GitLab's personal access tokens (PATs) authenticate automation, often with broad permissions like "api" or "read_api". These broad permissions can expose multiple projects to security risks if a token is compromised. Fine-grained PATs, now in beta, allow users to restrict token access to specific tasks and resources. This approach limits the "blast radius" of a potential breach by scoping permissions more narrowly. Users can define these tokens based on reach (personal projects, all projects, or selected projects) and the actions allowed (create, read, update, delete). Previously, a single token granted access to all resources; fine-grained PATs issue tokens per job with precise permissions. Token tables have been updated to display scopes and permissions, improving auditability and identifying over-privileged tokens. Currently, fine-grained PATs cover around 75% of REST API endpoints, with plans to expand coverage. Users can create both traditional and fine-grained PATs during the beta period. To create these tokens, users navigate to their settings and select "Fine-grained token." Feedback is encouraged to help refine this feature and promote least-privilege security practices.