Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The enterprise AI crisis: Unsanctioned tools and unenforced policies

Unsanctioned AI tools. Patchy access controls. Unmanaged apps and devices. And of course, compromised credentials. These are the issues revealed in the 1Password Annual Report 2025: The Access-Trust Gap. The report is based on a survey of over 5,000 knowledge workers, IT and security professionals, and CISOs, and it captures a moment of profound technological and cultural transition.

An Identity Security taxonomy for Agentic AI

Agentic AI is a fundamentally new paradigm. AI agents can interact with various tools and act dynamically and probabilistically as they encounter new inputs. That means they end up falling somewhere between an application and a user in terms of how they operate. Indeed, the interaction with other applications is what gives agentic AI its power; however, this also has implications for identity security and access management.

Introducing new .env file support in 1Password environments

The new.env destination in 1Password environments makes it easy for developers to use and collaborate on.env files securely, right from the desktop app. 1Password environments provide a secure workspace to store, organize, and manage project secrets – the same credentials you would normally handle as environment variables. Each environment acts as a dedicated space for a project or app, helping teams manage and maintain consistent credentials.

Closing the credential risk gap for AI agents using a browser

AI agents increasingly are completing real tasks in the browser, acting on behalf of employees, and connecting to the same systems humans rely on to get work done. This introduces a new security problem: AI agents require credentials – passwords, API keys, and one-time codes – to operate. As agents proliferate, the risk surface increases and it brings a variety of identity and access management challenges.

Microsoft and Dropbox password managers are sunsetting: What it means and what to do next

Your password manager might be closing up shop, putting your digital security at risk. In recent months, two major tech players – Dropbox and Microsoft – have discontinued their built-in password manager features. If you’ve been relying on Microsoft Authenticator or Dropbox Password, it’s now time to decide how you’ll protect your accounts going forward.

1Password announces new integration with Zscaler

A new integration between 1Password Device Trust and Zscaler marks the first step in helping our shared customers implement Zero Trust practices. 1Password is proud to announce a new integration with Zscaler, a leading cloud-based solution for Zero Trust network access (ZTNA). This marks a shared commitment to helping our customers secure access, reduce their attack surface, manage AI app sprawl, and practice the principles of Zero Trust.

What security leaders need to know about mergers and acquisitions

For security teams, the stakes are rarely as high as they are during mergers and acquisitions (M&A). Suddenly, you’re tasked with managing two companies' worth of devices, applications, identities, and data. There can be serious issues lurking within the newly acquired (or soon-to-be-acquired) company, including legacy systems, poorly vetted third-party contractors, and incompatible security policies.

Clickjacking: What it means for 1Password users

This blog details how 1Password has addressed clickjacking in the latest version of our browser extension (version 8.11.7). We have no indication that this class of vulnerability directly puts 1Password’s systems at risk. Clickjacking is a technique where a malicious or compromised webpage visually disguises or overlays elements of a page or browser extension, like the autofill menu, so that a user unintentionally clicks on them.

Do any CISOs feel lucky?

There are two enormous cybersecurity events each year in the United States: RSA Conference and the week in Vegas that is so full of conferences, summits, and ancillary events that it’s simply known as “Hacker Summer Camp.” From Security BSides Las Vegas to Black Hat and DEF CON, it takes the fortitude of a camel to survive the desert heat and the late nights.