Methods, systems, and computer readable media for detecting stolen access tokens are disclosed. One example method for detecting stolen access tokens comprises: at a network function (NF) comprising at least one processor: receiving, via a transport layer security (TLS) connection and from a sender, a service request comprising an access token, wherein the access token includes ownership information indicating a TLS parameter for verifying an owner of the access token; determining, using the ownership information of the access token and TLS information in a TLS certificate obtained from the sender, whether the ownership information and the TLS information matches; and in response to determining that the ownership information and the TLS information do not match, rejecting the service request.