Most likely you are correct and HTML token is being saved within output cache. AntiForgeryToken is not Kentico proprietary, but it is using standard .NET implementation. You could as well get to it by plain HTML.AntiForgeryToken(). So this is something that would happen across the board on any .NET application
I will quote an answer from stackoverflow post " Caching nicely caches the answer, including the value of the AntiForgeryToken. Disable caching on forms, and in particular on pages that use AntiForgeryToken. If you think about this further, if you're in a data-entry app, do you want to cache your data-entry forms? Probably not. However you do want to cache heavy reports -- even if it's just micro-caching -- a second or two."
For your use case, I would rather suggest using CORS header as a protection. You are submitting AJAX request from your web site to your web site so this request should be accepted only from single source domain. Yours. This way you can prevent forged request coming from outside parties. It can be done on IIS or via various packages.
This article covers more on token usage and possible pitfalls.