Machine Identity Security: Token Security Raises $20M

The Surge in Machine Identities and Emerging Security Challenges

The proliferation of machine identities is accelerating, fueled by the expansion of cloud computing and artificial intelligence. This growth introduces significant security vulnerabilities, providing attackers with an increased number of potential access points.

Recent incidents highlight these risks. The 2023 compromise of Okta, a prominent authentication application, stemmed from the exploitation of a service account. Similarly, Microsoft revealed a substantial breach in 2024 originating from an outdated test account.

The Genesis of Token Security

Token Security was founded in response to these very security concerns. CEO Itamar Apelblat discovered a dormant service account, retained from a previous contracting engagement, that still possessed comprehensive organizational access.

Sharing this discovery with Ido Shlomo, now the company’s CTO, they jointly recognized the critical need to address the escalating number of these non-human accounts.

Series A Funding and Investment

Emerging from stealth earlier this year, Token Security, established in 2023, has secured $20 million in Series A funding. This round was spearheaded by Notable Capital (formerly GGV Capital), with contributions from TLV Partners and executives from leading cybersecurity firms like Palo Alto Networks, CrowdStrike, and Check Point.

This investment brings Token Security’s total funding to $27 million.

Platform Capabilities and Proactive Breach Prevention

Token Security’s platform is designed to comprehensively scan an organization’s entire technology infrastructure. It automatically identifies machine identities and assigns ownership, enabling customers to proactively detect and prevent potential security breaches.

The company, which has already added HPE to its customer base, reports that the majority of prevented incidents involved compromised credentials that were either obsolete or granted excessive internal permissions.

Vulnerability of Machine Identities

A significant driver of growth in the machine identity security sector is the heightened vulnerability of these accounts compared to those used by human employees.

Human users typically undergo a structured offboarding process when leaving a company, revoking their access credentials. However, accounts created for specific projects or shared among contractors often lack such rigorous oversight.

The "Log In, Don't Break In" Philosophy

“Attackers typically gain access by exploiting existing credentials rather than attempting to breach systems,” explains Apelblat. “Organizations have made considerable progress in securing human identities through measures like multi-factor authentication, but automated systems require a different approach.”

Founders' Background and Expertise

The co-founders of Token Security first connected while serving in Unit 8200, Israel’s elite military intelligence unit. This unit has consistently produced founders of successful cybersecurity companies, including Wiz, Snyk, and Apiiro.

Apelblat specialized in defensive security within the unit, while Shlomo led offensive operations targeting nation-state actors.

A Long-Standing Partnership

“Ido assisted me with a simple task on our first day of recruitment at Unit 8200 – helping me tie my boots,” recalls Shlomo. “Since then, we’ve remained close collaborators, navigating military service, higher education, and entrepreneurial endeavors together.”

Competitive Landscape

The machine identity security market is gaining momentum. In 2023, Oasis, another Israeli firm, emerged from stealth with $40 million in funding to address similar challenges.

A significant transaction in the sector occurred in 2024 with CyberArk’s acquisition of U.S.-based Venafi for $1.54 billion.

Future Plans and Expansion

Token Security intends to utilize the newly acquired funding to relocate its headquarters from Israel to the United States, with Apelblat leading the transition next month. The U.S. market presents a larger opportunity for enterprise security solutions.

The company also plans to enhance its platform’s AI-powered security features and expand its leadership team.