Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This is the second post in a series that follows 1Password’s response to NIST’s call for input on how those principles should apply to agents. In our last post on agent identity, we introduced why the ability to reason makes agents fundamentally different from traditional machine workloads, why it breaks the assumptions traditional identity and access management was built on, and why real-time attestation establishes agent identity at runtime.

Leading Managed Service Provider (MSP) distributors aren’t just adding identity tools to their marketplace. They are redefining the criteria for partnership within their ecosystems. For years, joining a major distributor’s marketplace was primarily a commercial transaction. Submit your business details, pass some basic onboarding checks and sell away. Identity security was an afterthought, a product category rather than a partnership requirement. Those days are gone.

Password managers are among the most helpful security tools available, offering strong password generation and encrypted credential storage. However, attackers are beginning to target password managers by exploiting the device registration flow, which is the process used to verify and approve a new device before it can access a user’s vault. By brute-forcing the One-Time Passwords (OTPs) that protect this step, attackers can register unauthorized devices and download copies of encrypted vaults.

Today we're shipping a new capability directly into 1Password Device Trust that lets admins query their fleets faster, without needing to be SQL experts. Now you can describe what you want to investigate in plain English, and Device Trust generates a ready-to-run SQL query you can execute across your devices in a single click.

1Password has been recognized as a leader in the 2026 Gartner Magic Quadrant for SaaS Management Platforms.

AI agents now write code, fix bugs, and ship to production. But in order to do useful work, agents require credentials. At 1Password, one of our core AI security principles is that raw credentials should never be directly exposed to LLMs, but all too often, that’s exactly what happens: most teams sacrifice security for speed and hand agents secrets in plaintext.

Information Technology (IT) security is the practice of protecting an organization’s systems, data and networks from unauthorized access and cyber threats. It encompasses a wide range of processes, policies and technologies designed to secure everything from employee devices to cloud infrastructure.