Why We Invested In Token Security
January 28, 2025
Today, employees might log in to a half-dozen SaaS and internal apps all before they’ve finished their first cup of coffee. This might not seem like a major security problem, but in reality, it creates a major risk for enterprises. Beneath the surface of the applications that teams use for productivity and even security sit hundreds and even thousands of non-human identities (NHIs)—API keys, OAuth tokens, service accounts, and machine identities– which silently make numerous requests. A single developer pushing a few lines of code might trigger multiple APIs and service accounts into action without any visibility for the developer or their security team. This reality intensifies with the emergence of GenAI and the rise of Agents. With agents swarms increasingly augmenting every user action, the number of non NHIs are increasing from hundreds of thousands to millions, creating a massive, underprotected attack surface for enterprises.
This explosion presents a unique challenge for security teams. While NHIs are critical for enabling systems to communicate, they also become prime targets for hackers. Breaches are no longer just a matter of compromised passwords; attackers now exploit mismanaged NHIs to move laterally within an organization and access the most critical systems, often undetected.
Despite this growing risk, traditional identity and access management (IAM) solutions and multi-factor authentication (MFA) tools were built for human users, leaving a critical gap for securing NHIs. Security teams are often forced to resort to manual processes like key rotation, which are inefficient, error-prone, and disruptive to operations. As organizations scale, the lack of visibility, accountability, and lifecycle management for NHIs becomes unsustainable.
This is where Token Security comes in.
Token Security is redefining how organizations manage and secure NHIs. Their solution begins by taking a comprehensive inventory of all NHIs, no matter where they reside—whether in the cloud, SaaS applications, on-prem systems, or infrastructure-as-code. From there, Token maps these identities to their associated services and human owners, creating a detailed view of each NHI’s potential impact in the event of a breach. This insight empowers security teams to take decisive action, such as rotating keys, enforcing least privilege, or decommissioning unused identities.
What makes Token stand out is its ability to tackle the entire lifecycle of NHIs—from discovery and attribution to continuous monitoring and remediation. By bridging the gap between security and operational teams, Token not only reduces the risk of breaches but also eliminates friction in the development lifecycle, allowing organizations to innovate securely and efficiently.
Token Security is led by co-founders Itamar Apelblat and Ido Shlomo, childhood friends who grew up to become cybersecurity experts in Israel’s elite Unit 8200. Their technological military experience provided them with a firsthand understanding of how attackers exploit identity systems and shaped their approach to building scalable, secure solutions.
These experiences have translated into a product that resonates deeply with security teams. Beyond their technical expertise, Itamar and Ido have built a team capable of executing at the highest level. Their humility, curiosity, and relentless focus on customer feedback have made Token a trusted partner for CISOs tackling the NHI challenge.
The rapid rise of AI is forcing CISOs to protect against today’s threats while ensuring their companies are well-prepared for the threats of the future. Agents are coming quickly, and the best security teams will be AI enablers, not AI blockers. Token’s platform manages agent identities alongside the rest of an organization’s NHIs, providing robust lifecycle management to ensure agents don’t create a massive new threat vector.
At Notable Capital, we are thrilled to lead Token Security’s Series A financing. The scale and complexity of the NHI problem demand a purpose-built solution, and Token has emerged as a clear leader in this critical space with the most comprehensive product vision. Their ability to combine deep technical capabilities with a customer-first approach allows Token to move quickly and sets it apart from the competition.
The future of work will increasingly rely on non-human actors—from autonomous agents powered by AI to service accounts driving automation. Token Security is ensuring organizations can manage this future securely, reducing risks while empowering innovation.
As Token continues to expand its platform and reach, we’re excited to support Itamar, Ido, and their team on this journey. Their mission to secure the identity fabric of tomorrow’s enterprises aligns perfectly with our vision for the future of cybersecurity. Together, we believe Token Security will set a new standard for how organizations protect their most critical assets in a rapidly evolving digital landscape.
