The Machine Identity Crisis: A Hacker’s Playground

The explosion of cloud computing and AI has unleashed a tidal wave of machine identities — and hackers are feasting on the chaos. These non-human accounts, often overlooked and under-secured, are becoming the Achilles’ heel of modern cybersecurity. Think about it: while human identities are guarded with multi-factor authentication and rigorous offboarding processes, machine identities are often left wide open for exploitation.

Take the 2023 Okta breach, where hackers exploited a service account to infiltrate the system. Or Microsoft’s 2024 disclosure of a major hack tied to an old test account. These aren’t isolated incidents — they’re a wake-up call. And Token Security is here to answer it.

“Hackers don’t break in; they log in.”

— Itamar Apelblat, CEO of Token Security

Token Security: Born from a Security Nightmare

Token Security’s origin story reads like a cybersecurity thriller. Co-founder Itamar Apelblat discovered a ticking time bomb at a previous job: an old service account for contractors still had full access across the entire organization. When he shared this horror story with his friend and now CTO, Ido Shlomo, they knew they had to act. Fast forward to today, and Token Security has just raised a whopping $20 million in Series A funding, bringing their total funding to $27 million.

• Notable Capital (formerly GGV Capital) led the round.
• Participation from TLV Partners and execs from Palo Alto Networks, CrowdStrike, and Check Point.
• Token Security’s platform scans entire tech stacks to identify and secure machine identities, preventing breaches before they happen.

Why Machine Identities Are a Hacker’s Dream

Here’s the brutal truth: machine identities are low-hanging fruit for hackers. Unlike human accounts, which are deactivated when an employee leaves, machine accounts often linger like ghosts in the system. They’re created for specific projects, shared among contractors, and then forgotten — until a hacker finds them.

Token Security’s platform is designed to tackle this exact problem. By automatically pinpointing machine identities and assigning accountability, it helps companies catch vulnerabilities before they’re exploited. And the results speak for themselves: Token has already prevented breaches involving outdated credentials and excessive internal access for clients like HPE.

From Military Intelligence to Cybersecurity Dominance

The founders of Token Security aren’t just tech entrepreneurs — they’re battle-tested cybersecurity warriors. Apelblat and Shlomo met 16 years ago in Israel’s elite Unit 8200, a breeding ground for cybersecurity giants like Wiz, Snyk, and Apiiro. Apelblat focused on defensive security, while Shlomo led offensive operations against nation-state actors. Their bond? Unbreakable.

“We’ve been pretty much inseparable since then, going through army service, university, and entrepreneurial ventures together.”

— Ido Shlomo, CTO of Token Security

The Machine Identity Security Gold Rush

Token Security isn’t alone in this fight. The machine identity security space is heating up:

• Israel’s Oasis emerged from stealth with $40 million in 2024.
• CyberArk acquired U.S. firm Venafi for a staggering $1.54 billion.

But Token Security is playing to win. With its new funding, the company is relocating its headquarters from Israel to the U.S. — a strategic move to tap into the massive enterprise security market. They’re also doubling down on AI-driven security capabilities and expanding their executive team.

The Bottom Line: Secure Your Machines or Pay the Price

Machine identities are the new frontier in cybersecurity, and hackers are already exploiting the gaps. Token Security’s $20 million funding round is a testament to the urgency of this issue. If your organization isn’t securing its machine identities, you’re essentially rolling out the red carpet for hackers. Don’t wait for a breach to act — the time to lock down your systems is now.