Principles in Practice: Raw credentials should never be shared with LLMs

If you wouldn’t hand your house keys to a delivery driver, why hand your credentials to AI?

In this Principles in Practice video, Anand Srinivas, VP of Product & AI at 1Password, explains a critical rule for secure AI use: Raw credentials should never be shared with large language models.

Instead of sharing secrets, use them securely:
❌ Don’t send raw credentials over the data channel of a protocol like MCP
✅ Use proxies and secure autofill instead of sharing secrets
✅ Keep credentials out of prompts, embeddings, and fine-tuning data

🎥 Watch the video and learn more about the security principles guiding 1Password’s approach to AI here: https://1password.com/blog/security-principles-guiding-1passwords-approach-to-ai