Every year, security and tech leaders come to the RSA conference in San Francisco to take the industry’s pulse, and every RSAC tends to be dominated by a single, overarching theme. Last year, the theme was: “AI agents are coming, and governance isn’t ready.” And sure enough, the theme of RSAC 2026 was: “AI agents are here, and governance needs to catch up.”Throughout the conference, security practitioners, vendors, and analysts were all asking the same questions:How can we enable a culture of agentic AI builders, without compromising on bedrock security principles?How can we mitigate the potential for AI agents to behave unsafely, either via malicious compromise or their own nondeterministic nature?What are the most impactful safeguards every organization should be putting into place to secure AI and automation in the next year?1Password provided answers to those urgent questions at RSA. Prior to the event, we announced the release of 1Password® Unified Access, a new platform that help

If 2025 was the year of AI adoption, 2026 is when AI evolves from a software story to a people story. Katya Laviolette, our Chief People Officer, explored this idea in a recent Forbes article about how 1Password’s internal network of AI Champions is shaping this evolution and helping us set the standard for how we use AI to drive impact across 1Password.AI tools help us move faster, but it takes curiosity and judgement to unlock their full value, build new ways of working, and to deliver meaningful outcomes for our teams and customers. That’s why we’re investing in a culture of AI fluency shaped by people across the business, brought to life through our AI Champions.Who are AI Champions at 1Password?AI Champions are internal advocates for AI adoption who guide us as we make AI fluency, security, and experimentation part of our daily work. They’re critical thinkers from both technical and non-technical departments, including Product, Tech, Marketing, Go-To-Market, and Finance, who are p

Enterprise password managers (EPM) like 1Password, LastPass, Dashlane, and Bitwarden help you create, store, and fill strong passwords and credentials across different websites and apps, so you don’t have to remember or write them down. EPMs provide secure sharing, data encryption, and data breach prevention against phishing and malware, helping IT and Security teams protect and enforce policies around credentials.While there are many EPM options, choosing the best password manager can be a challenge. A side-by-side comparison helps you see which is best for your organization’s cybersecurity strategy.If you’re comparing 1Password and Keeper, it helps to start with what both products are built around: an Enterprise Password Manager (EPM). EPMs are how both platforms store, share, and enforce policies around credentials. They’re the foundation for each vendor’s broader security strategy. Below is a comparison of core features many organizations consider essential for protecting employees

Enterprise password managers (EPM) like 1Password, LastPass, Dashlane, and Bitwarden make it easy to create, store, and use strong passwords across websites and apps. With features like secure sharing, data encryption, and protection against phishing and malware, these tools help IT and security teams keep credentials safe and enforce company policies.With so many EPM options available, choosing the right one can be difficult.Comparing features, security measures, and usability side by side can help you determine which password manager best aligns with your organization’s cybersecurity requirements.If you’re comparing 1Password and LastPass, it helps to start with what both products are built around: an enterprise password manager that stores, encrypts, and helps manage credentials across your organization.Both platforms cover the fundamentals: generating strong passwords, enabling browser autofill, and securely storing sensitive information such as login credentials and credit card de

We built 1Password® Unified Access to extend identity security beyond humans to the agents and machine workloads operating across your business. In practice, that means securing not just who gets access, but how agentic systems connect to tools, services, and data.That makes the MCP gateway a critical control point. It sits between AI agents and the systems they need to reach, making it the natural place to enforce policy, visibility, and governance. But in many deployments, it also becomes the place where credentials accumulate, moving secrets out of the vault and into the platform.That is the problem 1Password and Runlayer are solving together. With this integration, enterprises can keep their machine credentials in 1Password, resolve them only at runtime, and audit every fetch and rotation without exposing the secret itself.If your team has adopted an MCP platform to centralize how AI agents access tools, you've probably solved one problem and created another.Before the MCP platform

Identity establishes trust. The next problem is how that trust is used.In June 2025, Microsoft patched EchoLeak (CVE-2025-32711), a zero-click vulnerability in Microsoft 365 Copilot that allowed an attacker to exfiltrate sensitive enterprise data, including API keys, confidential documents, and internal conversation snippets, without human intervention.The attack was deceptively simple. An attacker sent a normal-looking email with hidden instructions embedded in it. A human would not notice them, but the model could interpret them. The email remained dormant until Copilot later pulled it into context for another task. At that point, the instructions triggered, and the agent used the victim’s existing permissions to retrieve and disclose sensitive information.The specific vulnerability matters, but the broader lesson matters more. A system can authenticate correctly, authorize correctly, and still produce the wrong outcome.Microsoft patched EchoLeak before it was publicly disclosed. Sin

Hi! I'm Ollie Cheal, VP of Go-To-Market (GTM) in EMEA at 1Password.If you’re exploring your next role in GTM, I’d love to give you a look at what we’re building here and why it’s such an exciting time to join. Right now, our mission is clear, the stakes are high, and our people are all in to win. With that in mind, let me share why this moment matters and what it takes to thrive on this team.Why this moment mattersThe biggest technological shift of our lifetime is happening right now, and 1Password is perfectly positioned to bring out the best for our customers. 1Password is helping organisations around the world to unlock productivity benefits without losing trust, safety, or control, as AI reshapes how work gets done, how decisions are made, and who (or what) gets access to our customers' data.It's an enormous opportunity, and we have both the foundation and the products – from Unified Access and Enterprise Password Manager to SaaS Manager and Device Trust – to shape how the EMEA mar

Introducing our Users API for Partners in public preview and new Security Automation integrations that enable SOC teams to execute programmatic user actions within automated workflows in 1Password Enterprise Password Manager.Modern security teams increasingly rely on integrated security operations center (SOC) workflows that correlate signals and alerts, while orchestrating detection responses in real time. Behind every alert is an identity: a person, a service account, an API key, or an AI agent. However, when remediation requires manual steps, investigation and response slows, increasing security risks. Organizations are also expected to maintain continuous compliance via clearly enforced access controls and auditable processes. Today, 1Password is expanding the 1Password Enterprise Password Manager (EPM) through the public preview of the Users API for Partners, enabling security teams to respond to incidents faster during active security events. Powered by the Users API for Partners

Modern enterprises aren’t just adding employees; they’re adding subsidiaries, multiple teams, contractors, AI builders, temporary projects, and new SaaS tools every week.And every new addition to a company’s ecosystem also brings more credentials to manage. Unfortunately, not all of those credentials can be managed by solutions like single-sign-on (SSO) or privileged access management (PAM). Many of them might be stored in shared spreadsheets, developer environments, browser sessions, and automation workflows that traditional identity security systems were never designed to govern.This results in identity sprawl, operational drag, and an overall widening of the Access-Trust Gap. In the face of this ever-expanding attack surface, security leaders are left struggling to deploy credential security across every team and workflow, without having to build more infrastructure just to manage their infrastructure.In light of these issues, today we’re introducing a new evolution for 1Password En

Agentic AI is changing how work gets done inside organizations. It’s embedded in IDEs and automation tools, and it’s showing up in browsers, internal workflows, and everyday productivity apps. Developers are using AI agents to accelerate engineering work, while knowledge workers are vibe coding apps without training on developer security practices, all of which create untenable risks for organizations. That shift has real implications for identity and access control. For years, identity security centered on login: authenticating the user, establishing a session, applying policy, and assuming authority for the duration of that session. That model worked for human access, but it breaks down when credentials are used by local AI agents, automation scripts, CI/CD pipelines, and AI-native tooling. In this new reality, authority shouldn’t be decided once at login and then trusted all day. It should be confirmed right when access is requested, every time a credential or secret is used. That’s

Automating user provisioning sounds simple, until you remember everything that provisioning really touches.For most SaaS products, SCIM is “just” user and group lifecycle management. Your identity provider calls an API, accounts get created, access is assigned, and offboarding removes it. But for 1Password, provisioning intersects with something far more sensitive: the cryptographic foundation that protects every vault.1Password is end-to-end encrypted by design. We do not hold your encryption keys and cannot see your vault contents. This provides a powerful guarantee that even if 1Password’s servers were to be compromised, your data would remain unreadable, as the keys required to decrypt it are never accessible to us. That model is why customers trust 1Password with their most sensitive credentials, but it also makes automation genuinely hard. After all, how can we automate provisioning inside a zero-knowledge platform, without reintroducing trust in the server?That is the problem Au

Women’s History Month is a time to recognize the women who are not only advancing their fields, but reshaping what leadership means within them. The theme guiding this year’s Women at 1Password Employee Resource Group (ERG), Leading the Change: Women Shaping a Sustainable Future, reflects that responsibility.One of the women leading that change within 1Password is Nicole Scherbina, Senior Staff Manager of Product Operations and a leader within our Women at 1Password ERG. Her perspective on leadership, equity, and readiness reflects the kind of intentional impact we’re committed to building.Take a few minutes to get to know Nicole and the journey that shaped her leadership. Can you share a bit about your career journey and what led you into product operations? Was this a path you always envisioned?My career has been shaped by a few themes, but the most relevant one is making order out of chaos. I’ve worked across very different environments and in organizations of different sizes and st

SaaS contract renewals have a way of sneaking up on IT and Finance teams. One day, everything is running fine. The next, a renewal notice hits your inbox, usually with little context, limited time, and no clear answer to the most important questions: Who’s using this? Do we still need it? And are we paying for more than we should?For many organizations, renewals are reactive events instead of strategic decisions. That’s how SaaS spend compounds.The problem isn’t negotiation skills or vendor management. It’s that most teams don’t have the visibility they need into spend and usage when it matters most.Why SaaS renewals are so hard to manageRenewals should be straightforward. In reality, they’re anything but. It’s almost never easy or straightforward to get answers to the questions asked as part of the renewal process. There are a few simple reasons why: Usage data is fragmented or missing entirely. Finance has contracts and knows the total spend. IT knows some of the apps in use. But rar

Lean teams are under constant pressure to move faster: more SaaS, more automations, and more AI woven into daily work. People sign in more often, across more apps, on more devices, and they’re rewarded for speed, not caution.That’s how browsers quietly become the default place where business credentials live. Even if a business invests in a password manager or privileged access management (PAM) for its developers or senior employees, most of its workforce may still save their passwords in the browser. After all, Chrome, Safari, and Firefox make it easy to save, autofill, and sync passwords. For individuals, that’s convenient. For organizations, it’s a trap.Here’s the hard truth: Browsers aren’t strategies, they’re stopgaps. If the browser is your vault, you don’t have a credential strategy; you have a convenience default. And at business scale, convenience defaults create blind spots you can’t govern, audit, or control. Those risks are only increasing as AI expands the number of sign-i

AI and automation are embedded in daily work. Copilots draft content and pull in customer context. Agents triage tickets, update records, and trigger workflows across Slack, Salesforce, Jira, and GitHub. In engineering, this acceleration shows up in scripts, CI/CD pipelines, and infrastructure automation that depend on secrets to ship and operate software.Many organizations rely on a mix of sign-in and privileged access controls to standardize logins and secure connected apps. But these systems stop at what can be federated and do not govern the long tail of SaaS apps, shared accounts, or credentials created in automation and AI workflows. Business-led IT makes this unavoidable. Teams adopt tools quickly, often outside centralized reviews or identity provider integration.Agentic AI compounds the gap. Developers and AI builders generate API keys, tokens, service accounts, and agent secrets. Browser-based agents still use usernames and passwords. Credentials spread into browsers, spreads

In Formula 1® preparation isn’t optional, it’s everythingWhether you’re traveling to the circuit or hosting a watch party, race weekend means bouncing between devices, signing in fast, and clicking links quickly. The last thing you want is to reset a login at lights out. So if you share the streaming link, watch telemetry tabs on a second device, or keep the group chat on track, this blog is for you.This 10-minute security checklist is built to help you secure streaming accounts, travel info, and all your race-day devices so you can rev up to speed before the race starts.Pre-race password inspection: 2 minutesPole position accounts: 3 minutesShare smarter: 2 minutesMulti-screen test: 2 minutesVictory lap: 1 minuteStep 1: Your pre-race password inspectionScammers count on the urgency you feel to rush to the starting line, because they know that mistakes happen when you’re in a hurry. In a 1Password survey of 2,000 American adults, 89% said they have encountered phishing, and 61% said th

There’s a moment every IT and security team recognises. You’ve done the hard work: rolled out SSO, tightened access policies, and moved sensitive tools behind stronger authentication. On paper, it looks like progress.Then reality shows up in the form of a “quick login” from a personal laptop, a contractor device you don’t manage, or a machine that hasn’t been updated in months. Suddenly, your access decision is only as strong as the device behind it.In EMEA, it’s particularly challenging to be confident in your device security policies because device posture has to meet stricter expectations. Organisations need to secure unmanaged devices and manage compliance drift while also navigating privacy reviews, procurement scrutiny, and the expectation of a localized user experience that won’t trigger a flood of support tickets. But for EMEA teams, GDPR requirements and the absence of EU data hosting has created real barriers to adopting device security tools.EMEA-based teams deserve device s

For security and IT professionals, the past decade has brought a series of tectonic shifts that have toppled old assumptions and created new opportunities. First, the SaaS revolution destroyed the paradigm of an IT-governed corporate network. Next, COVID-19 forever altered how and where work gets done. Then, the biggest shockwave of them all arrived: AI-based tools that are rewriting the very definition of “identity.”Today, the traditional boundaries of the corporate network have dissolved. As organizations race to adopt cloud-native tools and integrate artificial intelligence into every workflow, the "identity perimeter" has become the primary line of defense. 1Password is working to secure this perimeter. Our framework for identity security is that the right user or AI agent gets the right access to the right app on the right device.In a recent webinar and report, Francis Odum, founder of Software Analyst Cyber Research, provided a comprehensive validation of 1Password’s strategic di

When you build a great company, a few things happen: customers trust you, they stay with you, and they bring you along as they grow. From there, revenue grows, relationships deepen, and you end up with something you can be proud of. That’s the lens I’m bringing into 2026 at 1Password.The opportunity in front of us is bigger than ever. The companies shaping our industries and culture are logging in with 1Password, and they’re trusting us with their most important business interactions. That level of trust, at scale, is what creates durable growth, and we intend to earn more of it. We have big ambitions to develop a world-class team, lead the identity security space, and keep raising the bar on how we show up for customers.We’re building lasting customer relationshipsOur growth engine is evolving. We’re leaning harder into sales-led growth, partnering across Sales and Marketing to expand relationships through the entire customer lifecycle. That requires a different type of selling: more

AI agents have crossed the line from assisting humans to acting on their behalf. In production environments, that shift changes the security model.Security leaders say that the main challenge isn’t getting an agent to do something useful. It’s knowing, at runtime, what actions are permitted, which identity it’s operating under, and how to reconstruct what happened afterward. I recently contributed to the 2026: The End of Vibe Adoptionwhitepaper with researchers from Stanford’s Trustworthy AI Research Lab, led by Professor Sanmi Koyejo, in collaboration with the AIUC-1 Consortium and enterprise security leaders including Jen Easterly (RSAC), Omar Khawaja (Databricks), Mandy Andress (Elastic), Chris Monson (Atlassian), Phil Venables (Google Cloud), Chris Sandulow (Confluent), Gagandeep Singh (Salesforce) and others across industry and government. The research and field experience converge on a simple point: before regulators or insurers can address AI-related harm, enterprises need techn

Since 1Password began, we have built security into the places where work actually happens. Security is not treated as an overlay or a separate workflow, we build directly into the browser, command lines, developer tools, and IDEs, where decisions are made and actions take place. We believe that if you want to improve security outcomes, you build where the work happens, making the secure path the simplest one. That design philosophy is even more critical in the age of AI agents.Agent architectures come in many forms. Whether you’re building with a ReAct pattern (possibly with RAG), plan-then-execute, or a multi-agent swarm, all AI agents share a common theme: a deterministic chassis. This chassis contains the client-server architecture that underpins all agent architectures. There’s a lot of buzz around AI agents today, but what often gets lost is that what seems novel is actually built on patterns we’ve relied on in software development for decades.Agentic systems predate generative AI

1Password has achieved a significant milestone in our collaboration with Amazon Web Services (AWS): We are officially the first partner globally to successfully transact through express private offers on AWS Marketplace, a new AI-driven capability that automates personalized pricing, allowing teams to bypass manual negotiations and receive a tailored quote in minutes.Coming on the heels of 1Password being named the “2025 AWS Canada Rising Star Technology Partner of the Year,” this global-first is a validation of our momentum. As Nancy Wang shared during AWS re:Invent, customers want simple, fast ways to add modern identity security to their cloud environment. As the launch partner for this capability, 1Password is transforming how organizations buy and deploy identity security at scale. Ending the procurement bottleneckTraditional software procurement processes tend to involve lengthy contract reviews, stakeholder meetings, and red-lining. This can all too easily create a bottleneck th

Rolling out new security tools across your business is rarely a “flip the switch and walk away” moment.First, there’s the setup work: policies, permissions, onboarding flows, recovery, and making sure the right people have the right access for the right reasons. Then there’s the human work of helping everyone use and benefit from the new tool day to day.That’s why we’ve launched 1Password Academy: A free, structured learning platform designed to help admins and team members build real confidence with 1Password, at their own pace.What is 1Password Academy?1Password Academy is our customer learning platform that helps you shorten the distance from “we’ve deployed 1Password” to “people genuinely know how to use it”. It includes courses for admins and end users alike, to help everyone get onboarded quickly and comprehensively.You’ll get fewer “how do I…” questions, and you’ll also see less of the credential behaviors that create risk – like storing passwords in a shared document, reusing c

The era of secrets living in fixed systems and accessed through a handful of workflows is long gone. Modern development is faster, more automated, and increasingly AI-assisted. Developers need access to secrets everywhere their code runs – across CI/CD pipelines, local environments, and AI-driven workflows. That puts developers in a familiar bind: they need secrets everywhere their code runs, but that can easily introduce more risk or friction into their workflows. That can easily feel like a choice between security that gets in the way and speed that cuts corners.One of our goals at 1Password is to remove that tradeoff by providing trusted, continuous access to secrets without slowing build or deploy cycles. Today, we’re introducing two complementary capabilities to support this model. One focuses on runtime access to secrets, and the other on user-authenticated access for desktop integrations. Together, these releases help you close the gap between security and productivity by integr

Today, researchers from the Applied Cryptography Group at ETH Zurich published a paper examining how different password managers uphold their “zero-knowledge” architecture when faced with a fully malicious server. We conducted a thorough review of the paper and confirmed that it doesn’t introduce any new attack vectors affecting 1Password beyond the architectural limitations already documented in our Security Design White Paper.We appreciated the opportunity to speak with the team about their research and value the work they’ve contributed to this area. Open scrutiny and thoughtful analysis ultimately make everyone’s products stronger, and that’s a win for customers everywhere. Attack contextZero-knowledge architectures are designed so services cannot read or access customer data. This isn’t achieved by tightening permissions or limiting administrative access; it’s accomplished by ensuring that only the customer holds the keys needed to decrypt their data. Access isn’t restricted by po

Agent swarms are having a moment. The AI headlines of early 2026 have been dominated by stories where swarms of hundreds or thousands of agents have worked together to accomplish staggeringly complex tasks. These swarms broadly fall into two types. To quote my 1Password colleague, Jeff Malnick, “There are controlled swarms, such as Cursor’s web browser demo, that operate within clearly defined boundaries. There are also uncontrolled swarms, such as OpenClaw, that run with broad, implicit access to user machines and assets.”Both types of swarms have undeniably impressive capabilities, but they also have serious limitations. Right now, many of these systems only work because they implicitly inherit access to a developer’s machine, filesystem, network, and their credentials. That level of unfettered access may work in a sandbox, but it is not viable for production.What is becoming clear is that the hardest problem with agent swarms is not prompting, planning, or model choice. It is abstra

As we embed AI agents into our lives and workflows, we’re learning the (sometimes surprising) ways in which they outperform human beings, and other ways in which they fall short. And occasionally, we find an example where agents, paradoxically, are both better and worse than their human users.Case in point: identifying and avoiding common cyberattacks. It’s well known that people are not particularly adept at spotting phishing scams; 1Password’s research found that 61% of Americans have fallen victim to such an attack. By contrast, in 2024, a research team found that GPT-4 could identify phishing websites with 98.7% precision and 99.6% recall. Near-perfect detection. Ask a modern AI model, “is this email dangerous?” and it almost always gets it right.Unfortunately, an AI model’s ability to recognize threats does not translate to an AI agent’s ability to avoid them.AI agents can read your inbox, open links, read secrets on your computer, forward emails, and fill out forms on their own.

We’re proud to celebrate Black History Month at 1Password by spotlighting the people and stories that help shape our culture every day. This month is an opportunity to recognize contributions, reflect on impact, and continue building a workplace where everyone feels a sense of belonging.For this spotlight, we’d like to introduce you to Joseph Ojelade, a member of our Security Engineering team and one of the founding members of AfroBits, our employee resource group for Black employees and allies. Joseph’s work sits at the intersection of trust, transparency, and protection, values that are central to security engineering and deeply connected to how we show up for one another.We sat down with Joseph to learn more about his journey, the perspectives he brings to his role, and the impact he hopes to make through his work. How do you usually explain what you do and what part of your work you care about most to someone who doesn’t work in security?I spend much of my time in the Governance, R

Onboarding and offboarding are two of the most important and frustrating jobs IT owns. When onboarding works, new hires are productive on day one. When offboarding is done correctly, access is removed cleanly, data remains protected, and audits are much less painful. When either breaks down, the consequences appear quickly: lost productivity, security gaps, wasted spend, and hours of manual cleanup.The problem is that the tools most teams rely on weren’t built for how work actually happens today.Watch: Onboard in minutes, offboard with confidenceSee how IT teams use SaaS Manager to automate access across every app, not just the ones behind SSO, so nothing slips through the cracks when someone joins or leaves.Watch on-demandWhy onboarding and offboarding break downModern environments run on SaaS, and not all of it lives behind SSO. Employees join with different roles and access needs. Contractors come and go. They leave with accounts scattered across dozens of apps, some managed, many n

The return on your SaaS management platform investment is very dependent on the quality of your rollout.‍ You’ve seen the demo that shows how a SaaS management platform like 1Password SaaS Manager can give your team data on the budget you’re wasting on unused SaaS licenses for Salesforce, Zoom, GitHub etc. Perhaps you played around with a workflow builder in a demo environment and defined automations for reviewing shadow IT or reclaiming unused licenses. In short, you’re seeing a solid business case for SaaS management that brings together immediate, direct cost savings with the promise of ongoing efficiency gains from the automation of IT ops. Does that mean it’s time to sign-up, turn on the new SaaS management platform, sit back and reap the SaaS optimization rewards? Unfortunately, without the right foundations, early rollout mistakes can weaken your SaaS management program, making it harder to govern access and control risk over time. Here are the 3 most common challenges we’ve see

Identity has become the defining security challenge for organizations navigating SaaS sprawl, AI adoption, and an increasingly distributed workforce.As access expands across applications, devices, and identities, customers need trusted partners who can help translate modern identity strategies into practical, scalable outcomes.At 1Password, partners play a critical role in how customers adopt, deploy, and grow with our company. As 1Password’s suite of solutions continues to evolve, so does the opportunity to support partners more intentionally. The new phase of the 1Password Partner Program reflects a focused investment in the partner ecosystem, strengthening how partners engage with 1Password and how partner-led efforts connect to long-term customer and business growth.“Partners are often the ones closest to the real-world challenges customers face around identity and access,” says Larissa Crandall, Global VP of Channel and Alliances at 1Password. “Our goal is to make it easier for pa

If one autonomous agent is useful, it is natural to ask whether many agents working together could be dramatically more effective. Over the last few weeks, the AI community has been testing this idea in practice by running large numbers of agents in coordinated swarms. The early results are clear: swarms can be far more capable than individual agents, but only under the right conditions. Two distinct patterns have emerged. There are controlled swarms, such as Cursor’s web browser demo, that operate within clearly defined boundaries. There are also uncontrolled swarms, such as OpenClaw, that run with broad, implicit access to user machines and assets.The productivity gains from swarming are real. In controlled environments, swarms demonstrate that large numbers of agents can coordinate work, iterate in parallel, and solve problems faster than any single agent or human team. At the same time, uncontrolled swarms show how easily these same techniques can bypass basic security and access e

A few days ago, I published a post about why OpenClaw feels like a portal to the future, and why that future is scary in a very specific way.The short version: agent gateways that act like OpenClaw are powerful because they have real access to your files, your tools, your browser, your terminals, and often a long-term “memory” file that captures how you think and what you’re building. That combination is exactly what modern infostealers are designed to exploit.This post is the uncomfortable, “and then it happened” follow-up.Because it’s not just that agents can be dangerous once they’re installed. The ecosystem that distributes their capabilities and skill registries has already become an attack surface. If you are experimenting with OpenClaw, do not do it on a company device. Full stop.In my first post, I described OpenClaw as a kind of Faustian bargain. It is compelling precisely because it has real access to your local machine, your apps, your browser sessions, your files, and often

Small businesses can’t afford to wait when it comes to securing their business. Still, cybersecurity can be complex, and any entrepreneur will tell you that there’s already a lot to keep track of when starting and running a company. For small businesses dealing with limited (or nonexistent) IT and security teams, it’s important that their cybersecurity tools are both simple to use and efficient.That’s why 1Password has partnered with 60 Day Hustle, a show that helps entrepreneurs turn their business dreams into reality. 60 Day Hustle vividly displays the challenges facing entrepreneurs as they launch their business. As contestants face challenges from pitch meetings to sales blitzes, it becomes clear just how fast-paced and complex it can be to start and run a small business.Season 2 of the show will also spotlight these entrepreneurs using 1Password enterprise password manager (EPM) to secure access and protect their business while building their company’s momentum. Rather than adding

Unsanctioned SaaS and shadow IT are problems every organization deals with. When procuring a new SaaS tool is a few clicks, an email, and a credit card away, it’s never been easier for unsanctioned apps to increase across the business. Often, this is outside IT’s line of sight, outside security controls, and outside standard provisioning/deprovisioning processes.Watch: Stop managing SaaS in the darkOur on-demand webinar shows how IT teams use SaaS Manager to continuously discover unsanctioned apps, automate offboarding, and close the access gaps that manual audits miss.Watch on-demandThis isn’t driven by bad intent. Employees and business units are bringing new tools into the business to increase their productivity, and it’s helping the business move forward. Unfortunately, modern work is happening faster than traditional controls were designed to handle. And that gap is where risk, wasted spend, and compliance issues emerge.Why uncovering unsanctioned SaaS mattersUnsanctioned SaaS too

This advisory describes an ecosystem-level risk that emerges when AI agents are able to autonomously read and act on untrusted content while operating with user-level permissions in a web browser.Our approach to ecosystem risks is to maintain clear, deterministic boundaries that don’t rely on an AI system interpreting “rules” correctly. To strengthen user control at this boundary, we’ve added the ability for users to disable automatic sign-in for the 1Password web app, preventing automated browser activity when 1Password is unlocked.1Password remains predictable even when the surrounding environment is not: autofill remains restricted to the right sites, sensitive data can require confirmation before being filled, and a locked extension cannot be manipulated by an AI agent or anyone else. Users can also change their extension’s lock settings – such as using shorter lock timeouts – to ensure the extension locks as frequently as fits their security preferences, especially when using AI-a

OpenClaw (formerly Clawd Bot, MoltBot), the locally running, open-source AI agent named after the Lobster workflow shell that powers its agentic loop, has rocked an AI community that, just weeks ago, was so in love with its own hype it would have yawned at literal magic.And yet OpenClaw, seemingly just a wrapper around a collection of familiar technologies, has put those pieces together in a way that feels like a portal to a future that, a month ago, still felt impossibly distant.Within an hour of setting up OpenClaw on my Mac, it had already built a fully featured kanban board where I could assign it tasks and track their state.I have seen other stories that are even wilder. One user shared an anecdote about asking it to make a restaurant reservation, and when it realized it could not do it through OpenTable, it went and got its own AI voice software and just called the restaurant, then secured the reservation over the phone.Its own author, Peter Steinberger, described joking to OpenC

Social logins like ‘Sign in with Google’ make life more convenient. Employees no longer need to remember numerous passwords, and IT teams can reduce the risk of reused credentials. Nonetheless, there can be a security cost to this method of authentication.A major airline website got hacked, and millions of emails and passwords have been dumped online. Unfortunately, this can easily impact your company’s IT infrastructure. 1Password’s 2025 Annual Report found that 27% of employees have used the same passwords for both their work and personal accounts. Bad actors are aware of this; a well-known technique to compromise user accounts is to take usernames and passwords from a breached website and try them out elsewhere. One potential solution to this problem are social logins, like “Login with Google,” which mean that users don’t have to create new usernames and passwords when signing up with websites and applications. Most social logins use a technology called OpenID Connect, or OIDC. OIDC

Small business (SMB) cybersecurity has never been simple, but it’s become even more complex in recent years. Today’s businesses have to deal with an ever-growing number of apps and tools to secure, and this complexity is naturally going to be far harder for small teams to manage. Particularly for very small businesses.Unfortunately, bad actors have realized this; CISA reports that “cyber incidents have surged among small businesses that often do not have the resources to defend against devastating attacks like ransomware.” For small teams, simplicity is key to staying secure. And while cybersecurity can feel overwhelming and riddled with technical complexities, sometimes it’s almost shockingly simple. For instance, you may currently be asking yourself, “What’s the first security tool that I should buy for my small business?” The answer to that question actually isn’t all that complicated. The first cybersecurity tool that a small business should buy is, quite simply, a password manager

Phishing attacks are everywhere these days. People encounter them while shopping, job hunting, reading work emails, and checking personal texts. Thanks to AI-powered scammers, phishing has become both more common and harder to spot, leading to disastrous consequences. A phishing attack on a business costs an average of $4.8 million, and attacks on individuals can drain bank accounts and wreck credit scores.The scary thing about phishing is that it only takes one momentary lapse in judgment for a scammer to steal a victim’s information. In one common form of the attack, the scammer will send an email or text containing a link to a fraudulent (but real-looking) website. When the victim enters their information into the site, they’re really handing it to the scammer, who can then cause chaos with the stolen information. These fake phishing sites look convincing, but they often have some tell-tale signs, such as a misspelled URL. That means a lot of phishing attacks could be prevented by a

Landing a job interview at 1Password is a big moment – for you and for us. Every time we invite a candidate to meet with us, it's because we see potential for impact. Interviews are a chance for you to both share your perspectives and learn how we work together to achieve our ambitious goal: leading the way for human-centric identity security in the AI era.At 1Password, we have a set of practices that guide how we collaborate, measure success, and create meaningful impact. We call these the 1Password Behaviors for Success.This guide will help you think like a member of our team and frame your interview around these behaviors. It will help you both gain a deeper understanding of our company and approach your interview with confidence.Behavior 1: Take full ownershipAs we enter our next chapter as a high-growth company, we're collectively raising the bar on ownership. At 1Password, ownership is about taking pride in delivering quality work and high-impact outcomes, and we’re looking for t

It’s easy to see how SaaS sprawl happens if you picture the moment it starts. A team is blocked, someone needs a tool ASAP, and the answer to their problems lies just behind a free trial, so they sign up for a new tool. No one is being careless. They’re being efficient. The problem is that follow-up rarely keeps pace with new sign-ups, especially when the card on file belongs to "the company" and the requester has already moved on to the next priority.Watch the webinarLearn how you can automate SaaS discovery, employee lifecycle management, access reviews, and renewals with 1Password SaaS Manager.Watch the webinarMonths later, you realize you are paying for services you don’t use and can’t remember how to log in to, let alone cancel. Every invitation to “try this new tool” adds another subscription, another license, and another place where company IP is stored. Over time, this SaaS sprawl creates an environment overrun with shadow IT and unmanaged apps that IT, security, and finance te

Unused SaaS licenses are a budget drain and a security risk. The need to easily track and manage SaaS licenses and identify unused ones is a challenge that every modern organization faces. Watch: Stop paying for SaaS nobody usesLicense waste is a cost problem and an access risk. Watch our on-demand webinar to see how IT teams are getting visibility and control over their SaaS stack.Watch the webinarThe problem is that most IT teams can’t confidently answer a basic question: Are we using the licenses that we’re paying for? Why? Answering this simple question is more complicated than it seems.Why tracking license usage mattersEvery inactive user account or orphaned license is wasted budget and a potential door for bad actors into your environment. Without visibility into license usage, you’re likely:Paying for licenses that no one’s usingWasting time during renewals or facing true-ups because you can’t validate user countsExposing your business to risk with accounts tied to former employ

AI-assisted development crossed the “cool demo” threshold long ago. It is now a daily workflow. Generate code. Refactor. Run tests. Spin up infrastructure. Deploy.The speed is real. And so is the expanded security surface area that comes with it. The challenge is no longer whether teams should adopt AI-assisted development, but how to do so without putting credentials and access at risk.At 1Password, we believe the answer starts with treating secure access as an integral part of the development workflow. AI can accelerate the work, but access to real systems, credentials, and secrets must remain deliberate, time-bound, and under human control.Ari Marzouk recently released a piece of research titled IDEsaster, which highlights why this moment matters. It introduces a new vulnerability class that emerges when AI agents are embedded into IDEs that were not originally designed for autonomous or semi-autonomous action. Marzouk's key insight is not that any single tool is flawed. It is that

In modern organizations, employees sometimes adopt SaaS tools and AI solutions to help them get their jobs done efficiently. But when tools are chosen without IT oversight, they’re often called shadow IT.Shadow IT isn’t inherently a problem. The key isn't to stop it, but to govern it. This is where 1Password SaaS Manager comes in, providing visibility, automated discovery, and lifecycle management to help you bridge the gaps between IT and business teams.Success starts with IT and line-of-business partnershipSuccess comes from collaboration between IT and business teams. The former brings expertise in compliance, efficiency, and security, while the latter knows the tools they need for greater productivity. With SaaS visibility, IT can see how work happens and react accordingly. With 1Password SaaS Manager, IT gets a full view of the applications being used. This gives IT the opportunity to support innovation where it makes sense and intervene where required. What is business-led IT?Bus

Developers are moving faster than ever with AI. Cursor is redefining how software gets built, and 1Password is redefining how teams secure access to SaaS and AI. Today, we are announcing a new integration that brings these two worlds together in a way that keeps development speed high and credential risk near zero.1Password has partnered with Cursor to build a Hooks Script that gives developers a secure, just-in-time way to ensure required secrets are made available to Cursor’s AI agents via 1Password Environments. The result is an AI-native development workflow where secrets are never hardcoded, raw credentials are never handled directly by AI agents, and secure access becomes a natural part of writing and running code.This functionality is available today as a first step and lays the foundation for a broader set of secure developer workflows we intend to build together.Why this mattersDevelopers should never have to paste tokens into config files or store long-lived credentials on di

Twenty-seven episodes. Dozens of CISOs and security leaders. Hours of honest conversation about what actually keeps them up at night.When I launched the show, the goal was simple. Strip out the fluff and talk about how security really works inside organizations that ship software, handle sensitive data, and carry real operational risk—just practitioners comparing scars.This season covered three big threads that kept looping back into each other. The changing reality of the CISO role. The rise of agentic AI systems. The grind of day-to-day security work in complex environments. All of it shaped by people who actually own the outcomes.The CISO job is no longer “just security”Across episodes with sitting CISOs, former CISOs, and advisors, one theme kept repeating. The role has outgrown the narrow idea of “head of security.”Guests talked about shaping product strategy, influencing M&A decisions, and acting as a translator between engineering, legal, and the board. Security decisions now to

Anthropic recently announced that the company has disrupted the first reported AI-orchestrated cyber espionage campaign. This attack used Claude Code to automate many steps, with AI handling up to 90% of the tasks, including web searches and the autonomous writing of exploit code. The attackers bypassed Claude’s guardrails by breaking each step into small tasks and role-playing as a red team member. By taking this approach, the attackers avoided having any individual Al task flagged for violating Claude guardrails. While this type of attack is new, the bad actors also relied on tried-and-true methods to maximize access. Once the AI agents obtained valid certificates, they relied on password extraction to move laterally within the target systems. Anthropic has broken down the espionage campaign into six distinct phases:Campaign initialization and target selection: Human operators chose the relevant targets to be infiltrated.Reconnaissance and attack surface mapping: AI cataloged target

Over the past year, we’ve been busy building for MSPs around the world, giving you more choice on where and how you buy our solutions. Starting today, 1Password Enterprise Password Manager – MSP Edition is available through QBS Software, a leading distributor serving MSPs across more than 20 countries in Europe, the Middle East, and Africa (EMEA). Our partnership allows 1Password to meet MSPs in the channels you already use to source SaaS solutions – keeping your processes streamlined and expanding access to enterprise-grade credential security worldwide. 1Password closes the Access-Trust GapWe know MSPs work hard to balance operational efficiency, their clients’ security posture, and long-term strategic value as service providers. That balance becomes tougher when you’re contending with unsanctioned and invisible forms of access stemming from identity sprawl, unmanaged credentials, and shadow IT. This difference between centrally governed and controlled access and the access that occu

There’s a good chance something important is missing from your IT team’s offboarding checklist, and it may be causing a steady drip of unnecessary, wasted spend. The source of this leak? No, it’s not the unreturned laptops; it’s the licenses for SaaS apps that employees use every day. The SaaS landscape is littered with apps outside IT’s direct control, and when there’s employee turnover, it’s often difficult to ensure that every license across every app is accounted for. One symptom of this problem is that former employees often retain access to apps long after they should have been revoked. In fact, 1Password’s research found that 38% of employees have accessed a prior employer’s accounts after leaving the company. That’s not so much a leaky faucet as a burst pipe.The problem here is that the average IT stack wasn’t built for comprehensive offboarding. The majority of IT teams handle offboarding through a combination of automation and manual processes, but this piecemeal approach is

This year has been one of the most transformative in our collaboration with AWS. As organizations move faster toward AI-driven development and cloud-native architectures, secure access has become a foundational requirement, not an afterthought. In just a few years, we’ve gone from experimenting with GPTs to deploying action-oriented AI agents that read, write, execute, and automate workflows across production systems. These developments unlock new levels of productivity, but they also introduce new access and security challenges.That’s why AWS and 1Password have deepened their collaboration to help customers adopt AI tools safely and still capture the benefits it offers. Together, we’re making it easier for developers to authenticate, build, and operate agents securely, and using AI to streamline the login experience itself.What began as a collaboration has evolved into real momentum and a shared vision for the future of secure identity and automation in cloud-native environments. Deli

AI-powered browsers are transforming how people use the internet. They help you move faster, automate tasks, and simplify how you operate on the web. As this innovation continues, 1Password is committed to meeting our customers wherever they are in their AI journey. That means giving you the confidence to explore new AI tools, without sacrificing the security, privacy, or ease of use you depend on. And today, that includes OpenAI’s new ChatGPT Atlas browser. In addition to making the 1Password Browser Extension available on Atlas, we’ve built a new seamless, secure, and human-friendly experience to get started with 1Password on Atlas from the moment you start browsing, no workarounds and no added friction.Using AI-powered browsers? We got you.AI-powered browsers introduce new workflows, new expectations, and new security considerations. People want to use tools like Atlas to research, plan, shop, build, and automate, but every step still depends on safe access to the accounts and infor

Beep beep. My pager goes off. Then the phone rings. Meanwhile, there is a client sitting in front of me who needs a place to sleep tonight. Looking at my schedule, the days are blocked back-to-back with clients for the rest of the week, and there’s a long list of patients waiting for an appointment in my inbox. And it’s only Tuesday.For seven years, I was a social worker in community mental healthcare, and I was passionate about helping my clients with counseling and connecting them to necessary resources. Helping folks with psychosocial needs was meaningful and important work, but I felt anxious, tired, and overwhelmed most of the time. It took some reflection, but I slowly realized that I wanted to use my skills in a different way.A friend connected me to someone who worked at a cybersecurity startup called Kolide. They asked if I would ever want to bring my people skills to a people operations role at a B2B cybersecurity SaaS startup that had recently raised a Series B round of fund

The 1Password browser extension is entering its eighth year of service, and quite a bit has changed over that time as we’ve built new capabilities and improvements. One crucial piece of the browser extension is its in-page notification system. With the ability to display a notification on a web page, it allows you to perform many important tasks.Over the last eight years, we’ve expanded the capabilities of this small but mighty piece of the user experience to inform you any time you:Save a new login credential to 1Password that you created while browsing the webUsed a passkey to sign into a website that supports the WebAuthn protocolBeen offered a suggestion to sign in with a third party provider, such as GoogleWatchtower detected a breach with one of your vault itemsWere guided through remediation because Device Trust detected a problem with your deviceWith this growing list of tasks, and the in-page notification system becoming a new way for us to surface information, we knew it was

Security leaders are under pressure to manage an expanding number of SaaS apps and shadow IT. Automation transforms the fight for visibility into a framework of continuous monitoring.Virtually every company runs on more SaaS than it can see, and spends more on it than it can control.From analytics tools to HR platforms and AI agents, every new license improved productivity while expanding the surface that IT and security must protect.For years, Identity and Access Management (IAM) and Identity Governance and Administration (IGA) systems formed the backbone of enterprise security, authenticating users, enforcing policies, and governing access. But the perimeter they were designed to protect no longer exists.In today’s open SaaS workplace, anyone with an email address can add a new application outside SSO and beyond IT’s visibility. Security’s role is shifting from rigid enforcement to managing visibility and flexibility.There are now three distinct categories of SaaS that every organiza

We’re excited to announce that today, 1Password Enterprise Password Manager – MSP Edition is now available through Renaissance, a leading IT distributor serving MSPs across the Island of Ireland. This partnership enables even more MSPs to access 1Password through local channels, streamlining their procurement and billing processes while expanding access to enterprise-grade credential security.We know that growing MSPs around the world are constantly balancing the need to:Ensure their own operational efficiency and profitabilityEmpower their clients with effortless securityExcel as their clients’ long-term, strategic IT partnerAchieving all three is a challenge, especially as MSPs face growing complexity from identity sprawl, SaaS sprawl, and unsanctioned access that can put clients at risk. 1Password Enterprise Password Manager – MSP Edition helps solve these problems by providing MSPs with the tools to securely manage their clients’ credentials, reduce risk, and strengthen their trust

In episode five of Securing the Win, Formula 1® journalist and broadcaster Chris Medland takes us inside the cockpit with Oracle Red Bull Racing’s Max Verstappen and Yuki Tsunoda to uncover what it takes to win. Through their words and the unseen organization that powers them, Medland discovers how every team member at Oracle Red Bull Racing works together to make the car go faster.After exploring leadership, security, and trust behind the scenes, Securing the Win brings us closer to the people at the center of it all: the drivers. They are the ultimate end users of Oracle Red Bull Racing’s innovation, demonstrating how a global network of people, technology, and security performs under pressure.Chemistry, culture, trust: Chris Medland on what it takes to winFew people understand the rhythm of Formula 1® quite like Chris Medland. Having covered the sport for RACER, Motor Sport Magazine, and Formula1.com, he has seen how teams operate under pressure and how the unseen efforts of thousan

If you’ve built anything with AI tools lately…You’ve probably seen a file like this sitting in your project root:{ "tools": { "github": { "endpoint": "https://api.github.com", "auth": { "token": "ghp_your-secret-token" } } } }That’s a typical mcp.json, the file many agentic development environments (like Cursor or Claude Code) use to tell an MCP server what APIs it can call and what credentials to use.It’s handy. It works. It’s also a plaintext secret waiting to leak.Push that repo to GitHub, sync it to a teammate, or even forget to .gitignore it, and your API key’s gone.Shout-out: the developer who started a trendOne of the nicest parts of working in security is seeing the community invent safe patterns before vendors even document them.A developer who goes by @codekiln wrote a great how-to showing how to secure Cursor’s mcp.json with the 1Password CLI.Their approach is simple: instead of hardcoding tokens in your config, reference them from your 1Password vault and inject them at run

IT and security leaders share a common goal: to empower teams to move fast without compromising security.Over the past year, we partnered closely with customers across industries to understand what helps them scale and where they need more flexibility and control.Their feedback shaped our latest updates to 1Password Enterprise Password Manager (EPM). Each enhancement is designed to make enterprise deployment and governance faster, simpler, and more intuitive so security teams can focus on strategic priorities instead of day-to-day administration.This release builds on three core principles:Usability that drives adoption.Visibility that strengthens governance.Control that scales with the business.Together, these improvements make it easier for companies to deploy confidently, manage effectively, and protect every user with 1Password.Security without frictionNew app unlock presets give admins more flexibility in how users unlock 1Password. Teams can align unlock settings with their organ

At 1Password, we know that a culture of belonging is essential to achieving our company’s goals. Since launching our first Employee Resource Groups (ERGs) in 2021 and expanding to Employee Community Groups (ECGs) in 2023, these communities have become so much more than spaces for connection – they’re shaping how we lead, grow, and perform together. Today, our ERGs and ECGs collectively represent more than 1,300 Slack channel members, reflecting strong engagement across communities at 1Password.Our eight ERGs and ECGs remind us that belonging and high performance aren’t competing priorities; they thrive together. They turn our values into everyday actions, helping people feel both stretched and supported as we continue evolving our high-performance culture.By keeping community at the center, our groups drive growth, learning, and impact – making belonging something we can see and feel in how we show up for each other every day.Belonging in actionEarlier this year, our Chief People Offic

Poorly managed credentials are among the most stubborn problems for security and IT teams, and authentication is one of the areas where the Access-Trust Gap is widest. But even as credential-based attacks remain a major threat to security, there are positive signs that companies are moving toward a passwordless future.This blog is part three in our series analyzing the 1Password Annual Report 2025: The Access-Trust Gap. To read part one, which addresses AI governance, click here.To read part two, on SaaS management, click here.If you haven’t had a chance to read the full report yet, download it here. In this blog, we’ll address the third section of the report, on credentials. We’ll walk through some of the report’s most eye-opening findings and how IT and security teams can translate them into actionable priorities. We’ll also explore how 1Password helps close these gaps via 1Password Extended Access Management, a suite of solutions that includes our Enterprise Password Manager, 1Passw

In Episode 4 of Securing the Win, Oracle Red Bull Racing CIO Matt Cadieux joins host Calum Nicholas at MK7 in Milton Keynes to answer a crucial question: how do you make the secure path the fastest path?For Cadieux’s team, speed is nothing without trust. Behind every lap, every call, and every win lies a digital backbone built to guard against the unseen. As threats in Formula 1® mature and proliferate, a single weak sign-in or device can compromise safety and performance. Cadieux safeguards racing, manufacturing, and logistics. His answer is simple and hard-won: design for failure, verify trust continuously, and partner where it buys speed, so when pressure spikes, the car keeps flying.Revving cyber resilienceCadieux’s resilience playbook supports Oracle Red Bull Racing’s culture of innovation, where resilience isn’t just a project, but a practice. He says, We need to anticipate that things will go wrong. We build in backup plans and factor in safety so if you have to resort to Plan C

We’ve all been there. You open your laptop, log in to your account, log in to your password manager, step away for a quick coffee break, and come back ready to get started on a project, only to be asked by your computer and password manager to log in to both all over again. It’s safe, sure, but it can also feel like one extra speed bump between you and getting work done.At 1Password, we’re always looking for ways to simplify your experience without compromising security. You should feel confident that your data is protected, while still being able to access what you need without disruption. That’s why we’ve made unlocking 1Password faster and simpler, without changing what makes it secure. Unlock 1Password when you unlock your deviceWe’ve redesigned the 1Password unlock experience to be faster and smoother while maintaining the same trusted security. The new unlock with device setting lets 1Password open right alongside your Mac or PC. It unlocks as soon as you pass your device's own l

When IT and security teams lack visibility and control over the SaaS apps employees use, the result is wasted spend, unsanctioned access, and compliance failures. Yet 1Password’s research shows that all too often, SaaS usage is evading the tools meant to govern it.This blog is part two in our series analyzing the 1Password Annual Report 2025: The Access-Trust Gap. To read part one, which addresses AI governance, click here.If you haven’t had a chance to read the full report yet, download it here. The Access-Trust Gap report lays out the issues plaguing the SaaS landscape:The SaaS explosion has long outpaced traditional IT oversight. Today, enterprises face an environment where hundreds of cloud- and browser-based applications are in active use, many without IT’s knowledge or control. Shadow IT is no longer a fringe behavior; it's a foundational threat to modern access governance. And even sanctioned apps pose risks when access is poorly managed, offboarding is incomplete, or they are n

Summary and key findings1Password surveyed 2,000 American adults to learn how people are protecting themselves from phishing scams this holiday season (“phishing” refers to all those scammy emails, shady texts, and fake ads, where hackers try to trick people into clicking a link that lets them steal money or information). What we learned is that holiday scams are getting bolder and harder to spot, thanks to the help of AI. Here are some of the other most eye-opening findings:AI is the new gift wrap for holiday scams:66% of Americans say they’ve noticed more scammy messages, phone calls, and ads since AI became more prevalent. Taking the bait: 82% of respondents have been phished, or come dangerously close to it. Younger generations are falling first: Gen Z (70%) and Millennials (67%) are more likely to be phished compared to Gen X (57%) and Boomers (46%).Duplicate passwords are a gift to hackers: A whopping 76% of Americans who've fallen victim to a shopping scam still reuse passwords

In Episode 3 of Securing the Win, 1Password’s docuseries exploring the behind-the-scenes teams powering Oracle Red Bull Racing, Nimesh Kotecha, Group Head of End User Services, takes us behind that digital command center, not into the cockpit, but into the technology ecosystem that keeps the entire organization moving.Kotecha and his team manage the infrastructure behind every device, login, and workflow, designing systems that let people move at full speed securely from anywhere in the world. Keeping that network running requires rapid innovation and constant protection.The driver might be the ultimate end-user, but everyone relies on technology that has to be both secure and seamless."End-user enginesFormula 1® teams are engineered for speed, and their digital operations must set the pace. Kotecha’s purview spans service delivery, workplace operations, and client security policies that connect teams across continents. As Oracle Red Bull Racing’s digital footprint expanded, Kotecha tu

When faced with an endless stream of SaaS bills, the temptation is to reduce costs fast. Instead of taking a slash-and-burn approach, we recommend taking a step back to look at the bigger picture. Here are some smart ways to get better value using SaaS optimization. You can reduce SaaS costs while increasing the value applications bring to your users and your business.‍If you’ve started doing some SaaS discovery in your business, you’ll be aware that a key cost-driver is the number of redundant SaaS tools in use. While there might be good reasons for keeping similar apps, there are also benefits to consolidating the number of applications in use: eliminating duplicate spend,, lower operational overhead, and reduced security and compliance risks. The right approach to understanding usage and improving SaaS optimization often depends on the type of application being used. In this blog post we’ll look at SaaS optimization in the context of project management tools, such as Monday.com, Cli

Unsanctioned AI tools. Patchy access controls. Unmanaged apps and devices. And of course, compromised credentials. These are the issues revealed in the 1Password Annual Report 2025: The Access-Trust Gap.The report is based on a survey of over 5,000 knowledge workers, IT and security professionals, and CISOs, and it captures a moment of profound technological and cultural transition. Companies are still playing catch-up to the last few years of change: the rise of hybrid work, the SaaS explosion, the blurred lines between work and personal devices, and AI. IT and security teams are discovering that their go-to tools for securing identities and managing access, such as SSO and MDM, weren’t designed for this world.The result is a widening Access-Trust Gap: the divide between the types of access that security and IT teams can control, and the reality of how people (and now AI agents) access sensitive data in practice.The survey data reveals four areas where the Access-Trust Gap is widest a

Agentic AI is a fundamentally new paradigm. AI agents can interact with various tools and act dynamically and probabilistically as they encounter new inputs. That means they end up falling somewhere between an application and a user in terms of how they operate. Indeed, the interaction with other applications is what gives agentic AI its power; however, this also has implications for identity security and access management.Given this new paradigm, we’ve found it helpful to develop a simple taxonomy for agentic AI that guides the specific security measures that must be considered for each agent. We break this down into three distinct categories:What type of AI agent is it, and how does it interact with the world?Where is the agent running?Who is the agent running on behalf of?Note: At 1Password, we have a set of AI security principles that apply across this entire taxonomy, regardless of how an agent is classified. An Identity Security taxonomy for Agentic AIWhat type of AI agent is it,

The new .env destination in 1Password environments makes it easy for developers to use and collaborate on .env files securely, right from the desktop app.1Password environments provide a secure workspace to store, organize, and manage project secrets – the same credentials you would normally handle as environment variables. Each environment acts as a dedicated space for a project or app, helping teams manage and maintain consistent credentials.With the new .env file destination, you can use those secrets – stored securely and locally – in your usual workflows. We launched this functionality in beta earlier this month, and have already had some rave reviews:“Just wanted to drop some feedback after playing around with the new Environments Beta in 1Password. Honestly, I’m loving it so far. The local .env file mounting is just brilliant. Secrets are easy to access without having to run extra commands, but still secure – exactly what I want. Makes switching between machines seamless, too.”T

In Episode 2 of Securing the Win, 1Password’s docuseries with Oracle Red Bull Racing, Chief Security Officer Mark Hazelton revisits the $100 million Formula 1® data breach that changed the sport and reshaped the way teams approach secrets and security.From the team’s headquarters in Milton Keynes, UK, Hazelton sits down with former Senior Engine Technician turned brand ambassador Calum Nicholas to offer a rare glimpse into how the team stays ahead of cyber risks, guards against insider threats, and protects its most valuable asset: information.For 22 years, Hazelton has been the quiet constant behind one of Formula 1®’s most advanced and secure organizations. From inside Oracle Red Bull Racing, he’s watched the threat landscape shift from insider threats to the relentless pressure of digital risks.Decades on the digital front line have taught him that in Formula 1®, data isn’t just valuable, it’s vulnerable.“Even the strongest teams are only as secure as their weakest point of access,”

Professional sports franchises are high-profile, global enterprises that operate at a rapid pace and rely on instant, secure access to the tools and data that keep them competitive. In this arena, speed and trust aren’t trade-offs; they’re the keys to success.The same is true for modern businesses and the millions of people behind them; everyone needs a simple, secure way to safeguard their personal identities and technology that enables access without slowing them down.That mission takes center stage through our multi-year partnership with Smith Entertainment Group (SEG), the parent company of the Utah Jazz, Utah Mammoth, and the Delta Center. As the Official Cybersecurity Partner of both teams, 1Password is redefining how elite organizations approach access and identity security.“Giving teams the tools they need to move fast while keeping them digitally protected is at the heart of how organizations win, whether in business, sports, or technology,” said David Faugno, CEO of 1Password

Technology skills are essential for thriving in today’s fast-paced digital world and for shaping its future. At 1Password, we have a vision to build a safer, simpler digital world for everyone.During October Cybersecurity Awareness Month, we gave back to communities by donating $100,000 USD to six organizations working to ensure that the next generation has access to the technology education, digital literacy, and online safety skills they need.It's one of the many ways we are helping communities through our 1Password for Good efforts, including launching a cybersecurity guide for parents with the Family Online Safety Institute.The organizations we are supporting are:ActuaChildnetDigital MomentMission BitVisions of ScienceTeam4TechRead on to learn more about each one and how we’re working together.ActuaActua is a leading Canadian organization unlocking the infinite potential of youth through STEM. Together with a national network of universities and colleges, Actua engages youth from a

In the premiere episode of Securing the Win, 1Password’s docuseries with Oracle Red Bull Racing, viewers get an exclusive look inside the mindset of Laurent Mekies, the new CEO and Team Principal.After leading the Racing Bulls in 2024 into the 2025 mid-season, Mekies steps into one of the most demanding roles in motorsport – leading a championship team where performance is measured in thousandths of a second. His mission: steward a championship legacy, navigate pressures to stay ahead, and balance the responsibilities of leading a team operating at the edge of human and technological performance.And yet, for all the data and downforce analysis, Mekies insists success begins with people. “Formula 1® is a people business,” he says. “Everything you see around here – the infrastructure, the tools, the processes – they’re just a consequence of the quality of the people we have.”Mekies’ is the story of trust at 300 km/h and learning to steer legacy, innovation, and human potential toward a s

Every team seems to be signing up for new apps every day. Licenses are everywhere; some are just collecting digital dust.If that chaos sounds familiar, you’re not alone. If you’ve thought about any of the three things below, it might be time to consider a SaaS management platform to manage SaaS sprawl effectively.SaaS has democratized access to technology. Users can sign up and start using enterprise-grade apps without formal IT or procurement approval. Most SaaS vendors encourage this behavior. When teams adopt SaaS apps outside of IT oversight, they create major visibility gaps, especially for tools that aren’t connected to SSO, so provisioning and deprovisioning becomes inconsistent and access ownership gets murky. That leads to access sprawl, unmanaged credentials, and higher security and compliance risk as sensitive data ends up in tools without governance. Operationally and financially, procurement lacks reliable usage data to optimize renewals, licenses pile up unused, and admin

AI agents increasingly are completing real tasks in the browser, acting on behalf of employees, and connecting to the same systems humans rely on to get work done. This introduces a new security problem: AI agents require credentials – passwords, API keys, and one-time codes – to operate. As agents proliferate, the risk surface increases and it brings a variety of identity and access management challenges:No single source of truth for secrets management across agentic AI and employeesDifficulty of revoking credentials/items, especially long-lived onesProliferation of untracked/out-of-date credential grantsAgentic browsers, such as headless agentic browsers or those being driven by AI models without direct human supervision, raise the stakes even higher. As AI agents execute workflows, they get paused while agentic browsers wait for humans to input credentials. In an effort to avoid agents stopping mid-workflow, users often provide credentials directly into a browser-use AI app, which i

Your password manager might be closing up shop, putting your digital security at risk. In recent months, two major tech players – Dropbox and Microsoft – have discontinued their built-in password manager features. If you’ve been relying on Microsoft Authenticator or Dropbox Password, it’s now time to decide how you’ll protect your accounts going forward.When companies discontinue their password managers, it’s more than an inconvenience. It leaves customers, both consumers and businesses, at higher risk of credential theft. Without a password manager, users are more likely to fall back on bad habits, such as reusing passwords across multiple accounts. That means that one successful phishing attack could be all it takes for criminals to have access to everything.“When password management is a side feature, it’s a future sunset. Choose a provider whose core business is protecting identities so your defences don’t change when someone else’s roadmap does,” said Dave Lewis, 1Password global

Each year, we welcome around 60 ambitious interns who help drive our mission while growing their skills and networks. Kavya’s story is one we had to share. From building a wellness app to landing an internship and learning to lead with confidence, this is her full-circle journey launching her career with 1Password.Get to know KavyaIntroduce yourself and tell us what you’re studying.Hey! I’m Kavya, a third-year student at UBC majoring in Mathematics with a minor in Computer Science.What do you enjoy doing for fun?Funny story – I actually started as a business major. I took an introductory computer science course just for the experience, and I unexpectedly discovered a real passion for CS, problem-solving, and tech. That’s what led me to switch into math.Outside of school, I love going on hikes. I’ve been trying to do one every week this summer. I also love going to the gym, spending my evenings cooking with music on, and baking. A couple of personal goals I’m working toward are learning

Artificial Intelligence (AI) is transforming the way we discover, reason, and interact online. New browsers like Comet, the AI-powered web browser by Perplexity, are a tangible example of this. As AI becomes more embedded in how we browse the web, one truth remains: credentials remain foundational to everything we do online, and they must be secured.That’s why we’re excited to announce that the 1Password browser extension is now available in Comet. With 1Password, credentials and sensitive data, like credit card information, used in Comet are protected by the same end-to-end encryption and zero-knowledge architecture trusted by millions of people and over 165,000 businesses.Why security matters on the AI-powered internetThink about how much of your life you unlock with credentials, including your email, bank account, favorite shopping sites, social media, and more. Now imagine asking an AI-powered browser to help you do a task that needs access to those things. The AI will need access

A new integration between 1Password Device Trust and Zscaler marks the first step in helping our shared customers implement Zero Trust practices.1Password is proud to announce a new integration with Zscaler, a leading cloud-based solution for Zero Trust network access (ZTNA). This marks a shared commitment to helping our customers secure access, reduce their attack surface, manage AI app sprawl, and practice the principles of Zero Trust.The 1Password® Extended Access Management platform is designed to support Zero Trust initiatives by securing every sign-in to every application from any device, including unmanaged devices and apps. Now, 1Password has built an integration between Zscaler and 1Password Device Trust to help mutual customers secure access and reduce risk. “With this integration, customers using 1Password and Zscaler can be confident that critical applications are only accessible from trusted, healthy devices where Zscaler is installed and configured.Note: Companies with an

For decades, sales has carried a particular image: fast-talking men in suits, closing deals in boardrooms. It’s been a career that has, at least in people’s imaginations, been dominated by men. But the reality is changing. More women are stepping into sales roles and proving that success here doesn’t belong to one gender.I’ve had a front-row seat to this transformation. I started my career in sales enablement, where I watched women sellers hit their stride, break records, and step into leadership roles – all while challenging outdated perceptions of what success in sales should look like.However, early in my sales enablement career, I had a tough realization: I’d never actually carried a quota. Yet here I was, creating programs and resources I expected sales reps to use in the field. It made me feel like a fraud.So I did something bold – I became a sales rep for a quarter. I joined standups, worked real deals, and even closed revenue. It was uncomfortable, and honestly, I was terrified

For security teams, the stakes are rarely as high as they are during mergers and acquisitions (M&A). Suddenly, you’re tasked with managing two companies' worth of devices, applications, identities, and data. There can be serious issues lurking within the newly acquired (or soon-to-be-acquired) company, including legacy systems, poorly vetted third-party contractors, and incompatible security policies.Examples of what can go wrong during an M&A are legion, but the mergers of Verizon and Yahoo, as well as Marriott and Starwood, stand out as two particularly public fiascos. During both mergers, it was discovered that security oversights led to massive data breaches, costing hundreds of millions of dollars and creating a PR nightmare for all involved.Due diligenceStories of M&As gone wrong demonstrate the importance of the due diligence phase. For security leaders, the most critical window in an M&A is before the ink dries. To mitigate any unpleasant post-acquisition surprises, security sh

This blog details how 1Password has addressed clickjacking in the latest version of our browser extension (version 8.11.7). We have no indication that this class of vulnerability directly puts 1Password's systems at risk.Clickjacking is a technique where a malicious or compromised webpage visually disguises or overlays elements of a page or browser extension, like the autofill menu, so that a user unintentionally clicks on them. In practice, this could allow a site to trick users into autofilling card details, identity items, or other information without realizing it.Clickjacking isn’t new, and it’s not unique to password managers. It’s a long-standing web technique that affects many websites and browser extensions. At its core, it’s a browser-level limitation, not something a single browser extension can fully solve.How 1Password is responding to clickjackingWe take every security concern seriously. While clickjacking can only be fully resolved at the browser level, we’ve introduced a

In late July, we published new research on the risks of unmanaged AI, revealing four major security challenges companies face when AI slips under the radar.Those findings set the stage for a lively expert panel at Black Hat, where security leaders explored “Weaponized Autonomy: The rise of AI agents as enterprise threat vectors.” The panel included:Joe Carson, chief security evangelist and advisory CISO, SeguraAnand Srinivas, vice president of AI, 1PasswordWendy Nather, senior research director, 1PasswordDave Lewis, global advisory CISOThe conversation confirmed much of what our research uncovered: employees are adopting AI at a breakneck pace, governance is lagging, and opportunity and risk are growing in equal measure.As organizations race to embrace AI, the panelists dug into the key considerations security leaders should keep in mind as they integrate AI agents and solutions:1. Zero trust principles need an AI upgradePanelists agreed: zero trust isn’t going anywhere. Its core princ

For IT teams, there are many steps to consider when offboarding an employee to ensure their access has been removed and their resources have been transferred. This article unpacks some of the options - and nuances - related to this process. Most importantly, we look at how 1Password SaaS Manager automates user offboarding across Google Workspace and the rest of your SaaS ecosystem, improving efficiency, reliability, and audit readiness. Why effective Google Workspace offboarding is mission criticalOver 9 million organizations use Google Workspace, some in isolation, others in parallel with an identity/SSO provider such as Okta. Google Workspace gives employees and contractors core IT services, including email, calendars, and file storage and sharing. What’s more, Google Workspace often serves as an authentication hub through SAML SSO and OAuth (“Sign in with Google”), extending access beyond native Google apps to a wide range of third-party tools. But what happens when someone leaves?

There are two enormous cybersecurity events each year in the United States: RSA Conference and the week in Vegas that is so full of conferences, summits, and ancillary events that it's simply known as "Hacker Summer Camp." From Security BSides Las Vegas to Black Hat and DEF CON, it takes the fortitude of a camel to survive the desert heat and the late nights. I've been going to summer camp for at least fifteen years in different contexts: as a CISO, an industry analyst, a threat intelligence research director, and as a security vendor team member. All of these contexts are different, and they shape the way I look at the goings-on.For several years, I was involved with the Black Hat CISO Summit as a member of the advisory board. This year, I was invited to moderate a sponsor panel titled "Beyond Resilience: Building Anti-Fragile Security in an Uncertain Future," which sounds fine until you look at the rest of the agenda and notice that two other summit talks also had the term "anti-frag

Artificial Intelligence (AI) is reshaping how we work and lead. At 1Password, we see AI as a powerful accelerator that helps our teams focus on the work that matters most. To explore what it means to lead in this new era, we sat down with Nancy Wang, VP/Head of Engineering. Nancy shares how AI shows up in her day-to-day, how she inspires her team to be curious, and why human skills like trust matter more than ever.Meet NancyHi Nancy! Tell us about yourself and what you lead at 1Password.I lead Product Engineering at 1Password, which means anything that touches the end user rolls up to me. That includes 1Password Extended Access Management, our consumer and enterprise password manager, and our developer + AI portfolio. If it has bits or policies and someone interacts with it, we’re probably building it!How does AI show up in your work, and what role are you playing in shaping its use at 1Password and beyond?AI shows up in nearly every layer of my work, both in what we ship and how we op

Your identity and access management solutions only work if your users comply with the policies you set. Even with the right controls in place, enforcement can break down when users – intentionally or not – find ways around them. That’s why, as we continue to develop Extended Access Management (XAM), we’re focused on embedding enforcement more deeply into everyday workflows across 1Password’s suite of solutions.Today, we're introducing a new Device Trust Check that helps admins ensure the 1Password browser extension is installed and active on user devices. This Check represents a step forward in how the 1Password Enterprise Password Manager (EPM) and 1Password Device Trust work better together to solve real workplace security problems.Enforce the browser extension automaticallyThe 1Password browser extension plays a critical role in delivering a secure and seamless login experience by powering user-facing features like autofill and credential management for EPM, while helping admins enf

In today’s complex digital world, trust is everything. And trust starts with people. That’s why at 1Password, we’ve built a culture rooted in shared purpose, clarity, and accountability. Our culture begins with a commitment to something bigger than ourselves: the success of our customers. We believe in the power of we: a mindset that puts customers first, prioritizes the team over the individual, and anchors everything we do in our mission: building a safer, simpler digital future for everyone.As our company grows, so do our ambitions. That’s why we’re committed to a high-performance culture that enables us to move with speed, alignment, and integrity, while staying true to our belief that great outcomes are only possible when we grow and work together. We believe in setting a high bar because the work we do matters. The stakes are high to ensure we protect our customers, and that bar is constantly being raised as we scale.A culture anchored in purpose1Password isn’t just adapting to a

Managed service providers (MSPs) can simplify client security and grow profits with 1Password, now available on Pax8 Marketplace.For MSPs to grow their businesses, they typically need to meet three overlapping goals:Provide clients with effortless, trustworthy securityBecome their clients’ long-term, strategic IT partnerEnsure their own operational efficiency and profitabilityAchieving these goals is challenging, especially in a world where both MSPs and their clients must reckon with identity sprawl, SaaS sprawl, and unsanctioned access. 1Password Enterprise Password Manager - MSP Edition is designed to help MSPs achieve all three of these goals and ensure trusted access for both MSPs and their clients.That’s why we’re thrilled to announce that 1Password Enterprise Password Manager – MSP Edition is now available to even more customers today through the Pax8 Marketplace.The industry-leading password manager for MSPs enables you to proactively protect your client data and credentials wh

AI is transforming the way we work. There are immense opportunities for automation, intelligent decision-making, and productivity gains. This transformation is a tremendous opportunity, but it also comes with tremendous responsibility, especially when security is involved. For example, AI systems can now act on behalf of users, access sensitive data across tools, and make decisions without oversight, all of which have security implications.Building AI you can trustOne broader principle we embrace at 1Password is the “principle of yes.” It’s the idea that security must enable individuals and employees to do their jobs. This underlying principle is also true of AI agents. Our goal is to enable AI agents to do what they’re designed to, but in a way that is trustworthy, secure, and follows best practices.At 1Password, we strive to make security effortless and universal. When it comes to AI, that means enabling organizations to use AI tools effectively without compromising our core security

SaaS management platforms are many and varied, offering a range of spend management and IT operations capabilities, and, in some cases, a mix of the two. For this reason, you need to be clear on your objectives from the start, and choose a product that gives you the features and capabilities you need without additional configuration.Why does SaaS management matter?It is notoriously difficult to track and manage all of the SaaS apps that individual employees and business units sign up and use. This can lead to significant negative impacts, such as:Multiple teams investing in the same type of software tools, but without the economies of scale of a single purchase orderDifferent teams using different project management software or other tools, making it hard to share information and collaborate across the businessDivisions or departments paying for more licenses than they need or use, leading to poor ROI from software appsTo make things better, many IT teams are now looking for tools that

It’s difficult for organizations to stay secure, compliant, and efficient in an ever-expanding SaaS landscape. Every time an employee joins or leaves the company, or a software vendor is added or removed, IT and security teams must grant and revoke permissions, so the right people have access to the right tools. A mistake in this process could allow an offboarded employee to maintain access to sensitive data years after they left the company, so the stakes are high.To manage this process, companies must develop a SaaS governance strategy: A security framework to manage, secure, and optimize the use of SaaS tools across departments. It defines the policies, roles, and controls that determine how users access sensitive data and resources.A critical part of a SaaS governance strategy is access reviews. Access reviews are the operational backbone of SaaS governance: Regular, structured evaluations that validate whether users still need the access they’ve been granted. Access reviews are al

Duke University is one of the most storied and prestigious learning institutions in the United States. Duke and its healthcare arm, Duke University Health System, are home to tens of thousands of students and employees.With so many coming and going from the Duke campus every day – and accessing Duke’s many state-of-the-art services within its digital network – security is a top priority for Duke’s Office of Information Technology (OIT). And like any IT department head, IT Security Office senior manager Nick Tripp knows that password security is the backbone of a sound security approach."Password managers make life easier, more secure. We're all aware that the main problem with passwords is it's hard for users to create strong passwords,” Tripp says.The trick, though, is getting everyone to use their password manager to generate and store strong passwords. Having adopted a 1Password competitor years ago, many on campus simply didn’t use it. And even those that did struggled to integrate

Omdia, a global analyst and advisory leader, recently released a report called “How Extended Access Management (XAM) closes the gaps in security.” In it, they describe how existing tools have failed to address the most serious security challenges: application sprawl, device sprawl, and identity sprawl.Each of these challenge areas has become riskier and more pervasive in recent years; app sprawl has grown with the proliferation of easily accessible SaaS, and device sprawl has increased with unsanctioned BYOD usage. But no challenge area has been transformed to the same degree as identity sprawl with the arrival of AI agents.“Agentic AI systems can perform complex tasks autonomously, but this capability requires expansive access, which introduces complexity and risk. AI agents need to integrate with numerous applications, requiring access to API keys, passwords, and sensitive business data – often without proper governance. Agents can create dozens of “non-human identities” whenever aut

At this point, it’s almost cliché to say “AI is here, and it is changing everything.” Whether it’s accelerating productivity or reshaping employee workflows, AI is ushering in a new era of operational possibilities. But as we all know, beneath this transformation lies a complex and evolving security challenge.As AI introduces new risks, we’re taking stock of the state of mind of security leaders as they are tackling these new challenges to identify where tangible solutions are most needed. To do this, we commissioned a survey of 200 North American security leaders, which revealed a core tension stemming from AI and the lack of meaningful security controls.Dave Lewis, Global Advisory CISO at 1Password, has been speaking with security leaders around the world and found that there is a shared concern over the deluge of AI tools entering their environments. Lewis said, “My favourite quote was from a CISO in the EU who said to me, ‘We have closed the door to AI tools and projects, but they

It’s that time of year. Back-to-school prep is in full swing, from last-minute shopping lists and school supplies to pick-up schedules and extracurricular activities. And with every new school year comes new passwords to manage, such as school portals and streaming services.For families looking to manage the chaos, we’ve already shared a series of back to school tips for parents and students. Since a password manager is one of the strongest ways to stay safe during the new school year, we’re also sharing this step-by-step guide to help you and your loved ones get onboarded and set up with 1Password Families, so you can get a head start on the first day of school.We’ve broken it down into a step-by-step process, complete with written instructions and video walkthroughs. If you prefer to follow along with a video, our 'How to Get Started with 1Password' video will show you exactly what the process looks like.💡 Already using 1Password and want to upgrade to 1Password Families? Follow our...

Wondering where summer went? We’ve all been there. Before you know it, the family trips and pool parties are over, and it’s time to register for classes. The horror!The start of a new school year has always been a stressful time for parents and students alike. From setting up Chromebooks to managing student portals, the school year starts digitally. That opens up opportunities — and new risks — for families navigating online education.Fortunately, when it comes to giving you a leg up, 1Password is in a class of its own. For parents and students of all ages, we’re sharing our favorite back-to-school online security tips to help keep your data safe while you stay stress-free.It’s time to set up both yourself and your family for a simpler and easier back-to-school season, all while creating habits that will keep your family safer in the years to come.Know the tools, know the risks: AI and online safetyThe online world is changing every day. That means that however tech-savvy you are, you

SaaS sprawl and shadow IT create significant security vulnerabilities, exposing organizations to unmanaged apps, unauthorized access, and compliance risks. It’s simply not enough to secure access to the applications you’re actively managing. You also need to secure everything else. That’s one of the reasons we acquired 1Password SaaS Manager (formerly Trelica by 1Password) earlier this year.Organizations must be capable of identifying and managing applications that are used outside of IT and security’s purview. We’ve also seen some organizations have a need or desire to incorporate this underlying data from 1Password SaaS Manager into their LLMs and AWS environments, which brings us to today’s announcement.Introducing the MCP Server for 1Password SaaS ManagerThe MCP Server for 1Password SaaS Manager by 1Password provides secure integration between AWS and the Trelica API, enabling deep visibility into SaaS usage, user access, and app activity in Trelica without leaving AWS-native workf

AI agents are rapidly transforming how software is accessed, operated, and integrated, such as automating workflows, calling APIs, and interacting with tools and SaaS platforms on behalf of users. This paradigm unlocks powerful new capabilities, but it also raises urgent questions about how sensitive data, especially credentials and secrets, should be managed.At 1Password, we’re building for this future with security at the center. As we explore protocols like the Model Context Protocol (MCP), we are defining clear boundaries. MCP enables AI agents to efficiently interface with APIs, but these data flows often rely on non-deterministic components such as LLMs, whereas authentication requires deterministic, auditable flows. In fact, MCP specifies OAuth 2.1 for authorization, separate from the MCP data protocol interaction with the actual resource servers. Mixing these two modes, secrets and probabilistic inference, violates the model’s integrity and creates unnecessary risk. This is why