Token Security has launched Enzo, an AI-native application builder for identity security teams. The product is available to existing customers through the company's platform.
Enzo lets users describe a security task in natural language and create applications that use live identity data from cloud, software-as-a-service, on-premises, DevOps, and AI agent environments. The goal is to help teams move from identifying access and identity risks to acting on them through investigation, governance, and automated response.
The launch comes as companies face a growing range of identity issues tied to machine accounts and AI agents, alongside human users. Many security teams still rely on spreadsheets, tickets, scripts, and engineering support to address risky permissions, unmanaged identities, and access paths linked to AI systems.
Enzo sits on top of Token Security's existing identity security platform, which focuses on non-human and AI agent identities. The system uses live context on permissions, ownership, usage, and access relationships to support applications built inside the platform.
Early customer deployments have focused on practical workflow problems rather than broad analytics. Teams are using Enzo for access review and enforcement workflows, AI agent attack path engines, anomaly detection and remediation, enterprise AI adoption views, identity offboarding verification, and identity migration work tied to mergers and acquisitions.
One early user, PROS, used the tool to identify shared credentials and service principal reuse across environments. According to the company, that pattern would usually require substantial manual investigation and custom engineering work.
"Identity is the only control plane that successfully secures agentic AI," said Itamar Apelblat, Chief Executive Officer and Co-Founder, Token Security. "Enzo is how to operationalize it. With Enzo, security teams build the exact application they need to investigate risk, govern access, and take action, without waiting on engineering or vendor roadmaps."
Operational layer
Identity security vendors have spent years helping customers map permissions, discover human and machine identities, and flag access problems across cloud and software environments. Token Security argues the market has been weaker at remediation, with limited tools to turn visibility into direct operational control.
That argument is central to how the company is positioning Enzo. Rather than producing code snippets or static outputs, the builder is designed to create persistent applications that can be modified through natural language and shared across teams.
The applications run in a sandboxed environment with tenant isolation, scoped credentials, and audit logging. Enzo also inherits the same underlying security architecture as the broader Token Security platform.
PROS described the product as a way to address difficult identity questions without lengthy development work. The customer used Enzo to look for risky patterns involving credentials reused in ways that conventional reviews could miss.
"Enzo makes it remarkably easy to turn real identity security challenges into working applications. We were able to describe a practical problem, shared credentials and service principal reuse across environments, and quickly build logic that identified a risky pattern," said Vimalathithan Rajasekaran, Head of Information Security, PROS. "This is the kind of nuanced finding that is hard to detect manually and would traditionally take significant time to scope and operationalize. Enzo helps security teams move from visibility to targeted action."
AI identity
The launch also reflects a broader shift in security spending and product design as businesses adopt AI agents in day-to-day operations. Those agents often depend on identities, permissions, and credentials that require oversight in the same way as service accounts and other non-human identities.
Token Security argues that generic AI development tools cannot easily connect generated applications to live enterprise identity data across multiple environments. In its view, the challenge lies less in code generation than in secure access to the underlying systems and data needed for operational use.
That view was echoed by the company's technology leadership, which said the data layer and execution controls are the foundation of the new builder. The product draws on existing controls for tenant separation, credential scope, and real-time identity context.
"The hardest part of AI-generated applications isn't generating code, but securely connecting that code to sensitive enterprise systems and live identity data," said Ido Shlomo, Chief Technology Officer and Co-Founder, Token Security. "We have already solved the identity data layer, tenant isolation, credential scoping, real-time identity context, and secure execution boundaries in the Token Security platform. Enzo builds on top of that foundation and delivers extended value to our customers."