The number of machine identities is booming thanks to the growth of cloud and AI — and it’s posing real security problems by giving hackers way more entry points than ever before. For example, a 2023 hack of authentication app Okta was caused by exploiting a service account while in 2024, Microsoft disclosed a major hack based on an old test account.
Token Security’s creation was sparked by exactly this kind of security risk: At a previous job, Itamar Apelblat found that an old service account for contractors still had full access across the entire organization. When Apelblat, now CEO of Token Security, told his friend and now CTO Ido Shlomo about the incident, they agreed that tackling the proliferation of these kind of non-human accounts was critical.
Token Security, which emerged from stealth earlier this year and was founded in 2023, has now raised $20 million in Series A funding, the startup told TechCrunch. Notable Capital (formerly GGV Capital) led the round, with participation from TLV Partners and executives from Palo Alto Networks, CrowdStrike, and Check Point, bringing Token’s total funding to $27 million.
Token Security says its platform looks across a company’s entire tech stack to automatically pinpoint machine identities and who is responsible for them, helping customers catch potential breaches before they can happen. The startup, which told TechCrunch it counts HPE as one of its customers, says most incidents it has helped prevent involved credentials that were outdated or had excessive internal access.
A key factor driving growth in machine identity security is that these kinds of accounts can be significantly more vulnerable to hackers than human ones. After all, a human who leaves a company typically has a clear offboarding process for their login credentials. But accounts created on the fly for specific projects, or that are meant to be shared by various contractors, don’t go through those kinds of processes nearly as often.
“Hackers don’t break in; they log in,” Apelblat told TechCrunch. “Enterprises have done a good job securing human identities with things like multi-factor authentication, but automated systems are different.”
The startup’s co-founders met at Israel’s Unit 8200 military intelligence unit, a prolific source of cybersecurity startup founders like those at Wiz, Snyk, and Apiiro, to name a few.
Apelblat worked on defensive security at the unit while Shlomo led work against nation-state actors on the offensive side — that is, actually getting into an enemy country’s tech to gather intelligence or disrupt their operations.
“Itamar and I met 16 years ago when I helped him tie his bootlaces on our first day being recruited into Unit 8200,” Shlomo told TechCrunch. “We’ve been pretty much inseparable since then, going through army service, university, and entrepreneurial ventures together.”
Machine identity security is a hot field in cyber. Last year, Israel’s Oasis emerged out of stealth with $40 million to tackle similar issues. The biggest deal in the space also happened in 2024 when Israel’s CyberArk acquired U.S. firm Venafi for $1.54 billion.
Token Security says it’s using its new funding to relocate its headquarters from Israel to the United States, with Apelblat moving there next month. (The U.S. has a much bigger enterprise security market than Israel.) The company also plans to use the funding to expand its platform’s AI security capabilities and grow its executive team, it told TechCrunch.
