The surge in machine identities is primarily driven by the rapid advancements in cloud computing and artificial intelligence, resulting in substantial security challenges by creating multiple entry points for hackers. For instance, a breach in 2023 involving the authentication application Okta was motivated by the exploitation of a service account, while a significant security incident disclosed by Microsoft in 2024 stemmed from an old test account.
The inception of Token Security was prompted by these very threats: Itamar Apelblat, who previously worked in a different company, discovered that an obsolete service account designated for contractors retained full access across the organisation. Upon sharing this alarming revelation with his friend and current CTO Ido Shlomo, they concurred that addressing the increase of non-human accounts was paramount.
Token Security emerged from stealth earlier this year and was established in 2023, successfully securing $20 million in Series A funding, as reported by StartupSuperb. The funding round, led by Notable Capital (previously GGV Capital), included contributions from TLV Partners along with executives from prominent firms such as Palo Alto Networks, CrowdStrike, and Check Point, thereby raising Token’s total funding to $27 million.
Token Security boasts a platform that comprehensively scans a company’s technological framework to automatically identify machine identities and their respective custodians. This functionality aids clients in preemptively addressing potential breaches. The startup mentioned to StartupSuperb that HPE is among its clientele, and reported that the majority of incidents it has averted involved either outdated credentials or accounts with excessive internal permissions.
A significant driver of growth within machine identity security is the heightened vulnerability of these accounts compared to those held by human users. Typically, employees who depart from an organisation undergo a systematic offboarding procedure for their login credentials. Conversely, accounts created impulsively for particular projects or shared among various contractors often bypass such processes.
According to Apelblat, “Hackers don’t break in; they log in.” He emphasised that whilst organisations have made commendable strides in securing human identities with measures like multi-factor authentication, automated systems present unique challenges.
The co-founders of the startup crossed paths while serving in Israel’s Unit 8200, renowned for nurturing numerous cybersecurity firms, including Wiz, Snyk, and Apiiro.
Within the unit, Apelblat concentrated on defensive security, while Shlomo spearheaded offensive operations against nation-state threats, which involved infiltrating adversary technologies for intelligence gathering or mission disruption.
Shlomo shared, “Itamar and I met 16 years ago when I assisted him with his bootlaces on our initial recruitment day into Unit 8200. Since then, we have remained virtually inseparable, navigating army service, university, and various entrepreneurial pursuits together.”
Machine identity security is currently a burgeoning domain within cybersecurity. Last year, Israel’s Oasis emerged from stealth with $40 million to address comparable challenges. Moreover, the most significant acquisition in this field transpired in 2024 when Israel’s CyberArk purchased the American company Venafi for $1.54 billion.
Token Security intends to utilise its recent funding to relocate its headquarters from Israel to the United States, with Apelblat scheduled to move next month. This strategic move is intended to tap into the significantly larger enterprise security market in the U.S. The company also aims to enhance its platform’s AI security features and expand its executive team, as disclosed to StartupSuperb.