1Password Unveils Secure Agentic Autofill to Address AI Agent Security Concerns

1Password says it can fix login security for AI browser agents

1Password's browser extension fills in your passwords automatically when you browse, and now the company has built a similar tool for AI bots browsing the web on your behalf, but for a very different reason. AI tools and browsers built on Claude, Gemini, and ChatGPT are increasingly using AI agents to browse the web, book tickets, and make Spotify playlists for you, and unlike your risk of forgetting a unique password, an AI bot risks remembering it and causing a breach later. 1Password's fix for that potential risk, a new Secure Agentic Autofill feature that "injects the credentials directly into the browser if, and only if, the human approves the access." With the tool, when a browser AI agent determines that it needs login credentials, "the agent informs 1Password that a credential is being requested," 1Password says. "At that point, 1Password identifies the appropriate credentials, requests approval from the user via a human-in-the-loop workflow." To approve a request, a human authenticates the request with something like Touch ID on their Mac, and 1Password's tool uses an "end-to-end encrypted channel" between its extension in the browser operated by the AI agent and the approving device to input the credentials. The AI agent and LLM, according to 1Password, never see the actual credentials as a result. Initially, Secure Agentic Autofill is available starting today in early access via Browserbase, which builds a browser and tools specifically designed for AI agents.

1Password might just have a solution to the password security problem posed by AI agents

This can cause credentials to be fed into LLMs without user knowledge AI agents are becoming prolific across industries, providing employees with an easy way to automate tasks through designated workflows, but in order to function they often require credentials to access systems. This requires human interaction to enter login details and passwords, slowing down both the AI agent and human workers. As a result, AI agents are being provided credentials through agentic browsers. This has created a new problem has been created, especially with AI agents in headless agentic browsers, as credentials can be exposed into the underlying large-language model - but 1Password, one of the best password managers, thinks it may have come up with a solution. 1Password has developed Secure Agentic Autofill which allows AI agents to use credentials within their workflow without ever being able to see or handle the credentials themselves. Instead, credentials are stored within the 1Password browser extension, and can be requested by an AI agent. The browser extension will fill the credentials on behalf of the AI agent, providing greater security within the workflow without impacting efficiency. Secure Agentic Autofill uses a new protocol that uses an encrypted connection between the device and the browser extension using the Noise Framework. The password is requested by the AI agent, a human approves the credential usage, and the AI agent continues on its workflow. 1Password has partnered with Browserbase in order to deliver Secure Agentic Autofill through a new browser automation workflow UI. Just like the AI agent, the Browserbase connection has zero access to the credentials stored within the 1Password browser extension, and all requests require human approval. Ultimately, Secure Agentic Autofill prevents credentials from being spread across agents, logs, and prompts, or distributed into areas that identity access management tools cannot see. Additionally, by using 1Password, credentials can be better managed, added, and revoked without the fear that a password may have been leaked into the far corners of an LLM.

1Password tackles AI credential risks with new Agentic Autofill integration for Browserbase - SiliconANGLE

1Password tackles AI credential risks with new Agentic Autofill integration for Browserbase Cybersecurity and password service provider 1Password LLC today announced the launch of 1Password Agentic Autofill, a new feature of its Enterprise Password Manager that securely delivers credentials to artificial intelligence agents operating in the browser. Available exclusively in early access through an integration with cloud browser automation platform provider Browserbase Inc., Agentic Autofill allows AI agents to authenticate with web services without ever exposing credentials. With the new service, AI developers can connect a 1Password vault to power secure browser workflows, while information technology and security teams gain assurance that credentials and sensitive data stay protected with 1Password as the security layer for Agentic AI. "AI is opening up new ways to help people work smarter and get more done, but the fundamentals of security don't change," said 1Password Chief Executive David Faugno. "By partnering with Browserbase, we're making it simple for teams to build and innovate with agentic AI while keeping credentials and sensitive data protected by default." Agentic Autofill builds on 1Password's approach to AI that is rooted in its principles of privacy, transparency and trust and brings these principles to Browserbase, ensuring AI agents can execute workflows under human oversight while credentials remain private, protected and not exposed. Using the service, business and consumer app developers can connect their 1Password vaults, configure which credentials AI Agents can access, and allow secure autofill only when required. Key features of the integration include human-in-the-loop authorization with real-time approval prompts via 1Password mobile or desktop; privacy and security by default as credentials are not shared with the large language model or exposed in Browserbase logs and repos, maintaining 1Password's security model; and just-in-time authentication, where AI agents automatically retrieve and inject login credentials, passwords and time-based one time password codes at runtime, without storing or logging secrets. Agentic Autofill is also easy to set up and supports automatic credential mapping, including smart selection of the right credentials for target websites during agent workflows to prevent phishing attacks, 1Password says. For auditing purposes, Agentic Autofill offers detailed audit logging that includes exactly when, where and how credentials are being used by the browser-use agentic AI. "We see AI agents changing the way work gets done, from procurement and onboarding to customer service and research," said Browserbase CEO Paul Klein. "As we move toward an AI-native internet, these agents need a trust layer for credential access. Our partnership with 1Password creates exactly that, extending their proven security framework into the emerging world of agentic browser automation so organizations can scale AI confidently." 1Password Agentic Autofill is available in open beta starting today for all 1Password Enterprise Password Manager customers using Browserbase.