|
This video is part of the appearance, “1Password Presents at Security Field Day 14“. It was recorded as part of Security Field Day 14 at 13:00-15:00 on September 25, 2025.
Watch on YouTube
Watch on Vimeo
Anand Srinivas discusses 1Password’s security-first approach to AI, and shows how our principles inform the AI-related capabilities we’re building. Our first area of focus is ensuring secure access for AI agents via the 1Password SDK, so agents receive timebound, auditable access without the use of hardcoded credentials. In addition, Srinivas shows how our products enable customers to discover and block unapproved genAI tools. This approach is guided by core principles, including adhering to the same zero-knowledge architecture for AI as for user credentials, ensuring authorization is deterministic rather than probabilistic, and never placing raw credentials into an LLM’s context window. 1Password recognizes that agentic AI is fundamentally different from traditional applications; it’s probabilistic, often acts on behalf of a human, and behaves like a hybrid of a user and an application. This unique nature scrambles the traditional, siloed methods of managing secrets for applications versus the workforce, creating a need for a single, unified source of truth for all credentials.
To address these new challenges, 1Password is developing solutions to secure how AI agents and developers interact with sensitive data. One demonstration showed how their SaaS management tool, Trelica, can connect to an LLM through a Model Context Protocol (MCP) server, allowing an AI like Claude to answer questions about enterprise contracts without ever accessing raw credentials. This highlights a way to leverage AI’s power while maintaining strict data governance. The presentation also previewed a significant security enhancement for developers who often “vibe code” and hardcode secrets. A new feature will allow developers to import secrets from a plain-text environment file directly into a secure 1Password vault with a single click, replacing the vulnerable local file with a securely mounted one that requires authentication to access, thus preventing accidental exposure in code repositories.
1Password is extending its reach to secure emerging AI-native platforms. They announced a partnership with the AI browser Perplexity, becoming the exclusive launch partner for password management to ensure users can interact with these new tools securely from the start. This move, along with their work on securing developer workflows and programmatic AI access, demonstrates 1Password’s strategy to apply its user-friendly, security-first philosophy to the entire AI ecosystem. While specific solutions for providing agentic AI with timebound, auditable access are still forthcoming, the company has clearly identified the core problems and is building a framework to solve them, positioning the password manager as a central component of an enterprise’s AI security strategy.
Personnel: Anand Srinivas