1Password Presents at Security Field Day 14

How 1Password Extended Access Management is Securing the Future of Work

Watch on YouTube
Watch on Vimeo

1Password is the leader in Extended Access Management, a new category of security that addresses the gaps in access management created by app, identity, and device sprawl. Our platform is composed of three products: our Enterprise Password Manager, Trelica by 1Password, and 1Password Device Trust. In this presentation, Jason Meller and Leya Leydiker explain the Access-Trust Gap facing modern organizations, and explore how our password manager acts as the foundation for our suite of solutions. This “Access-Trust Gap” is defined as the combination of unmanaged devices, shadow IT applications, and sprawling identities that fall outside the purview of traditional security tools like Identity Providers (IDPs) and Mobile Device Management (MDM). Because 1Password is used to store credentials that these other systems don’t cover (like API keys), the company has unique visibility into this growing problem. Their Extended Access Management platform aims to close this gap by providing unified visibility and complete control. The presentation demonstrated this by showing how 1Password Device Trust could detect an unencrypted SSH key on a developer’s laptop, block access to a sensitive app like GitHub, and then seamlessly guide the user to secure that key within their 1Password vault, thereby fixing the issue and training the user simultaneously.

The foundation of this strategy is 1Password’s Enterprise Password Manager (EPM), which secures every step of the user journey, not just the initial login. The platform’s success is rooted in its user-first design philosophy, which stems from its origins as a consumer application. This focus on making the secure way the easy way drives user adoption and reduces friction, which in turn minimizes help desk tickets for things like password resets. The EPM handles not only passwords but also API keys, SSH keys, passkeys, and one-time passcodes (OTPs), allowing it to serve as a single, secure vault for all types of credentials. This capability enables secure sharing among teams, such as a social media team sharing a single login with MFA. Crucially, all of this is built on a “zero knowledge” security model, meaning user data is encrypted locally on their device, and 1Password itself cannot access it, ensuring credentials remain secure even in the event of a breach.

Personnel: Jason Meller, Leya Leydiker

How 1Password is Building Agentic AI Security and GenAI Discovery

Watch on YouTube
Watch on Vimeo

Anand Srinivas discusses 1Password’s security-first approach to AI, and shows how our principles inform the AI-related capabilities we’re building. Our first area of focus is ensuring secure access for AI agents via the 1Password SDK, so agents receive timebound, auditable access without the use of hardcoded credentials. In addition, Srinivas shows how our products enable customers to discover and block unapproved genAI tools. This approach is guided by core principles, including adhering to the same zero-knowledge architecture for AI as for user credentials, ensuring authorization is deterministic rather than probabilistic, and never placing raw credentials into an LLM’s context window. 1Password recognizes that agentic AI is fundamentally different from traditional applications; it’s probabilistic, often acts on behalf of a human, and behaves like a hybrid of a user and an application. This unique nature scrambles the traditional, siloed methods of managing secrets for applications versus the workforce, creating a need for a single, unified source of truth for all credentials.

To address these new challenges, 1Password is developing solutions to secure how AI agents and developers interact with sensitive data. One demonstration showed how their SaaS management tool, Trelica, can connect to an LLM through a Model Context Protocol (MCP) server, allowing an AI like Claude to answer questions about enterprise contracts without ever accessing raw credentials. This highlights a way to leverage AI’s power while maintaining strict data governance. The presentation also previewed a significant security enhancement for developers who often “vibe code” and hardcode secrets. A new feature will allow developers to import secrets from a plain-text environment file directly into a secure 1Password vault with a single click, replacing the vulnerable local file with a securely mounted one that requires authentication to access, thus preventing accidental exposure in code repositories.

1Password is extending its reach to secure emerging AI-native platforms. They announced a partnership with the AI browser Perplexity, becoming the exclusive launch partner for password management to ensure users can interact with these new tools securely from the start. This move, along with their work on securing developer workflows and programmatic AI access, demonstrates 1Password’s strategy to apply its user-friendly, security-first philosophy to the entire AI ecosystem. While specific solutions for providing agentic AI with timebound, auditable access are still forthcoming, the company has clearly identified the core problems and is building a framework to solve them, positioning the password manager as a central component of an enterprise’s AI security strategy.

Personnel: Anand Srinivas

Getting Visibility and Control over SaaS Sprawl with 1Password Extended Access Management

Watch on YouTube
Watch on Vimeo

SaaS sprawl creates a number of serious issues for companies: wasted budget, the exposure of sensitive data via unsanctioned apps, and disjointed access management for apps outside SSO. Jason Meller walks through how 1Password helps our customers discover, manage, and secure their entire SaaS ecosystem – even non-SSO apps – via 1Password Device Trust and Trelica by 1Password. This problem has exploded as employees have gained more autonomy to choose their own tools, creating a significant visibility challenge for IT and security teams. 1Password addresses this by using its Device Trust agent to discover the full scope of application usage across an organization. The agent provides deep visibility by identifying browser visits, desktop apps, browser extensions, and even IDE plugins across Windows, macOS, and Linux, all while providing users with a privacy center to understand what data is being collected. This is particularly effective for discovering modern AI tools, which often have multiple components; for example, the agent can detect not only the ChatGPT website but also its native desktop app and VS Code extension.

Once these applications are discovered, 1Password provides nuanced control that goes beyond simple blocking. For a tool like ChatGPT, an administrator can create a policy that doesn’t just ban it but instead ensures employees are using the sanctioned corporate workspace. If a user is detected using a personal account, Device Trust can block them from accessing sensitive company resources until they switch to the approved account, educating the user on the policy in real time. This discovery and control capability is further enhanced by Trelica by 1Password, a SaaS management platform that acts as a single pane of glass for app governance. Trelica integrates with IDPs, financial systems, and its own browser extension to discover shadow IT, manage licenses, and automate complex onboarding and offboarding workflows across hundreds of integrated applications.

Ultimately, these components come together in the 1Password App Launcher, which provides a unified and seamless sign-in experience for end users. The launcher presents all of a user’s applications, whether they are federated through an IDP or require a username and password. When a user clicks an icon, 1Password handles the authentication details in the background—either navigating the SSO flow or autofilling credentials and TOTP codes—while transparently enforcing device trust checks. This creates “experiential uniformity” for the user, allowing IT and security teams to improve security behind the scenes, such as upgrading an app from password-based login to federated SSO, without disrupting the user’s workflow. This holistic approach is central to 1Password’s mission to secure every sign-in to every app from every device.

Personnel: Jason Meller