Token Unveils Air-Gapped Biometric Authenticator at RSAC 2026 as Identity Attacks Surge

At a time when identity-based attacks are outpacing traditional defenses, Token is betting that the future of authentication lies entirely off the grid. At RSA Conference 2026, the company introduced the TokenCore Node, a compact biometric authenticator built for environments where cloud connectivity is not just undesirable, but prohibited.

The launch targets a growing segment of security-conscious organizations, including defense contractors, critical infrastructure operators, and regulated enterprises, where even the most secure cloud-based identity systems fall short of compliance or risk tolerance requirements.

A Shift Away From Credentials

For years, identity security has relied on credentials layered with additional controls like multi-factor authentication. That model is now under pressure. Attackers are increasingly bypassing MFA through phishing kits, session hijacking, and adversary-in-the-middle techniques. The rise of AI-driven automation is accelerating these attacks, allowing threat actors to scale credential compromise with unprecedented speed.

Token’s approach abandons credentials altogether.

Instead of passwords or one-time codes, the TokenCore Node ties authentication directly to a user’s biometric identity. The device performs all cryptographic operations locally, with no reliance on external services. Fingerprint data never leaves the hardware, and private keys are generated and stored on-device, eliminating the risk of credential theft or replay attacks.

“AI isn’t creating new weaknesses – it’s exposing the ones we’ve always had,” said Kevin Surace, Chief Executive Officer of Token. “The TokenCore Node brings easy-to-use cryptographic biometric identity assurance into air-gapped and classified environments for the first time. Organizations should not have to choose between the strongest authentication available and the constraints of their most critical systems. The shift is already underway, and the organizations moving now will be the ones best protected.”

Built for Zero-Trust, Without the Cloud

The TokenCore Node is designed for environments where systems are physically isolated from the internet. Unlike most identity solutions that depend on cloud-based verification or synchronization, the device operates entirely offline while still enforcing strong authentication policies.

Its hardware enforces proximity-based access, requiring the user to be within a few feet of the login endpoint. This prevents remote session hijacking and eliminates an entire class of phishing and relay attacks.

The device itself is engineered for portability and durability. Roughly the size of a coin, it includes an embedded fingerprint sensor, encrypted Bluetooth connectivity, and environmental resistance for everyday use across field and enterprise settings.

This local-first design aligns with broader zero trust strategies, but removes one of their biggest dependencies: constant connectivity.

Completing, Not Replacing, the Identity Stack

Token positions the Node as an extension of existing identity infrastructure rather than a replacement. The device integrates with IAM, SSO, and privileged access management systems, allowing organizations to strengthen authentication without overhauling their entire stack.

Alongside the Node, Token continues to expand its broader TokenCore platform, which includes wearable and portable biometric authenticators, as well as a management layer that can be deployed either in the cloud or on-premises.

This flexibility reflects a key reality in enterprise security: identity systems are deeply embedded and difficult to replace, but increasingly inadequate on their own.

The End of Phishable Authentication?

Security leaders are under mounting pressure to prove not just that access was granted, but that it was granted to the correct individual under the right conditions. That level of assurance has proven difficult with credentials that can be shared, stolen, or intercepted.

“Identity has become the single point of failure in modern security – and leaders know it,” said Katy Nelson, Chief Revenue Officer of Token. “Boards aren’t asking for more tools.

They’re asking can you prove who took the action – and could you have prevented it? In just the past two years, MFA and authenticator apps have been compromised more than 100,000 known times. It is no longer a fringe problem. It is an epidemic. TokenCore Node answers that with cryptographic proof of user presence, local key control, and biometric assurance that cannot be forwarded, phished, or replayed. The question is no longer whether organizations will move to biometric identity assurance, but how quickly they can get there.”

Token’s thesis is straightforward. If there is no credential to steal, there is no credential-based attack.

“TokenCore doesn’t make stolen credentials harder to use – it makes them useless,” added Surace. “Authentication requires a live fingerprint and physical presence. There is no credential to steal, and no attack path to replay.”

A Market Moving Toward Hardware-Backed Identity

The introduction of the TokenCore Node reflects a broader shift toward hardware-backed identity assurance. As attackers continue to exploit weaknesses in software-based authentication, organizations are looking for stronger guarantees rooted in physical presence and cryptographic isolation.

Biometric authentication is not new. What is changing is where and how it is enforced. By moving verification and key management entirely onto secure hardware, Token is aiming to remove the most common attack surfaces from the equation.

For high-security environments, that shift may not just be beneficial. It may be necessary.

As AI continues to amplify the scale and speed of identity attacks, the industry is being forced to rethink a fundamental assumption: that credentials can be protected.

Token is betting they cannot, and building a future where they no longer exist.