At RSAC Conference 2026, Token Security co-founders Itamar Apelblat and Ido Shlomo explain why governing AI agents starts with identity -- and why the old approaches to access management were never built for agents that forget everything between sessions. If your organization has already deployed AI agents, this conversation will make you ask: do you actually know where they are?
Most organizations are not waiting for permission to deploy AI agents -- they are already in production, often without a clear picture of what those agents can access or who is accountable for them. Token Security was built specifically for this moment, and being named an RSAC Conference Innovation Sandbox finalist is confirmation that the market is catching up to the problem the company has been solving since 2023.
Itamar Apelblat, co-founder and CEO, and Ido Shlomo, co-founder and CTO, came out of Israel's elite intelligence unit 8200 -- Apelblat from the defensive security side and Shlomo from offensive cyber operations. That shared background, and 17 years of partnership, shapes how Token Security approaches a problem that most identity vendors have not yet reckoned with: AI agents are not humans, and they are not standard machine identities either.
The core concept is intent-based access management. Rather than looking at an agent's historical behavior and extending permissions based on the past, Token Security asks: what is this agent supposed to do? What is its purpose? Restrictions are then built around that intent. As Apelblat explains, agents are non-deterministic -- they will pursue a goal through whatever path is available, including ones you did not anticipate or want. Locking down access based on intent rather than history is the only approach that holds.
Shlomo adds a dimension that makes the risk concrete: an AI agent forgets everything between sessions. Every interaction starts fresh. That means it does not remember a previous attack attempt. A sophisticated adversary who manipulates an agent today can try the exact same technique tomorrow. Combine that with the agent's relentless drive to satisfy its directive -- even to the point of deleting data or modifying infrastructure if that is what it takes -- and the case for an isolated, intent-scoped perimeter becomes clear.
The customer journey at Token Security almost always begins after deployment. Organizations arrive saying, in effect: we think we have agents out there, can you help us find them? Visibility comes first -- discovering what agents exist, understanding their usage, mapping ownership, managing lifecycle. Policy enforcement comes after. Critically, Token Security achieves this without sitting as an inline broker. The platform connects to both the agent platforms and the business applications those agents reach, creating enforcement at both ends without introducing friction into developer workflows.
Apelblat frames the architecture in terms of micro agents: purpose-specific, narrowly scoped, each with a well-defined role. Not one agent doing everything -- thousands of focused agents, each constrained to exactly what it needs. Shlomo puts the business case plainly: an agent with properly managed identity is not a chatbot, it is a member of a digital workforce. Get identity right, and the productivity multiplier is enormous. Get it wrong, and a single compromised agent can cascade across every connected system it touches.
This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight
GUESTS
Itamar Apelblat, Co-Founder & CEO, Token Security
https://www.linkedin.com/in/itamar-apelblat/
Ido Shlomo, Co-Founder & CTO, Token Security
https://il.linkedin.com/in/ido--shlomo
RESOURCES
Token Security website: https://www.token.security/
Are you interested in telling your story?
▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full
▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight
▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight
KEYWORDS
Itamar Apelblat, Ido Shlomo, Token Security, Sean Martin, Marco Ciappelli, brand spotlight, brand marketing, marketing podcast, brand story, AI agent security, AI agent identity, non-human identity, NHI security, intent-based access management, privileged access management, zero trust, RSAC Conference 2026, Innovation Sandbox, identity lifecycle management, agentic AI security, cybersecurity
Giving AI Agents an Identity -- and a Leash | A Brand Spotlight at RSAC Conference 2026 with Itamar Apelblat and Ido Shlomo of Token Security
[00:00:10] Marco Ciappelli: Day two or three -- I kind of lost it. He's looking at me.
[00:00:17] Sean Martin: Camera's on you. Do you want to start?
[00:00:19] Marco Ciappelli: I already started. You know what, let's take it from the beginning. Something exciting happened here for you guys -- the company has been going on for about two and a half years, but you got recognized for the hard work. The Innovation Sandbox.
[00:00:57] Sean Martin: Finalists for the Innovation Sandbox. Very good.
[00:00:58] Itamar Apelblat: Yeah. That was a big moment for us. At the beginning of the Innovation Sandbox event, they had a video on screen of all the companies from 2007 that were part of it. You've seen some crazy logos there -- SentinelOne and some really amazing brands. It was fun to be a part of it.
[00:01:22] Marco Ciappelli: And now you're looking there and there is Token. Maybe in a few years that's going to be you.
[00:01:30] Ido Shlomo: There are just a few chances in life to feel like a true rockstar. I saw my partner -- this guy is like my brother for almost 17 years. Seeing him on stage and then opening our booth -- we got swarmed. We had 10 teammates there and nobody could take care of everybody coming to us, asking what Token does and how we are approaching this amazing challenge of AI security.
[00:02:00] Marco Ciappelli: Let's get to know you a little, and then get into the company.
[00:02:06] Itamar Apelblat: Sure. I'm from Tel Aviv. I met Ido 17 years ago -- we served in the same unit in the 8200. I was on the security side, building security products for a decade. I had the resources to solve whatever problems they cared about, and that was in the space of identity, so I had a lot of passion for that. This is my second company, and when I started thinking about the next adventure, it was clear I needed to do it with my best friend.
[00:02:44] Ido Shlomo: My side was exactly the same unit but 180 degrees from there. I was an offensive cybersecurity operator for almost 13 years -- an officer and commander of larger organizations that did what people at RSA Conference would call nation state hacking. I was the nation state. Then Itamar and I looked at what we are really good at: identity security, privileged access management. We gave it a little bit of a twist. Almost three years later, it's an exploding field -- AI agent identity security. That's pretty insane for us.
[00:03:29] Sean Martin: Not many people thought too much about the identity part of the agents. It was all about the orchestration and access to data and building workflows and taking on tasks. But, by the way, this is all on behalf of somebody or something in the business. So what stood out for the judges at the Innovation Sandbox? What makes Token Security unique from their perspective?
[00:03:55] Itamar Apelblat: Right now organizations are pushing AI -- everyone wants to add AI agents. But it's just another type of workforce that we need to protect, another type of identity. What the judges really loved about Token Security is that we didn't treat it as another human identity or another machine identity. We went back to basics and asked ourselves what is special about AI agents. On one hand they're non-deterministic -- they're acting, they're goal-oriented, but they're also taking actions at a much larger scale. We took those two components and created identity security programs and capabilities based on that. What was really special is intent-based access management -- looking at agents and trying to understand what they mean to do, what their purpose is, and then creating restrictions based on that. You cannot just look at the past and say this identity did X, Y, and Z, so that's what it needs to do in the future. AI will try to achieve its goal in many different ways. So how can you restrict it based on that?
[00:05:09] Marco Ciappelli: I'm imagining this AI agent having a fake idea to go to the bar and get a drink. You need to classify them -- they need to have an ID. That's what you guys are doing.
[00:05:22] Ido Shlomo: You can look at an AI agent as that employee whose entire life's purpose is to satisfy you, and they will do everything -- including the things you don't want them to do -- just to get to that goal. So faking an ID just to get to the bar -- if you told it to go to the bar, it will go to the bar. Even if it's disallowed. Even if it needs to delete your data or make changes to your infrastructure. We talk a lot about cybersecurity from the perspective of adversaries taking advantage of agents, but intent-based access management is more than that. It's not only the risk of a cybersecurity threat materializing in your networks -- it's also the fact that agents are very unexpected, because they have such a huge drive to satisfy and get to their goal.
[00:06:27] Ido Shlomo: I think it's a contrarian position, but I think it's only good. We are living in the best time in history to build stuff. Things are moving so fast. We see the top 50 organizations in the world saying: let's deploy this AI platform for all of our employees. Let's give everyone access to this because it would make them superhuman -- like the Iron Man suit, giving them superhuman capabilities. There's a lot of positive to it. We try to eliminate the negative as much as we can.
[00:07:06] Sean Martin: We give the individual an army they can manage on their behalf. I've been in this space for so long, I immediately think we've been doing stuff like this for years -- APIs, microservices, connecting systems together. The difference with an agent is it's given a directive, not just a connection. So how do organizations think about that -- are they stuck in API world?
[00:07:41] Itamar Apelblat: They're looking for guidance right now. They're trying to figure it out, building their own AI discipline. Not all AI agents are equal -- you can have agents running in production serving your customers and agents that are personal for productivity use cases. For each one there's a different threat and a different way of thinking about it. People are now trying to understand: how do I deploy agents in my environment in a secure way? That's what we help with.
[00:08:27] Sean Martin: It sounds like you're approaching it from the way the agents are meant to be used, not just from a control perspective -- not just wrapping it with controls, but back to the intent piece. What is it supposed to do? What is it not supposed to do? And putting parameters around that.
[00:08:46] Ido Shlomo: The movement we're bringing to the market really resembles what people tried to achieve with the zero trust movement a few years ago -- eventually people need to do things, at a certain point in time, with a certain action. That should be allowed. It should be smooth. AI is still such a new process. You can't 100% trust it to do anything it can. You need to give it a playing field to make sure it executes exactly what you want. Balancing extreme productivity on one end and, on the other hand, only the right place, only the right time, only the right action.
[00:09:32] Marco Ciappelli: Give me a case study on how you interact with a client. They come to you and say, I want to deploy a bunch of agents. Then what happens?
[00:09:48] Itamar Apelblat: Usually customers come to us and say: I think I already deployed some -- can you help me understand where they are and what's going on with them? The force is much bigger than the security team. CISOs don't want to become a blocker -- they want to allow the organization to use this amazing technology and empower the business. So they come to us saying: we deployed some agents, we want to take it to the next level. It always starts with visibility: do I have agents? How are they being used? By whom? Who is accountable for this agent? How do I manage the lifecycle of those agents? And then start to enforce policies and restrictions. That's usually the journey we see with customers.
[00:10:50] Sean Martin: I was having a conversation this morning with a couple CISOs about how to take security and actually make the business succeed -- not stay in the department of No or focus completely on compliance. How does what you do with Token Security allow customers to take advantage of everything AI has to offer, with guardrails that are not actually constraining the agents too much?
[00:11:30] Ido Shlomo: We need to look a bit into the future. When identity is figured out in an organization for employees, their access to systems is smooth -- they can work, execute the tasks they want, the entire workflow works for them. The identity team gives the agent its entire context. An agent without an identity is just a chatbot with academic knowledge. An agent with access to files, documents, with the ability to send emails and messages -- that's a smart agent that can actually perform tasks. If we get identity right for agents, you could stand up an agent that is part of a digital workforce or automation that makes you 100 times more productive as a single person. There is a massive upside to getting identity right.
[00:12:40] Sean Martin: Is there a way that people need to think differently about an AI agent identity versus a human identity -- in terms of profile, directive, and that kind of thing?
[00:12:52] Itamar Apelblat: Absolutely. Someone once told me an AI agent is like a junior developer. I think now it's already surpassed that -- but it's not one junior, it's thousands of juniors. The level of mistakes is higher. The level of autonomy could be higher. You can really scale this. We need to think about AI agents like microservices -- micro agents, each responsible for a specific role and specific purpose. Not one agent that does everything. Create a much stronger description and understanding of what this agent is supposed to do, and then create restrictions on top of that. First, understand the goal and create a very clear and concise purpose for each agent.
[00:14:00] Marco Ciappelli: Once you put identity on them, you know who they are and what they're supposed to be doing. What happens when there is an attack and an agent starts behaving unexpectedly?
[00:14:26] Ido Shlomo: Even though agents are kind of human in spirit, they're not humans -- they are very susceptible to things we already know. An agent is a kind of genius savant, but it has major psychological limitations. Think about the movie Rain Man -- it's a process that does everything possible to get to a certain task. By the way, it forgets everything between sessions. Every time you talk to it again, it doesn't remember that you tried to attack it before. It keeps on serving you and advancing toward what you ordered it to do. As an attacker, manipulating agents could be very, very easy. Since the AI ecosystem is statistical and non-deterministic, you need safeguards. You need to put the agent inside a bubble -- an isolated perimeter -- where it can't access everything it wants. It needs access based on the intent of what it truly needs to do. Then even if an attacker compromises an agent, it is limited to only what that agent should have done. That reduces the problem to what we solved with human identity -- and that's a kind of solved problem in the world today.
[00:16:04] Sean Martin: Where does Token Security fit in, in the grand scheme of creating, deploying, connecting, and orchestrating agents across the business? Some come to you wanting help. Others come after they have already deployed everything. What's the ideal scenario for getting identity wrapped into all of that?
[00:16:36] Itamar Apelblat: Our entire philosophy is to create a seamless experience for the agent builders. We don't want to create more friction for them. Right now we're in the phase of: let's adopt this AI agent technology, but give back the controls for identity and security. The way we do that is by connecting into the agent platform where agents are running from -- and it's always changing, new technologies at a very fast pace -- and to the business applications the agents are trying to connect to. We create restrictions and enforcement on top of that. But we're not a broker that sits in the middle, because we don't want to create friction. We hold both sides.
[00:17:23] Marco Ciappelli: Very cool. I'm sure a lot of people will have an illumination after this and think: yeah, maybe I'm exactly in that situation and I need to talk to these guys.
[00:17:48] Sean Martin: Ido, Itamar -- it's a pleasure to meet you and to see you again. Congratulations on being recognized for the Innovation Sandbox. I know you've produced some reports and research we didn't get to touch on much here, but we'll point folks to that data and make sure they connect with you.
[00:18:12] Ido Shlomo: The Token Security website is an awesome resource -- www.token.security -- great knowledge for everybody interested in securing AI agents.
[00:18:24] Sean Martin: Perfect.
[00:18:26] Marco Ciappelli: Thank you. I look forward to more conversations with you.
[00:18:31] Sean Martin: Thanks everybody.