Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Don't bring exposed developer credentials to Black Hat

Black Hat is where the security industry gathers to compare notes on what works. In recent years, supply chain attacks have been a recurring topic, and the 2026 Verizon Data Breach Investigations Report shows security teams are struggling to find a solution. According to the report, third-party involvement increased by 60% over the last year and now accounts for 48% of all breaches.

How IT can reduce credential risk across every department

Credential sprawl has long been an issue IT and security teams have had to grapple with, and solutions like single-sign-on (SSO) have never been able to contain it completely. Now, AI is accelerating the problem. AI agents need access to credentials at an unprecedented scale, leaving IT and security teams struggling even more to ensure that every credential, across every department, is secure.

Braintrust's Ankur Goyal: Code review doesn't cover prompts

Zero-Shot Learning is a podcast about how AI gets built, secured, and deployed. Hosted by Nancy Wang, 1Password CTO, and Dev Tagare, Senior Director of Engineering at Google, it’s a builder’s view of the architecture and the decisions it takes to ship with AI.

Scaling security reviews at 1Password: Building an AI-powered pipeline

The developers and engineers here at 1Password are always working to improve our products. With all the active development to introduce features, fix bugs, and enhance the overall user experience, numerous code changes go into every release. We strive to ensure each iteration is better than the last and that new code doesn’t introduce vulnerabilities. A key part of this process is our Product Security (ProdSec) team’s review of all code changes that may have security implications.

Agent identity architectures: Delegated, bounded, and autonomous

This is the second post in a series that follows 1Password’s response to NIST’s call for input on how those principles should apply to agents. In our last post on agent identity, we introduced why the ability to reason makes agents fundamentally different from traditional machine workloads, why it breaks the assumptions traditional identity and access management was built on, and why real-time attestation establishes agent identity at runtime.

Introducing AI-assisted query creation in 1Password Device Trust

Today we're shipping a new capability directly into 1Password Device Trust that lets admins query their fleets faster, without needing to be SQL experts. Now you can describe what you want to investigate in plain English, and Device Trust generates a ready-to-run SQL query you can execute across your devices in a single click.

1Password + Kiro: Trusted Access for AI-Powered Development

AI agents now write code, fix bugs, and ship to production. But in order to do useful work, agents require credentials. At 1Password, one of our core AI security principles is that raw credentials should never be directly exposed to LLMs, but all too often, that’s exactly what happens: most teams sacrifice security for speed and hand agents secrets in plaintext.

Cursor's Head of Security: Never trust the agent writing your code

"The hardest thing in security is always the chaos," according to Travis McPeak, Head of Security at Cursor. He shared this with Nancy Wang, CTO of 1Password, and Dev Tagare, Senior Director of Engineering at Google, on a recent episode of Zero-Shot Learning, the podcast about how AI gets built, secured, and deployed. "We're always going to have more that we have to be doing than we can actually do.".