Token Custody

Expanded Definition

Token custody is the operational answer to a deceptively simple question: where do access tokens and refresh logic actually reside, and who can obtain, use, rotate, or retire them? In NHI and agentic AI environments, custody may sit inside an application, a broker, an identity platform, or a delegated control plane, but the governance duty does not move with it. That distinction matters because custody defines the blast radius if a token is copied, cached, or replayed outside intended boundaries.

Definitions vary across vendors when they describe token custody as merely storage, but NHI Management Group treats it as a broader control relationship spanning possession, retrieval paths, renewal authority, and revocation ownership. This aligns with the access and recovery disciplines reflected in NIST Cybersecurity Framework 2.0, even though NIST does not use the term token custody itself.

The most common misapplication is assuming that moving tokens into a broker eliminates risk, which occurs when teams relocate secrets without also defining custody boundaries, retrieval authorization, and retirement responsibility.

Examples and Use Cases

Implementing token custody rigorously often introduces workflow friction, requiring organisations to weigh tighter control over token access against the operational speed of delegated integrations.

• A SaaS connector uses a centralized broker to mint short-lived tokens for multiple apps, but only the broker team can retrieve refresh material and approve rotation.
• An AI agent accesses internal tools through a service token, while custody is enforced in a vault-backed policy layer rather than in the agent runtime itself.
• A developer platform rotates GitHub API tokens automatically, yet the security team retains custody approval and emergency revocation authority to prevent misuse.
• After a vendor integration is disabled, the organisation verifies that the token was not just deactivated in the app but fully retired at the custody source.

These patterns are not theoretical. NHIMG’s analysis of the Salesloft OAuth token breach shows how token possession outside the intended control plane can become the breach path. That same lesson applies in supply chain workflows, where token handling must be mapped to the access model rather than to the app that merely consumes it.

Why It Matters in NHI Security

Token custody is a governance control, not just a storage decision. When custody is unclear, tokens linger after offboarding, spread across systems, or remain reachable through stale automation. NHIMG’s 2025 State of NHIs and Secrets in Cybersecurity reports that 91% of former employee tokens remain active after offboarding, a stark indicator that custody and retirement are often not operationally linked.

That risk intensifies in agentic environments, where autonomous software may request, cache, or refresh credentials faster than humans can audit them. The relevant external control lens is NIST Cybersecurity Framework 2.0, especially around access control, recovery, and continuous monitoring, but the practical question is always the same: who can still reach the token after the original workflow no longer should?

NHIMG’s research also shows that 44% of NHI tokens are exposed in the wild, often in collaboration tools and code commits, which means custody failures frequently begin as routine convenience decisions. Organisations typically encounter token custody as an urgent issue only after a breach, token replay, or failed offboarding reveals that the real owner of the token was never clearly defined.

Related resources from NHI Mgmt Group

• Why is OAuth token management critical in cloud environments?
• How should organizations respond to OAuth token abuse incidents?
• How should teams respond when a service account token is exposed?
• What is the difference between token theft and privilege escalation in managed identity attacks?