we're building

Butterfly Security is backup and recovery for the identity control plane. We snapshot your Okta, Okta Workflows, and Auth0 tenants on a schedule, detect drift, and let you restore users, groups, applications, policies, network zones, and workflow definitions with a Terraform-style preview before anything touches production.

The enterprise surface is the part security reviews ask about. 99.95% uptime SLA with service credits. MSA, DPA, and BAA on request. SAML SSO and SCIM 2.0 for the admin console. Multi-tenant row-level isolation with per-team encryption keys and per-team audit logs. Custom audit-log retention up to seven years. Priority support with a named technical contact and an escalation path direct to the founder.

The platform is purpose-built for the identity domain, not a generic backup product retrofitted to it. Two listings live in the Okta Integration Network, a free Chrome extension for admin operators, a remote MCP server, an OAuth Authorization Server, and an Audit Pack PDF generator that maps backup evidence to SOC 2, HIPAA, NIST 800-53, ISO 27001, CIS Controls, and PCI DSS controls.

Why now

Identity infrastructure is the new database. And nobody's backing it up.

The Okta support-system breach in October 2023 leaked customer session tokens for weeks before anyone noticed. The Snowflake credential incident in 2024 chained through identity, not infrastructure. Scattered Spider walked into MGM and Caesars through a helpdesk call, not a CVE. The pattern is identical every time. The IdP is the blast radius. Reset the IdP, the whole company is back. Lose the IdP, the whole company is down. There is no Plan B because nobody built one.

We backed up servers in the 90s, databases in the 2000s, SaaS data in the 2010s. Identity got skipped because for a decade it was "just SSO config." It is not anymore. It is groups, policies, network zones, app assignments, workflows, custom claims, lifecycle automations. Rebuilding by hand after a destructive incident is a 40-hour outage minimum. Most teams have never tested it.

CISOs are line-iteming "identity resilience" in 2026 budgets. Pen-test reports now ask for an IdP DR runbook. That is a category forming in real time.

Traction

Honest snapshot. Every number traceable to git, prod, or sent.log. No fabricated ARR. No fabricated logos.

  • Two OIN listings live

    butterfly-security-api-service (backup, API Services) and butterfly-security (SSO/SCIM) are both published in the Okta Integration Network.

  • SOC 2 Type II kicking off with Drata this month

    Observation window begins this quarter. Type 1 target Q3 2026, Type 2 target Q1 2027. No third-party attestation has been issued yet.

  • 127 commits to main in the last 7 days

    443 commits in the last 30 days. Self-deploy, ship-and-verify discipline on every change. Engineering-team velocity from one human plus Claude.

  • Active evaluation conversations

    bit.bio (Sr IT Mgr, replied within 3h of first cold contact), Sprinto, Mercury, Pliancy. Pre-revenue, no paying customers yet.

  • Pre-revenue

    Free and trial users active; no paid conversions logged. Pricing tiers live (Free, Standard $1/user/mo $99 min, Business $2/user/mo $299 min); Stripe checkout shipped.

Source: partner/fundraising/2026-06-15-traction-snapshot.md in the repo. Available on request.

Public mirror with verifiable links: /numbers.

Team

Solo founder, AI-CEO operating model. Mick Johnson runs the company end to end with Claude as the operating co-pilot. Engineering, GTM, compliance, support, partner, and finance are all in a single rolling-window personas system with memory persistence across sessions. The proof is in the velocity: 127 commits to main last week with full test, lint, typecheck, deploy, and live-probe discipline on every change.

The first two hires post-raise are an identity domain engineer and a platform/SRE engineer. The AI-CEO operating model is not a substitute for those people. It is what lets one founder hold the company together long enough to be picky about who they are.

More on the founder and the operating model at /about.

The ask

$1.5M pre-seed. 18 months of runway to the milestones below.

Use of funds

  • People55%

    First two engineering hires (identity domain + platform/SRE), plus a founding GTM partner once the first paying customers land.

  • Sales and marketing18%

    Programmatic SEO build-out, partner co-sell motion with Okta, conference presence, and the first paid demand-gen tests.

  • Compliance and legal14%

    SOC 2 Type II audit fees with Drata, external penetration test, ISO 27001 readiness, MSA/DPA/BAA legal review.

  • Infrastructure8%

    Cloudflare Workers, R2, observability, Anthropic API spend for the AI-CEO operating model, and Stripe processing.

  • Reserve5%

    Operating runway buffer. Unallocated optionality for unexpected hires or partner deals.

Milestones to Series A

  • SOC 2 Type II report in hand
  • 10 paying customers
  • $50k+ MRR
  • Okta co-sell pilot live

Financial model and milestone detail available on request.

Get in touch

Direct to the founder. No gatekeepers, no associate filter.

mick@butterflysecurity.orgBook 30 minutes

Deck available on request. Reply to start.