Back
The VergeLaunchThe Verge2026-07-17

Claude Can Now Use Your 1Password Credentials to Act on Your Behalf

1Password has launched a browser integration that lets Claude access your stored credentials to complete tasks autonomously — logging into services and taking actions on your behalf without you manually entering passwords.

Original source

1Password has partnered with Anthropic to ship a browser integration that allows Claude to retrieve and use stored usernames and passwords directly from a user's 1Password vault. The integration is designed for agentic workflows where Claude is completing multi-step tasks — booking travel, filling forms, managing accounts — that previously required a human to pause and authenticate manually.

The practical effect is that Claude can now move through authenticated web sessions without the user staying in the loop at every login prompt. 1Password acts as the credential broker, handing off secrets to Claude only when needed and only for the session in question. The company says credentials are not stored by Anthropic or retained beyond the immediate task, though the full security architecture hasn't been publicly detailed.

This positions 1Password as infrastructure for the agentic web rather than just a password manager for humans. It's a meaningful product pivot: instead of storing credentials for users to retrieve, the vault now serves non-human agents acting on users' behalf. The question of what authorization and audit controls exist — can users see which credentials Claude accessed and when? — will determine whether this is a trust-building feature or a trust-eroding one.

For Claude, this removes one of the most common failure points in browser automation tasks: the authentication wall. Whether this becomes standard infrastructure for AI agents or a liability waiting to happen depends heavily on implementation details that neither 1Password nor Anthropic has fully disclosed at launch.

Panel Takes

The Skeptic

The Skeptic

Reality Check

The scenario where this breaks is obvious and immediate: a misunderstood instruction, an over-permissioned agent, and Claude logs into your bank and does something irreversible. 1Password saying credentials aren't retained by Anthropic is the bare minimum — what I want to know is whether there's a per-task authorization prompt, an audit log the user can actually read, and a revocation flow that doesn't require deleting your vault. This ships when those controls are documented and independently verified. Right now it's a compelling demo with a security surface nobody has stress-tested in public.

The Futurist

The Futurist

Big Picture

The thesis here is that credential vaults become the permission layer for the agentic web — not just storing what you know, but delegating what you can do. The dependency that has to hold: users must trust that agents won't act outside scope, which requires audit trails and fine-grained authorization that don't exist at scale yet. The second-order effect nobody is talking about is that 1Password just made itself load-bearing infrastructure for AI agents, which is a far stronger moat than 'best password manager' — the company that controls credential delegation controls which agents can operate in the real world.

The Builder

The Builder

Developer Perspective

The primitive is: credential vault as a runtime secret provider for agent sessions. That's actually a clean abstraction — better than hardcoding credentials in agent configs or building OAuth flows for every service. What I need to see before I'd use this in production is whether there's a structured API for specifying credential scope per task, or whether Claude just has blanket access to whatever's in the vault. If it's the latter, that's not a security model, that's a skeleton key dressed up as an integration.

The Founder

The Founder

Business & Market

1Password just found their expansion revenue story for the agentic era — enterprise IT buyers already trust them with credentials, and this extends that trust relationship to cover AI agents running inside corporate workflows. The moat isn't the integration itself, which any credential manager could replicate; it's the existing enterprise contracts and compliance certifications that make 1Password the safe choice when a CISO asks 'which vendor is managing what our AI agents can access.' The risk is that if a single high-profile breach traces back to this integration, the entire product category gets regulatory scrutiny that smaller players can't survive but that also freezes 1Password's growth.

Bookmarks

Loading bookmarks...

No bookmarks yet

Bookmark tools to save them for later