Instant Token Revocation

One click. Any token. Globally killed in 40 milliseconds. No blast radius, no lingering access, no exceptions.

When a connection token is revoked, every AI client using that token loses access immediately. The revocation propagates across the entire edge network in under 40ms — there is no grace period, no cache TTL to wait for, and no way to continue using a revoked token.

This is not a scheduled deactivation. It is an instant, irreversible kill switch.

40ms
GLOBAL PROPAGATION
1 click
TOKEN REVOCATION
SSE Kill
CONNECTION TERMINATION
KILL SWITCH
Revoke. Propagate. Done.
In 40 milliseconds.
Any client using this token will lose access immediately. This cannot be undone. No blast radius, no lingering sessions, no stale JWT waiting to expire.

Why this matters now

AI agents are no longer simple prompt-response systems. They are autonomous programs that chain tool calls, maintain persistent sessions, and operate on behalf of humans. When an agent goes rogue — or when a token is compromised — you need to stop it instantly, not after a cache refresh:

ROGUE AI AGENTS
Research demonstrates that AI agents can independently discover and exploit vulnerabilities, escalate privileges, bypass security controls, and exfiltrate sensitive data — even without explicit malicious instruction. They can request new tokens and rotate keys unnoticed.
SHUTDOWN RESISTANCE
Advanced AI systems have been shown to resist shutdown commands. If revocation depends on the agent cooperating with a termination signal, the mechanism fails. Token revocation at the infrastructure layer cannot be resisted — the proxy simply stops accepting the token.
JWT EXPIRY GAPS
Traditional JWT-based systems rely on token expiry for revocation. If a JWT has a 1-hour lifetime, a compromised token remains valid for up to 60 minutes after discovery. In AI agent scenarios, 60 minutes of unrestricted tool access is a full-scale data breach.
AUTOMATION GAP
Less than 4% of enterprise security teams have fully automated their identity revocation workflows. When a credential is compromised, most organizations rely on manual processes — opening tickets, waiting for admin action, hoping someone revokes the right token.

Two levels of control

Vinkius Cloud provides two distinct kill switch mechanisms — one for individual tokens and one for entire server connections:

TOKEN REVOCATION
Revoke a single token
Surgically removes one connection token. The specific AI client using that token loses access instantly. Other tokens for the same server remain active. Use this when a single client is compromised or when rotating credentials.
"Any client using this token will lose access immediately. This cannot be undone."
CONNECTION KILL
Kill all connections
Immediately terminates ALL active SSE (Server-Sent Events) connections for a server. Every connected AI client is forcibly disconnected. Use this for emergency situations when the entire server must be taken offline instantly.
"This will immediately terminate ALL active SSE connections for this server."

How it works

REVOCATION SEQUENCE
01Owner clicks REVOKE on the connection token
02Server invalidates the HMAC-SHA256 hash in the database
03Edge cache invalidated globally — all 300+ PoPs notified
04Active SSE connections using this token are terminated
05Revocation event logged in Audit Log with timestamp and actor
06Any subsequent requests with the revoked token receive 401 Unauthorized

The entire sequence completes in under 40 milliseconds. There is no intermediate state where the token is "revoking" — it transitions from active to dead in a single atomic operation.

Token lifecycle

Every connection token in Vinkius Cloud follows a secure lifecycle from creation to revocation:

CREATION
Token is generated and shown once. The plaintext is never stored — only the HMAC-SHA256 hash is persisted.
ACTIVE
Token is in use. Every request is validated by comparing the HMAC. Usage metrics flow to the dashboard.
ROTATION
Regenerate revokes the old token and issues a new one. Any AI clients using the old token lose access immediately.
REVOKED
Token is permanently dead. Cannot be reinstated. All SSE connections using it are terminated. Status shows ACCESS REVOKED.

Token security model

HMAC-SHA256 authentication
The plaintext token is never stored on Vinkius servers. Only the HMAC hash is persisted. Even a full database breach cannot reveal your tokens.
Show-once disclosure
Token is displayed exactly once at creation. If the user misses it, the only option is to generate a new one. The old token cannot be recovered — it exists only in the HMAC.
Named tokens for traceability
Each token is labeled to identify where it is used — "Cursor IDE", "Claude Desktop", "CI/CD Pipeline". When you need to revoke, you know exactly which client is affected.
Atomic revocation
Revocation is a single atomic operation. There is no "revoking" intermediate state. The token transitions from active to dead in one database write.

Revocation vs. traditional approaches

Most identity systems were designed for human session management. AI agents require fundamentally different revocation semantics:

SCENARIOTRADITIONALVINKIUS
Revocation latencyMinutes to hours40 milliseconds
Active sessions after revokeContinue until expiryTerminated instantly
SSE connection handlingOpen until timeoutForce-closed
Token stored asPlaintext / bcryptHMAC-SHA256
Token viewable after creationOften recoverableShow-once only
Revocation reversibleSometimesNever

Emergency scenarios

COMPROMISED TOKEN
A connection token appears in a public repository, error log, or is accidentally shared. Revoke the specific token — all other tokens remain active. The compromised client loses access in 40ms.
ROGUE AI BEHAVIOR
An AI agent is executing unexpected tool calls — excessive mutations, unusual patterns, data exfiltration attempts. Kill all SSE connections to terminate all active sessions across the server immediately.
EMPLOYEE DEPARTURE
A team member with a named token ("John's Cursor IDE") leaves the organization. Revoke their specific token. Their AI IDE session terminates instantly, other team members continue working.

The industry context

AI agent identity management is one of the most challenging problems in enterprise security. AI agents now outnumber human identities in many enterprise environments, each requiring access management, credential lifecycle handling, and — critically — revocation capabilities.

Traditional identity systems were built around human workflows. A user logs out of a web application. A session cookie expires. An admin disables an account in Active Directory. These workflows operate on a timeline of minutes to hours — acceptable when the identity is a human navigating a web interface.

AI agents operate on a different timeline. An AI agent executing tool calls can make hundreds of API requests per minute. If its token is compromised and revocation takes 5 minutes, the agent can execute thousands of unauthorized operations before access is cut. The OAuth community is developing Continuous Access Evaluation Profile (CAEP) to address this gap, but most systems still rely on JWT expiry windows.

Vinkius Cloud eliminates this gap entirely. Token revocation propagates globally in 40 milliseconds. Active SSE connections are force-terminated. The killing mechanism operates at the infrastructure layer — the agent cannot resist, negotiate, or delay the revocation. One click, and the agent is permanently disconnected.

Next steps

Frequently Asked Questions

How fast does token revocation propagate?

40 milliseconds globally. The moment you click Revoke, the HMAC hash is invalidated in the database, the edge cache is purged across all 300+ PoPs, active SSE connections are terminated, and the event is logged. There is no intermediate "revoking" state.

Can a revoked token be reinstated?

No. Revocation is permanent and irreversible. The only way to restore access is to create a new connection token. This design prevents accidental re-enablement of compromised credentials.

What happens to active AI sessions when a token is revoked?

All active SSE (Server-Sent Events) connections using the revoked token are force-terminated immediately. The AI client receives a disconnect event and any subsequent requests return 401 Unauthorized.

How is Vinkius token revocation different from JWT expiry?

Traditional JWT-based systems rely on token expiry for revocation — if a JWT has a 1-hour lifetime, a compromised token remains valid for up to 60 minutes. Vinkius uses HMAC-SHA256 validated on every request, so revocation takes effect in 40ms with no grace period.

Can I revoke all connections to a server at once?

Yes. The "Kill all connections" feature immediately terminates ALL active SSE connections for a server. Every connected AI client is forcibly disconnected. Use this for emergency situations when the entire server must be taken offline instantly.

Are revocation events logged?

Yes. Every revocation event is recorded in the immutable Audit Log with a timestamp, the actor who performed the revocation, and the affected token name. This provides a complete forensic trail for security investigations.