Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most organizations already have the policies they need in place. The problem is enforcement.

To support enterprise workflows like monitoring systems, triaging support tickets, and automating routine work, AI agents need access to the same sensitive systems employees use, including databases, APIs, SaaS tools, and internal infrastructure. However, many of these systems still rely on shared passwords, API keys, tokens, and other credential-based access paths that are difficult to manage and control.

Most organizations can tell you which apps sit behind SSO. Far fewer can tell you what other apps teams are using, or who has access to the credentials.

At 1Password, our mission is simple: to protect people’s most critical information, their credentials. At the time of writing this post, I personally have 291 items in my vault, so the long-term confidentiality of this data is critical to myself and every 1Password user. We are thrilled to announce the first major milestone in our post-quantum cryptography (PQC) journey, the successful deployment of PQC on 1Password’s web application.

Every year, security and tech leaders come to the RSA conference in San Francisco to take the industry’s pulse, and every RSAC tends to be dominated by a single, overarching theme. Last year, the theme was: “AI agents are coming, and governance isn’t ready.” And sure enough, the theme of RSAC 2026 was: “AI agents are here, and governance needs to catch up.”

If 2025 was the year of AI adoption, 2026 is when AI evolves from a software story to a people story. Katya Laviolette, our Chief People Officer, explored this idea in a recent Forbes article about how 1Password’s internal network of AI Champions is shaping this evolution and helping us set the standard for how we use AI to drive impact across 1Password.

We built 1Password Unified Access to extend identity security beyond humans to the agents and machine workloads operating across your business. In practice, that means securing not just who gets access, but how agentic systems connect to tools, services, and data.

Automating user provisioning sounds simple, until you remember everything that provisioning really touches.

Modern enterprises aren’t just adding employees; they’re adding subsidiaries, multiple teams, contractors, AI builders, temporary projects, and new SaaS tools every week.

SaaS contract renewals have a way of sneaking up on IT and Finance teams. One day, everything is running fine. The next, a renewal notice hits your inbox, usually with little context, limited time, and no clear answer to the most important questions: Who’s using this? Do we still need it? And are we paying for more than we should?