Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- AI agents need credentials, creating a growing enterprise risk.
- 1Password launches Unified Access to manage human and AI secrets.
- Platform discovers, secures, and audits credentials across environments.
Let’s talk for a minute about AI agents. You can think of them as digital virtual employees who are tasked with performing certain jobs. In fact, you can make a fairly good analogy between AI agents running around your network and human workers.
Back in the days before Zoom, I used to do a lot of business traveling. At the time, I had a cat named Sammy. I had to leave her home whenever I went on one of these trips. After her first experience in a kennel (which did not go well), I vowed to never kennel her for a trip ever again.
Also: Is your AI agent a security risk? NanoClaw wants to put it in a virtual cage
Instead, I hired a friend of a friend to come into my apartment a few times a day to feed her, play with her, and keep her company. Even though this practice was necessary, I always had some big worries. First, Sammy was not an outside cat. What if the cat caregiver let her out? What if the cat caregiver decided to muck around with my stuff?
I always got the key back from the cat watcher once I got home, but did they make a copy? Should I change the lock after the trip? For a while, I flew monthly. Would I need to change the lock every month? Fortunately, nothing went wrong. But the worry was there.
These are the types of problems we’re starting to face with AI agents (except much worse). For agents to do their jobs, they need to have access to many key systems and data sets. They need to be able to log in. They need access keys, passwords, API keys, and credentials of all sorts.
The big hairball of a problem is that there haven’t been unified systems for managing agent access. Instead, developers have been pasting API keys right into their code, putting passwords into text files, and even sometimes pasting entire credential sequences into AI prompts.
1Password, many agents
I’m not the only person waking up in the middle of the night in a cold sweat worrying about the implications of this.
The folks at 1Password have been noodling on this problem for quite some time. Today, it is announcing Unified Access, an AI agent credential management tool that is designed to help organizations securely manage the access control challenges that armies of AI agents introduce.
Also: AI agents are fast, loose, and out of control, MIT study finds
The Unified Access offering is available now (with the exception of an audit capability, which is coming soon). It provides tools to discover, secure, and eventually audit network access across both human and AI identities.
If you think this is similar to Microsoft’s Agent 365 identity management product announced last week, you aren’t wrong. I predict we’ll see more. Once companies started to widely deploy agents, the ID management challenge became fairly immediately apparent.
I’ve been noticing a trend recently. AI is moving so fast, and companies are engineering so quickly to accommodate and solve emerging problems, that we’re seeing regular cases of parallel evolution. As a new problem emerges because of a previous innovation, a bunch of companies simultaneously announce solutions designed to fix the emerging problem. That’s the case now with agentic credential management.
1Password’s approach is considerably less Microsoft-centric than Agent 365, but it also focuses on protecting credentials, secrets, and machine identities as AI systems begin performing actions across enterprise environments.
AI agents introduce new identity and credential risks
“AI adoption is reshaping our threat model,” said Heather Cannon, Director of Security at DigitalOcean. Think about those seven words. That’s a wow right there. David Faugno, CEO of 1Password, amplifies that thought, saying, “Agents are now operating inside real production environments.”
That’s the challenge. AI tools are rapidly moving from experimental curiosities to fully empowered virtual workers in production environments. They call APIs, execute workflows, and access infrastructure on behalf of users. These automated systems often rely on the same credentials developers use to access internal APIs, infrastructure, and enterprise data.
Also: OpenClaw is a security nightmare – 5 red flags you shouldn’t ignore (before it’s too late)
Cannon says, “For DigitalOcean, it’s no longer only about individuals mishandling credentials. We need clear visibility into which AI systems are operating across our environment.” She says that 1Password’s new solution can help it better understand and govern AI usage, with the goal of reducing so-called shadow AI risks, and scale AI adoption in a way that’s enterprise safe.
Discovering embedded risks enterprise-wide
Confusingly, 1Password calls its new offering a “platform model.” This is not an AI model, as in large language model. Instead, it is really a platform offering that uses a three-step paradigm: discover existing agents and credentials, secure them through a centralized vault infrastructure, and provide strong audit trails describing how access is used.
The discovery component is meant to discover existing flaws, places where keys and passwords are already deployed and need to have better management controls. The platform identifies AI tools and agent activity across endpoints, browsers, and local environments. Using the tools provided by 1Password, security teams can detect exposed credentials, including plaintext environment files and unencrypted SSH keys.
Also: Why enterprise AI agents could become the ultimate insider threat
Of course, to carry out this discovery process enterprise-wide, you have to grant 1Password’s system some level of deep enterprise-wide access. That may be necessary if you want to rein in the AI access excesses of the past few years, but it is also a massive risk all on its own.
Centralized credential vault replaces embedded secrets
In an email Q&A, Nancy Wang, CTO of 1Password, told ZDNET, “Instead of storing credentials locally or embedding them in scripts, credentials can be securely retrieved from the vault and used only at the moment they are needed.”
The platform centralizes credentials inside a secure vault instead of embedding secrets directly in prompts, scripts, or configuration files.
Also: Nvidia bets on OpenClaw, but adds a security layer – how NemoClaw works
Wang says, “Developers reference secrets through 1Password rather than embedding them directly in code or environment variables. At runtime, 1Password resolves the reference, enforces policy, and delivers the credential only to the process that needs it, with every access event logged according to organizational policy.”
Security teams can see which credential was used, which system requested it, and the identity responsible for the action. The idea is to reduce reliance on API keys and secrets that remain valid indefinitely.
Integrations with AI developer and infrastructure platforms
Of course, gaining access to every tool a developer or enterprise might use is a big job. Many tools don’t work and play well with others. To counter this problem, 1Password is teaming up with many tool and enterprise vendors to embed support directly in their offerings.
Initial collaborations announced at launch include AI developer tools such as Cursor and GitHub, along with cloud and developer platforms, including Vercel.
“As agentic coding tools become part of how modern teams build and ship software, security needs to integrate directly into the developer workflow,” said Talha Tariq, CISO at Vercel. “Through our partnership with 1Password, we’re making it easier for developers to access credentials securely within the tools and environments they already use, so they can move quickly without compromising on sound security practices.”
Also: AI agents of chaos? Research shows how bots talking to bots can go sideways fast
Cursor and GitHub use the 1Password offering to secure developer workflows across IDEs, cloud sandboxes, and CI/CD pipelines. Extensions are now available for Cursor agents and GitHub Actions, with more expected.
1Password is also working with players who offer AI infrastructure, agent control planes, MCP gateways, and AI browsers, with implementations to be announced soon.
1Password’s CTO answers our questions
I asked 1Password a number of questions. CTO Wang was kind enough to answer them, apparently while she was on a plane. We definitely appreciate her going above and beyond, literally.
In response to a question about the 1Password user interface, she told me, “Yes, it’s the same interface that people know and love. Through Unified Access, we’re extending the interfaces people already use, like the 1Password extension, CLI, and APIs, into the environments where agents actually run.”
I tried to nail down the interaction experience. Where, exactly, are the credentials managed and how? She said, “The way agents interact with 1Password extends that familiar experience into the environments where agents operate. At a high level, we think of agents as a new class of identity that needs secure access to credentials in order to act on behalf of users or systems.”
Also: How I switched password managers without losing a single login
She said, “In this environment, 1Password serves as the trusted system of record for those credentials. Rather than embedding secrets directly in prompts, code, or agent memory, agents can retrieve credentials from the 1Password vault when they need them.”
In response to how this approach will be incorporated in code, I was told, “Developers reference secrets through 1Password rather than embedding them directly in code or environment variables. At runtime, 1Password resolves the reference, enforces policy, and delivers the credential only to the process that needs it, with every access event logged according to organizational policy.”
If you think back to the beginning of the article, and my concern about sharing keys with my cat’s pet sitter, recall that I obsessed over the question of whether I should change the lock after every trip.
In a virtual world, that becomes possible. Wang told me, “If a credential needs to be rotated, it can be done in the vault, and all agents with access to the vault will have access to the new credential, so it doesn’t need to be updated on an agent-by-agent basis.”
Fundamentally, 1Password is building a single source of truth for credentials in the agentic space. It’s complex as heck, but since we’re never going to be able to put the agentic genie back in its bottle, security tools like Unified Access and Agent 365 can’t come too soon.
What about you?
Are AI agents already running inside your organization’s workflows, or are you still experimenting with them? How are you managing the credentials and access those agents require? Do you think centralized vault approaches like 1Password’s Unified Access and Microsoft’s Agent 365 are heading in the right direction?
Also: 1Password hikes its prices: Here are your free or cheap alternatives
Are you concerned about agents using the same credentials as human developers, or do you see that as manageable with the right tooling? How much visibility do you think companies really have today into what their automated systems are doing? Let us know in the comments below.
You can follow my day-to-day project updates on social media. Be sure to subscribe to my weekly update newsletter, and follow me on Twitter/X at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, on Bluesky at @DavidGewirtz.com, and on YouTube at YouTube.com/DavidGewirtzTV.
