Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Passwords remain the most widely used and weakest authentication method in the enterprise. They’re still responsible for the majority of breaches, and IT teams spend an outsized amount of time simply managing them. It’s no wonder that security leaders are shifting toward passwordless authentication, a more secure and phishing-resistant approach that replaces traditional credentials with biometrics, passkeys, and FIDO2-compliant sign-ins.

SaaS sprawl – the proliferation of applications within an organization, including unsanctioned shadow IT – has created an urgent need for IT and security leaders: keeping sensitive data secure while enabling employees to use the apps they need. That’s why we feel that Trelica by 1Password’s inclusion in the 2025 Gartner Magic Quadrant for SaaS Management Platforms marks more than just a milestone. It signals the growing need for unified SaaS governance and security.

Admin and developer secrets – such as SSH keys, API keys, and database passwords – are the essential credentials that let developers access the systems they need to do their jobs. If these secrets are compromised, they can grant particularly dangerous levels of unauthorized access, giving bad actors access to an organization’s most sensitive data and mission-critical systems.

In the modern, hybrid workplace, employees have more control than ever over the devices they use for their jobs. In fact, 56% of employees say that they have worked on a personal “bring-your-own” device (BYOD) in the last year. This is despite the fact that 89% of security pros say that their company doesn’t allow BYOD. Clearly, there’s a disconnect between security policies and worker behaviors.

AI agents are evolving fast — from helpful assistants to autonomous actors that can browse the web, analyze data, resolve customer service issues, assist in generating code, book travel, and more. As these agents take on more responsibilities, it’s crucial that the security model around them keeps up.

It’s been a year since we announced 1Password Extended Access Management, and in that time, it’s become clearer than ever that we are facing a major shift in how workers use technology to drive productivity. Whether it’s through organizations embracing the use of AI agents or tech-savvy employees independently seeking out any tool or application they need, the way we work has fundamentally evolved. And cybersecurity must evolve with it.

Compliance without access control is incomplete. Security without continuous compliance is inadequate. With 1Password Extended Access Management and Drata, companies can finally unify these efforts—closing the Access-Trust Gap while accelerating audit readiness, improving security posture, and building trust overall. “Security and compliance are inseparable, especially as SaaS sprawl and AI adoption introduce new layers of complexity and risk,” says David Faugno, Co-CEO of 1Password.

Last year, we introduced 1Password SDKs — production-ready, open source libraries for Typescript/JavaScript, Python, and Go — to support secure access to secrets stored in 1Password. Today’s release expands those capabilities to provide full programmatic access to 1Password items, including creating, reading, updating, deleting, listing, and sharing information stored in vaults.

Helping you stay secure and productive is why we do what we do at 1Password. Whether it’s managing sensitive information across devices or streamlining your day-to-day workflows, you need to protect what matters most, at home and at work. Every day, your feedback helps us find ways to improve 1Password so we can better fit your needs. And with every release, we aim to bring you more features you’ll love.