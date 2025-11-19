



NEW YORK, Nov. 19, 2025 (GLOBE NEWSWIRE) -- Token Security , the leader in Agentic Identity security, today announced new AI Agent Identity Lifecycle Management capabilities which empower enterprises to discover, govern, manage, and secure the rapidly growing population of AI agents, from custom GPTs to MCP (Model Context Protocol) servers and autonomous AI services, with the same rigor as human and workload identities.

Organizations are embracing AI services at an unprecedented pace. For example, Moderna recently scaled from 750 to over 3,000 internal GPT-powered agents within a year . While these AI agents deliver productivity gains, they also introduce ungoverned identities that can access critical systems and data, creating extremely risky blind spots that undermine compliance and open the door to data leakage and compromise by attackers.

Token Security’s enhanced platform capabilities can automatically inventory all managed, home-grown and personal AI agents, assign human ownership, establish intent-based permissions access, and retire unused agents before they become security and compliance liabilities.

One early adopter of Token Security’s new capabilities is HiBob, a global HR technology company known for its comprehensive employee lifecycle management platform. HiBob’s security and AI task force faced the challenge of employees rapidly creating custom GPT agents and integrating them into the organization’s data repositories to streamline processes.

“Token Security’s new capabilities give us visibility we simply didn’t have before. We can now automatically identify and control custom GPT agents running in our environment and ensure the required security level,” said Tamir Ronen, Global CISO at HiBob. “Knowing that no AI agent is operating beyond our oversight means we can confidently accelerate our AI adoption, allowing our business to quickly evolve, which is a game-changer for both our security and growth.”

Legacy human-driven identity and access management (IAM) tools are not built to support these autonomous agents in terms of scale, velocity and variance.

“Enterprises are deploying AI agents for their most strategic and transformational projects, but security teams face massive challenges to secure this new type of identity with no existing controls and processes in place,” noted Ido Shlomo, Co-Founder and CTO of Token Security. “The Token Security platform is directly addressing this gap, enabling security, IT and IAM teams to get ahead of these AI-driven identity challenges by implementing identity lifecycle controls and measures for every AI agent in use.”

End-to-End AI Agent Identity Lifecycle Management

With this release, the Token Security Platform extends its machine-centric visibility, control, and governance to AI agent identities by providing the following capabilities and benefits

Continuous AI Agent Discovery: Automatically discovers and inventories every AI agent, custom GPT, and coding agent using MCP servers across hybrid multi-cloud environments, eliminating the risk of unknown access. This includes finding unknown shadow AI agents and unapproved deployments.

Automatically discovers and inventories every AI agent, custom GPT, and coding agent using MCP servers across hybrid multi-cloud environments, eliminating the risk of unknown access. This includes finding unknown shadow AI agents and unapproved deployments. Ownership and Lifecycle Governance: Assigns clear human and departmental ownership to each discovered AI agent, enforces authentication hygiene protocols, and retires or deprovisions dormant/orphan agents before they become long-term risks. By enforcing accountability and ownership, and tracking live agent access, the platform prevents “ghost” AI services from lingering with active access after their owners leave or projects end.

Assigns clear human and departmental ownership to each discovered AI agent, enforces authentication hygiene protocols, and retires or deprovisions dormant/orphan agents before they become long-term risks. By enforcing accountability and ownership, and tracking live agent access, the platform prevents “ghost” AI services from lingering with active access after their owners leave or projects end. Least-Privilege Access Enforcement: Continuously right-sizes each AI agent’s permissions according to the agent’s goal, consumers, and actions by enforcing strict Role-Based Access Controls (RBAC), least-privilege policies, and just-in-time access where appropriate. Excessive or unnecessary privileges are automatically detected and can be remediated in real time to minimize the attack surface.

Continuously right-sizes each AI agent’s permissions according to the agent’s goal, consumers, and actions by enforcing strict Role-Based Access Controls (RBAC), least-privilege policies, and just-in-time access where appropriate. Excessive or unnecessary privileges are automatically detected and can be remediated in real time to minimize the attack surface. Complete Audit Traceability: Log every action taken by AI agents across systems and multi-agent architectures to maintain an audit trail for compliance evidence and forensics investigation. Security teams can rapidly investigate anomalous AI behaviors or incidents with full context, ensuring no AI process operates outside of the allowed frameworks.

These new capabilities integrate with all major AI and LLM ecosystems, including OpenAI, Anthropic, AWS Bedrock, Azure OpenAI foundry, Glean and Microsoft 365 Copilot. Organizations can track the agents that have been created anywhere, map each agent’s access, and enforce security policies consistently across all platforms. This platform-agnostic approach provides enterprises the flexibility to develop AI agents using any mix of tools, and while maintaining centralized visibility, control, and governance.

“AI agents are quickly becoming a new class of workforce in the enterprise, but they require more complex identity lifecycle management than human users,” said Itamar Apelblat, Co-Founder and CEO of Token Security. “With these enhancements, the Token Security platform extends enterprise identity governance to autonomous AI. For the first time, security, IT, and IAM teams can manage AI agents throughout their entire lifecycle from discovery to deprovisioning while not interfering or changing the way organizations are creating and using AI agents. This ensures organizations can embrace AI innovation without sacrificing security or control.”

Availability

Token Security’s AI Agent Identity Lifecycle Management capabilities are available as part of the Token Security Platform. The company will showcase these new features and share customer use cases at the upcoming Gartner Identity & Access Management Summit . With this launch, Token Security is establishing its position at the forefront of identity-first AI security, helping enterprises safely scale their use of AI agents by ensuring complete visibility, access control, and governed lifecycles for every AI-driven identity.

Token Security accelerates secure enterprise adoption of Agentic AI by discovering, managing, and governing every AI agent and non-human identity across the organization. From continuous visibility to least-privilege enforcement and lifecycle management, Token Security provides complete control over AI and machine identities, eliminating blind spots, reducing risk, and ensuring compliance at scale.

Token Security is backed by Notable Capital, TLV Partners, SNR, and industry veterans, including Kevin Mahaffey, Founder of Lookout, and Shlomo Kramer, Co-Founder and CEO of Cato Networks. For more information: www.token.security .

