Ushering in the Era of Machine-first Identity Security: Why We Invested in Token Security

Life is becoming more automated and we are only in the very first innings. If the rate of change in 2023 and the first half of 2024 is an indicator, we are heading towards an autonomous world very quickly. And while most recent attention has gone to consumer-facing AI apps such as ChatGPT, these are just the tip of an automation iceberg which has been forming for many years due to widespread adoption of SaaS, microservices, and APIs. The proliferation of automated tools that require access to customer cloud environments creates new security challenges. 

Today, we are thrilled to announce the newest addition to the TLV Partners portfolio – Token Security, an exciting startup that’s offering a fresh take on identity security. The company has announced today a $7M Seed round led by TLV Partners with participation from SNR and several angel investors including Shlomo Kramer. 

We believe they are ready to make a much-needed change in a field dominated by legacy tech that’s no longer fit for purpose. 


The Machine Identity Crisis

Modern software architectures have broken down the monolith, or central command, into distributed microservices responsible for administering certain, usually very specific tasks within the application (such as communicating with a payments gateway or running a back-end query to verify user details). These tasks are usually initiated by humans, or customers, and perhaps today they could even be kicked off by autonomous agents.

As each of these ‘units’ (which can be a microservice, API, or SaaS tool) has its own role to perform in the application, they will also have a unique identity. And these identities are growing, fast: while human identities are increasing at a fairly linear pace, machine identities are growing exponentially. In fact, the average organization has 45x the number of machine identities compared to human identities. This has created a fast-growing identity attack surface, which existing identity security tools are not built to secure. 

Machines and humans behave differently. For one thing, machines are far more efficient, which means they operate at a different scale and speed. They also require different authentication techniques, and there is no single source of truth for the machine identities.

GenAI takes machine identity to a new level: it opens up the possibility of machines having human-like qualities, rather than merely performing a specific set of tasks. Instead of defining specific tasks, what happens when machines have the independence to make their own decisions? This makes the identity problem significantly more complex. As we become more reliant on machines or agents to perform tasks, and as we give them more responsibility and permissions, they can create a considerably higher level of risk to the organization.


A Modern Solution for a Modern Problem

We believe that the rise of machines is an opportunity to rethink the way we secure machine identities. A modern identity security solution should manage the entire lifecycle of the machine, from creation to being issued its specific credentials, store those credentials, monitor and even revoke credentials when they are no longer in use. 

This is the premise upon which Token Security was founded. Token Security’s machine-first identity platform is built for an environment where machines play a more critical role in the performance of application events. It is also built for machines or all types and responsibilities. While legacy, human-centric solutions build a list of employees and contractors that check access to systems against it, Token Security turns this approach on its head, starting with machines and keeping track of who has access and for what purpose.

When we met Itamar Apelblat (CEO) and Ido Shlomo (CTO), we were blown away by their ability to describe the future of application architecture, one that relies on vast automation and flexible machine identity management. Itamar is a second-time entrepreneur, specializing in defensive measures and Ido in offensive cyber operations. They previously held key leadership roles in the Israeli Intelligence Corps Unit 8200 and have both startup and corporate experience.

We are excited to partner with Itamar, Ido, and the Token Security team as they continue building the machine-first identity platform – and give organizations the tools to embrace further innovation at scale.