1Password launches Unified Access to protect logins, tokens, and secrets used by AI agents

1Password has introduced Unified Access — a platform designed to close a new security gap emerging as AI agents are integrated into workflows. If agents need logins, API keys, SSH keys, and other secrets to do real work, companies must see where these credentials are stored, who uses them, and under what conditions.

Where the Risk Grows

The problem is that traditional IAM and SSO systems mostly control the moment a user logs in, but not the subsequent lifecycle of credentials. AI agents work differently: they run in browsers, IDEs, local scripts and automations, connect to SaaS services and APIs, and for this they need access to secrets. Such keys and tokens often live in .env files, configurations, shared documents, or directly on developer laptops. As a result, a company develops a blind spot between "the user logged in to the system" and "the agent started acting on their behalf". This blind spot is exactly what 1Password is targeting.

The company announced the launch of Unified Access on March 17, 2026, and positions the product as a unified access control layer for people, AI agents, and machine identities. 1Password emphasizes that the risk is no longer theoretical: agents are already running inside production environments, which means they can gain access to real data, internal services, and critical workflows. The more teams experiment with AI automation, the faster the number of untracked secrets, temporary workarounds, and excess access permissions grows.

"Agents are already working inside real production environments,"

1Password stated.

How the Platform Works

Unified Access is built around three steps: discover, protect, and track. Currently, the first two modes are available, and comprehensive action audit should appear later. At launch, the company also opened Unified Access Pro.

First, the system shows what AI tools and local agents are being used in the company at all, and also finds exposed secrets in developer environments. Then this data can be quickly transferred to a single encrypted vault and have unified access policies applied to it for employees, agents, and machine processes. The company says that the foundation of the solution is already used by more than 180,000 organizations and protects over 1.3 billion credentials and secrets.

• Discovery of AI tools and local agents on devices and in browsers
• Finding unprotected .env files, API keys, and unencrypted SSH keys
• Transferring secrets to a unified vault with shared policies
• Controlling access to risky and shared accounts
• Unified audit on the principle of who, when, and on whose behalf used the secrets — this part is still being announced but has not yet been launched

The next step is to issue secrets not "forever," but exactly at the moment of use. 1Password is betting on a just-in-time access model: an agent or automation receives credentials in the context of a specific task, rather than storing a long-lived token anywhere. Later this year, the company promises to add scoped credentials for agent and machine processes directly during execution. This should reduce the number of permanent accesses, limit the proliferation of secrets, and simplify control over what exactly an agent can do.

Partners at Launch

The launch is not an isolated product but rather part of the AI and dev ecosystem. Among 1Password's announced partners at launch are Anthropic and OpenAI, as well as Cursor, GitHub, and Vercel.

For Anthropic, it's about integration with the Claude browser extension, Cowork, and Claude Code so that Claude can log into services with user consent and without passing the password directly to the model. Regarding OpenAI, the company talks about collaboration on secure use of local elements of 1Password's vault and scripts in developer IDE.

Separately, 1Password is moving into the infrastructure and browser layer, where risk is particularly high because the agent is already acting on behalf of the user. The list includes Perplexity, Browserbase, Anchor Browser, KERNEL, Natoma, Runlayer, and Commvault. The logic here is clear: the closer AI agents are to the browser, CI/CD, and corporate data, the more important it is not just to store secrets but to control the moment they are issued and maintain a clear trace of actions throughout the chain. This is exactly what 1Password is trying to build a new standard for agent security on.

What This Means

The market is rapidly shifting from "how to give an employee a convenient login" to "how to manage access used by people, bots, and AI agents together." 1Password is trying to occupy this layer before competitors: not as yet another password manager, but as a control plane for secrets, tokens, and agent actions. If AI automation really does go into production massively, demand for such systems will only grow, especially in the enterprise environment.