diff --git a/msal/application.py b/msal/application.py
index f6486f88..7a46fe56 100644
--- a/msal/application.py
+++ b/msal/application.py
@@ -1386,6 +1386,9 @@ def _acquire_token_silent_from_cache_and_possibly_refresh_it(
                 if expires_in < 5*60:  # Then consider it expired
                     refresh_reason = msal.telemetry.AT_EXPIRED
                     continue  # Removal is not necessary, it will be overwritten
+                if key_id and entry.get("key_id") != key_id:
+                    refresh_reason = msal.telemetry.AT_ABSENT
+                    continue  # If the Key_Id is not matching, then it is not the token we are looking for
                 logger.debug("Cache hit an AT")
                 access_token_from_cache = {  # Mimic a real response
                     "access_token": entry["secret"],