BREAKING Token Security governs the identities no one onboarded Machines outnumber humans 45× in the average enterprise $20M Series A led by Notable Capital Customers include GitLab · Bloomreach · HiBob · Dayforce Triple-digit growth in 2025 New tagline: Think Machine First BREAKING Token Security governs the identities no one onboarded Machines outnumber humans 45× in the average enterprise $20M Series A led by Notable Capital Customers include GitLab · Bloomreach · HiBob · Dayforce Triple-digit growth in 2025 New tagline: Think Machine First
The Yes Press · Company Dossier · Cybersecurity

Token Security

The machine-first identity company teaching enterprises to see - and govern - the service accounts, API tokens and AI agents that quietly run the place.

2023Founded
~$27MRaised
~53Employees
NYC+ Tel Aviv
Token Security brand: Think Machine First
Token Security's brand identity - "Think Machine First." The white-and-green cluster nods to the swarm of machine identities it maps. / Company brand asset
The Story

The identity you forgot to offboard

It started with a small, uncomfortable discovery. A contractor had left. His service account had not - and it still had access across an entire organization.

That account is the reason Token Security exists. When co-founder Itamar Apelblat found the orphaned credential and talked it over with his friend Ido Shlomo - now the company's CTO - they landed on a question most enterprises had been avoiding: if one machine identity can hide in plain sight with full access, how many others are out there?

The answer, it turns out, is a lot. As companies moved to cloud and microservice architectures, the number of non-human identities - service accounts, API tokens, secrets, workloads and, more recently, autonomous AI agents - exploded. The typical enterprise now carries roughly 45 times more machine identities than human ones. By some estimates the ratio runs as high as 50-to-1. Almost none of these identities have a manager, an offboarding date, or a clear owner.

Token Security, founded in 2023 and split between New York and Tel Aviv, set out to govern that sprawl. Its platform continuously discovers non-human identities across cloud, SaaS, on-prem and AI environments, then maps each one's ownership, permissions and credential usage into a single identity graph. The point isn't just to count them. It's to answer the three questions security teams actually care about: what do we have, what can it do, and what breaks if it's compromised.

The approach is deliberately agentless. Rather than installing software on every workload, Token connects through more than 1,000 built-in integrations spanning cloud providers, identity providers, CI/CD tools, AI platforms and business systems. That lowers the friction of getting started - a practical concern for teams already drowning in tools and alerts.

Where the company has sharpened its focus most recently is agentic AI. As AI agents move from simple assistants to independent actors holding real credentials, they inherit the same problem service accounts always had: access without accountability. Token treats identity as the control plane for those agents, tying what an agent can touch to what it is actually supposed to do.

"Traditional IAM fails because it treats machines like people. We built Token machine-first and AI-native to secure the speed and scale of today's autonomous agents." Ido Shlomo, Co-Founder & CTO
By The Numbers
45×
More machines than humans
$20M
Series A (Jan 2025)
1,000+
Built-in integrations
2023
Year founded
The Customers & The Problem

Who it's for, and why now

Token Security sells to enterprise security, IAM and cloud teams - the people accountable for an attack surface that grew faster than the tools meant to watch it.

Named customers include GitLab, Bloomreach, HiBob, Dayforce and BetterHelp. What they share is scale: sprawling cloud estates where credentials multiply automatically and where a single over-privileged token can become the blast radius for a breach.

The urgency is new. Shadow IT took a decade to become a boardroom issue. Shadow AI - the agents, copilots, custom GPTs and MCP servers that teams wire up on their own - is arriving in months, already holding live credentials. Discovery is step one, and it is the step most companies skip.

Token's pitch to overwhelmed teams is not more alerts. It is knowing which non-human identity is the real risk, who owns it, and how to right-size or retire it - across its full lifecycle.

Infographic · The machine identity gap

A rough picture of where an enterprise's identities live. Non-human identities dominate - and most are unmanaged.

Human users
Service accts
high
Machine IDs
45×
AI agents
rising

Illustrative. Ratios based on Token Security and industry figures cited publicly (~45× machine-to-human; up to 50:1).

Products & Services

Discover. Understand. Enforce.

Token's platform runs on three pillars - and a growing set of AI-native tools built on top of them.

Pillar 01 · Discover

See every identity

Continuous, agentless discovery of service accounts, tokens, secrets, workloads, AI agents and MCP servers across cloud, SaaS and custom frameworks - including shadow AI.

Pillar 02 · Understand

Map the blast radius

Correlates agents, humans, secrets, permissions and data into a unified identity graph with ownership attribution, behavioral analysis and multi-agent traceability.

Pillar 03 · Enforce

Right-size & govern

Least-privilege enforcement, intent-based access, automated remediation, lifecycle control and compliance validation with audit trails and forensics.

2025 · Agentic AI

AI Agent Lifecycle

Extends identity governance to autonomous AI, controlling agents from creation to decommissioning with intent-based, purpose-bound access.

2025 · Interface

Token MCP & AI Agent

A real-time, natural-language interface and built-in conversational agent that let teams query and act on their environment from chat.

2026 · Build

Enzo

An AI-native application builder that turns plain-English requests into identity-security apps, built on Token's live identity data.

Where It Fits

A category being drawn in real time

Non-human identity is one of cybersecurity's fastest-forming categories, and Token Security is not alone in it. Rivals such as Astrix Security, Oasis Security, Clutch Security, Aembit, Natoma and Silverfort are chasing versions of the same problem, while incumbents like CyberArk - through its Venafi acquisition - approach machine identity from the certificate side.

Token's stated wedge is being machine-first and AI-native from day one rather than retrofitting human-centric IAM. Its agentless, integration-heavy deployment and its early lean into agentic AI - intent-based controls, agent lifecycle management, an identity graph that shows blast radius - are how it argues for daylight between itself and both legacy IAM and newer NHI peers.

The investors backing that thesis are telling. The $20M Series A was led by Notable Capital (formerly GGV Capital), with checks from executives at Palo Alto Networks, CrowdStrike, Check Point and Venafi - the people who built the last generation of security tools. Angels include Shlomo Kramer, co-founder of Check Point and Cato Networks, and Kevin Mahaffey, co-founder of Lookout.

Recognition has followed: a spot on The Information's "50 Most Promising Startups of 2025," a finalist nod at the 2024 Cyber Defense Awards, and a place on the 2026 MES Midmarket 100 list. The company reported triple-digit growth in 2025 as security, IAM and cloud teams raced to get visibility over agentic AI.

"2025 was the year non-human identity risk stopped being theoretical, with AI agents, service accounts and machine credentials outnumbering human users by orders of magnitude." Itamar Apelblat, Co-Founder & CEO
The Money

Funding

Seed · May 2024
$7M
Emerged from stealth
TLV Partners, SNR, and angels including Shlomo Kramer & Kevin Mahaffey.
Series A · Jan 2025
$20M
~8 months after stealth · total ~$27M
Led by Notable Capital, with TLV Partners and execs from Palo Alto Networks, CrowdStrike, Check Point & Venafi.
Timeline

From orphaned account to a category

2023

Founded

Itamar Apelblat and Ido Shlomo start Token Security to tackle the sprawl of unmanaged non-human accounts.

2024

Out of stealth, $7M seed

Launches a machine-first identity platform, introducing the "machine-first era in identity security."

2025

$20M Series A

Notable Capital leads a round to secure machine identities from legacy apps to AI agents; expands into agentic AI governance.

2026

Scaling agentic AI

Reports triple-digit 2025 growth, ships intent-based AI agent controls, and launches Enzo, its AI-native app builder.

Watch & Learn

Demos & interviews

Questions

FAQ

What does Token Security do?

It secures non-human identities - service accounts, API tokens, workloads and AI agents - by discovering them across cloud, SaaS and AI environments, mapping their ownership and access, and enforcing least-privilege and lifecycle controls.

Who founded Token Security and when?

It was founded in 2023 by CEO Itamar Apelblat and CTO Ido Shlomo, both security veterans, with headquarters in New York and R&D in Tel Aviv.

How much funding has it raised?

Publicly, about $27M - a $7M seed round in 2024 and a $20M Series A led by Notable Capital in January 2025.

Who are its customers?

Enterprise security, IAM and cloud teams. Named customers include GitLab, Bloomreach, HiBob, Dayforce and BetterHelp.

How is it different from traditional IAM?

It is built machine-first and AI-native rather than adapting human-centric IAM, and deploys agentlessly with 1,000+ integrations to discover and govern the machine identities that outnumber human users.

Find Token Security

Links

non-human identityai agent securityagentic aimachine identityidentity securitycloud securityzero trustnhiiamshadow ai