1Password

AI isn’t just introducing new risks, it’s exposing how quickly the traditional security models break down. In a conversation with Rob Pegoraro at Fast Company, 1Password’s CTO, Nancy Wang, put it simply: “AI is both a threat and a tool, and companies have to approach it as both.” Employees are adopting tools faster than security can keep up, and agents are starting to act on their behalf. That’s the tension organizations are navigating now as AI is changing who and what gets access. But the answer isn’t to slow AI down. It’s to rethink access across both human and non-human identities, in a way that adapts in real time. Security can no longer rely on static controls, it has to move at the speed of work. Read the full feature: https://lnkd.in/e4ew2wcX #AI #Cybersecurity #AIsecurity #1Password

I recently spoke at HumanX San Francisco alongside Nancy Wang, CTO of 1Password, and Edo Segal, CTO of Napster Corp., with Michael Nuñez from VentureBeat moderating. One idea that stood out from the conversation is that most of us are still underestimating how fast AI autonomy will evolve over the next few years. Right now, AI agents are largely reactive, meaning a user asks and it responds. But my sense is that we're moving toward a world where agents act without waiting to be prompted, surface issues before you notice them, take action in the background, and own entire workflows end-to-end. I think that shift is happening faster than most people expect, and it brings real challenges with it. Knowing when to let an agent run, when to have a human step in, and how to build the right guardrails around autonomous action is a muscle most organizations haven't had to develop yet. That's the work ahead and something we’re thinking a lot about at Decagon. Really appreciate the conversation and the perspectives shared across the group.

OAuth connections may be fast and familiar, but they can also unintentionally fast-track a breach. When a connected third-party service is compromised, attackers don't need to bypass authentication. The token is valid. The permissions are already in place. Recent incidents following this pattern demonstrate how credential sprawl can become a supply chain risk. Our latest blog outlines more durable approach with a few key shifts: 🔹 Treat discovery as ongoing, not periodic. You need a continuous view of what's connected via OAuth and how it's being used. 🔹 Shorten credential lifetimes. A token that expires quickly is far less useful if it's exposed. 🔹 Keep environments separate. Development credentials should never carry over into production. 🔹 Centralize credential storage and issuing access at the moment it is needed helps contain the spread of credentials into uncontrolled spaces. 🔹 Monitor how access is used, not just granted. Valid credentials used in unexpected ways won't trigger traditional detection. Build a baseline so deviations are easier to spot. The answer isn't preventing every connection. It's understanding where those connections exist, how much access they carry, and how that access is being used over time. Read the full breakdown: https://bit.ly/4u6GX8L #Cybersecurity #IdentitySecurity #ZeroTrust #AccessManagement

At 1Password, we applied agentic tooling to refactor a multi-million-line Go monolith. Here, we share what worked, what broke, and what it means for teams adopting AI in production systems ⤵️ 🔹 Agents excel at well-defined, bounded tasks. We migrated 3,000+ call sites in hours, work that had been in the backlog for months. The key was a fully specified playbook with explicit failure modes and clear escalation paths. 🔹 Incomplete specifications don't produce no output. They produce implicit ones. When context is missing, agents fill the gaps, and those assumptions can cascade quickly. In one case, requiring a full session rollback. 🔹 The bottleneck isn't code generation. It's managing decisions that have ordering constraints and are hard to reverse. There's a bigger shift here too. AI agents are becoming a new class of actor in production systems, introducing non-determinism, persistence, and scale that traditional security models weren't designed to handle. That has implications for engineering workflows and for how access and trust are managed across systems. Read the full breakdown: https://bit.ly/3Otpecv #AIAgents #SoftwareEngineering #Cybersecurity #TechnicalLeadership #AI

Balancing speed and risk has always been a part of the CISO role, and AI only makes that balance more visceral. We’re at a point where adopting AI too slowly can be just as risky as adopting it too quickly. Threat actors are already using AI to automate attacks and hunt for vulnerabilities, so defenders must adopt AI capabilities to keep pace. I sat down with Brianna Monsanto at IT Brew to talk about how we’re approaching this at 1Password . We’re focused on giving teams a way to experiment, with guardrails around access and data use. We’re learning and adjusting weekly. You can read more about it here: https://lnkd.in/eexjkDFs

Browsers can store passwords. That doesn't mean they should. 🔐 Browser-based password managers weren't built to scale with your team. The result? Credential sprawl, visibility gaps, and admin headaches. 1Password Enterprise Password Manager secures access for growing teams with centralized control, clear visibility into access and risk, and seamless onboarding and offboarding. And, migrating is easier than you think. Swipe to learn where browser-based password managers fall short, and see what IT admins actually need to close the security gaps 👉 https://bit.ly/48bFXHS #1Password #AccessManagement #IdentitySecurity #ITSecurity

Anthropic revealed Mythos, a frontier AI model capable of autonomously discovering and exploiting vulnerabilities at scale. The window between vulnerability discovery and time-to-exploit has collapsed to hours, or less. But speed isn't the whole story. Breaches don't happen simply because AI collapses the time-to-exploit. Breaches happen when a vulnerability leads to credentials, tokens, or keys that give an attacker access. Trying to patch every vulnerability will prove impossible. Access is the defining control point. Dave Lewis, 1Password Global Advisory CISO, contributed to a new industry paper led by Cloud Security Alliance that explores what happens when AI can find and exploit vulnerabilities faster than humans can respond, and how organizations should adapt. As organizations work toward “Mythos-ready” resilience, here are the priorities ⤵️ 🔹 Invest in patch management and access management = blast radius containment 🔹 Implement hardware-backed authentication 🔹 Treat AI agents as a distinct identity class, with scoped, least-privilege permissions 🔹 Automate secret rotation: Replace long-lived credentials with short-lived tokens This isn't a storm that will pass. It's a permanent shift in the threat landscape, and the best time to prepare is now. 👉 https://bit.ly/4tiBqfm #Cybersecurity #AISecurity #IdentitySecurity #Mythos #AccessManagement

Last quarter, we donated $12K USD to 29 non-profit organizations nominated by our team members, supporting local communities around the world. Through our Giving Fund program, we’re proud to empower our people to give back to causes that matter most to them, from poverty reduction and healthcare to animal welfare. 💙 Hear from Weston Fillman, Director, People Operations and Employee Relations, about what being able to support Tandem, Partners in Early Learning an organization creating equitable early learning experiences in the Bay Area, means to him. #1Passwordforgood #1Passwordlife #givingback #corporategiving #socialimpact