1Password just launched Unified Access — and the core insight is deceptively simple: if AI agents are using your credentials, your credential manager needs to know about it.

The company partnered with Anthropic, OpenAI, GitHub, Cursor, Vercel, Perplexity, and a roster of agent infrastructure players to build a platform that governs credentials for AI agents and humans through a single vault, with consistent policy enforcement regardless of who — or what — is making the access request.

The Problem: Credentials Weren’t Designed for Agents

CTO Nancy Wang and VP Jeff Malnick laid it out plainly: the login-once-trust-all-day model breaks when credentials are used by local AI agents, automation scripts, CI/CD pipelines, and AI-native tooling.

Consider what happens when you give Claude Code access to your GitHub token. That credential — originally scoped for a human developer — is now being used by an autonomous agent that might make dozens of API calls per minute across multiple repositories. Traditional credential managers weren’t built for this pattern.

1Password’s answer: authority should be confirmed at every access request, not granted once at login and trusted indefinitely.

What Unified Access Does

Available now:

  • Full visibility into all AI and agent activity across devices, browsers, and local environments
  • Leaked secret detection — finds exposed encrypted keys and maps all AI tool usage to specific users or devices
  • Unified vault — single credential store governing both human employees and AI agents, with extra controls for risky accounts

Coming later this year:

  • Audit trails for credential access across humans and agents
  • Scoped runtime credentials — issue time-limited, permission-limited credentials to agents and machine workloads at runtime, eliminating persistent access

The Partnership Ecosystem

The launch partnerships reveal how agent credential security maps onto the current stack:

Foundation models:

  • Anthropic — integration via Claude Code, Cowork, and browser extension; Claude logs in using 1Password as though it were a human user
  • OpenAI — local vault items accessible in developer IDEs

Developer tools:

  • Cursor — hooks immediately available to Cursor agents
  • GitHub — integration across GitHub Actions
  • Vercel — credential access within deployment workflows

Agent infrastructure:

  • Runlayer — agent control plane for enterprise; every managed agent session gets secure, auditable credential access
  • Natoma — MCP gateway provider
  • Browserbase, Anchor, Kernel, Perplexity — AI browser providers using least-privilege controls

Vercel CISO Talha Tariq: “As agentic coding tools become part of how modern teams build and ship software, security needs to integrate directly into the developer workflow.”

Why This Matters for the Agent Identity Stack

1Password is positioning itself in the credential management layer — the plumbing that connects agent identity (who is this agent?) to agent access (what can this agent do with which secrets?).

This is complementary to, not competitive with, the governance players like Oasis or ConductorOne. Those platforms decide policy. 1Password enforces it at the credential level — making sure the actual secrets, tokens, and API keys that agents use are properly scoped, rotated, and auditable.

The timing — three days before RSAC 2026 — puts 1Password alongside Oasis ($120M raise), Okta, SailPoint, F5×Skyfire, ConductorOne, Entro, and Apono in what’s becoming the most crowded and consequential new category in enterprise security.

What OpenClaw Users Should Know

If you’re running OpenClaw with tool access — API keys, database credentials, cloud tokens — those secrets are being consumed by an AI agent. The same practices 1Password is formalizing at enterprise scale apply to individual setups:

  1. Don’t share your personal credentials with agents — create dedicated agent tokens with minimal scope
  2. Rotate regularly — ephemeral > persistent, always
  3. Audit access — know which tools your agent called and which credentials it used
  4. Scope per-task — an agent doing research doesn’t need write access to production

The era of “just paste your API key into the config” is ending. Agent credential management is becoming a real category — and the major players are moving fast to define it.

1Password Unified Access launched March 20, 2026. RSAC 2026 runs March 23–27 in San Francisco.