Hello,
Currently for a Personal Access Token to have access only to a specific company, it would have to be created by a user that is in that company.
So for example, if you are in Company A and you have a subsidiary company Company B, to have a PAT that has full access to ONLY Company B, you would have to login to a user that is in Company B and then create a token while logged in as a Company B user.