Friday, July 17, 2026

News

1Password Gives Claude Agent Access to Passwords the Model Never Sees

AI AgentsPatryk Raba
Fot. Dan Nelson, Pexels (Pexels License)

1Password and Anthropic launched an integration that lets the Claude agent log into websites and complete tasks using saved credentials without the model ever seeing the user's actual passwords. The feature is currently available only on macOS.

Contents
  1. A Password the Model Never Sees
  2. Access Limited to the Task at Hand
  3. What Claude Can Do
  4. The Calculus for Businesses and Developers

On July 16, 1Password and Anthropic launched an integration that lets the Claude agent log into websites and carry out tasks requiring credentials without the model ever accessing the passwords themselves. The new feature, called 1Password for Claude, aims to solve a problem every company building browser agents faces: how to give AI access to a user's accounts without pasting credentials directly into the model's context.

Until now, companies building AI agents faced a choice that was flawed either way. They could paste the login and password directly into the model's prompt, meaning the secret ended up in its memory and logs, or force the user to log in manually at every step, which in practice defeated the purpose of using an agent at all. 1Password and Anthropic are proposing a third way.

A Password the Model Never Sees

The mechanism follows a zero-exposure principle. When Claude encounters a login form, it asks the user for biometric authorization, and then it's 1Password, not the model, that injects the username, password, and any one-time push notification code directly into the fields on the page. Claude only sees that the login succeeded, never the password value or the TOTP code itself. After the form is submitted, 1Password clears the filled fields, and if a login attempt fails, it additionally scans the page to make sure no secret was left behind anywhere.

We need a new security model designed specifically for agents, not just for humans. The answer isn't handing agents our secrets - Nancy Wang, CTO of 1Password

Access Limited to the Task at Hand

The second piece of the integration is Agentic Mode, a new 1Password operating mode that activates automatically when a compatible AI agent takes control of the browser. In this mode, the vault locks down so the agent can only reach credentials explicitly granted to it for the current task, while the rest of the saved passwords remain invisible to it. Access is tied to the session and isn't remembered permanently, so every new task requires the user's separate approval.

What Claude Can Do

In practice, the integration lets Claude carry out multi-step tasks online without interrupting its work at every login. 1Password cites examples such as browsing an Audible wishlist and completing the purchase of an audiobook, or checking current revenue in a Stripe account. The agent can also move between several services that require separate accounts within a single task, logging into each one without asking the user for credentials again.

The Calculus for Businesses and Developers

The scale of 1Password's user base means the integration touches a large share of the market for work with AI agents. Among the enterprise customers the company lists are major software development platforms, meaning the new feature lands immediately in environments where coding and browser agents are already a daily tool rather than a novelty. For security teams, this means they can fold AI agents into existing access management procedures instead of building separate, less controlled pathways for them.

A growing number of high-profile incidents involving API keys and login credentials stolen through malicious plugins or infected repositories have shown in recent months that AI agents have become a new attack target. An approach in which the model never physically has access to the secret limits the scope of damage even if the agent's session itself is compromised, since the attacker doesn't also walk away with the account password.

For now the feature works only on Mac computers and requires installing four components at once: the 1Password desktop app, its browser extension, the Claude app, and the Claude browser extension. The companies haven't given a date for when the integration will reach Windows or Linux, or whether it will cover browsers beyond those already supported by the Claude extension today.

For Polish companies that are increasingly rolling out AI agents into daily work, an integration of this kind could become one of the arguments in favor of getting such tools approved by security and compliance teams. Password managers like 1Password are already standard in many Polish organizations, so extending their rules to AI agents requires fewer changes to procedures than building a separate permissions system from scratch.

Share: