Token Security Enters the AI Agent Security Market with Intent-Based Controls

Token Security, an identity security company, announced this week an expansion into AI agent protection with a new intent-based controls approach. The system governs autonomous agents by aligning their permissions with their declared intended purpose — if an agent was provisioned to handle customer support, it should not have access to financial records, regardless of what an LLM decides to request.

The approach is identity-native: Token Security builds on the observation that AI agents interact with enterprise systems through service accounts, API credentials, and cloud roles — the same infrastructure identity security already manages. Rather than building a new enforcement layer, the company argues that governing agent identity is sufficient to govern agent behavior.

The announcement reflects a broader trend of established security vendors expanding into the agentic AI space. Alongside Token Security, Kore.ai launched its Agent Management Platform this week, and NVIDIA announced the Agent Toolkit with the OpenShell open-source runtime as a safety and security component.

The AI agent security market is consolidating quickly. What was a niche space in early 2025 now has entrants from identity security (Token Security), observability (Galileo), enterprise AI platforms (Kore.ai), and dedicated runtime security (SupraWall, Jozu, Straiker).