AI agents are playing an increasing role in software development. They are also creating a host of new security concerns.
Toronto-based 1Password has expanded its work with Silicon Valley AI giant OpenAI in an attempt to help businesses deploy autonomous AI agents to securely build products.
âOur long-term vision is to be the default authentication and authorization layer for any agent, on any platform.â
Nancy Wang, 1Password
Like other agents or users, OpenAIâs software engineering assistant Codex requires login credentials to tap into databases, application programming interfaces (APIs), and deployment pipelines. Per 1Password, âthat access is often managed by copying credentials into local files, passing them through prompts, or hardcoding them into repositories where they can be easily exfiltrated.â
1Password claims it has developed a more secure approach: the cybersecurity company announced a new Codex integration today that allows developers to grant Codex access to credentials directly inside their workflows without putting them directly into prompts or files.
The company is doing this through its new 1Password Environments Model Context Protocol (MCP) Server for Codex, which it claims âensures secrets never leave 1Passwordâ with the help of a secure runtime environment where those credentials are âmounted, used, and discarded,â with user authentication required at access.
âThe 1Password Environments MCP Server for Codex is designed to provision credentials just-in-time, mount them in memory, and ensure they are never exposed in plain text to the underlying model,â 1Password CTO Nancy Wang, who was promoted to the role in January, told BetaKit over email. âIt’s the same zero-knowledge architecture we’ve built for humans, now extended to how AI agents handle credentials.â
RELATED: 1Password launches new platform to rein in companiesâ AI agents
Founded in 2005 and formally known as AgileBits, 1Password is one of Canadaâs most valuable tech companies. It sells identity security and access management software that helps individuals and corporate clients like Asana, Canva, Figma, GitHub, Hugging Face, Notion, Salesforce, Stripe, and Wiz.
In recent years, 1Password has evolved into a broader digital security platform for businesses. The 1,400-person company, which surpassed $400 million USD in annual recurring revenue last year while remaining free cash flow-positive, now serves more than 180,000 companies, stores 1.3 billion human and machine credentials, and is used by one million developers.
âWe started almost 20 years ago as a consumer password manager,â Wang said. âAs customers brought us into the enterprise, we evolved to protect developer credentials, such as SSH keys, API keys, tokens, and secrets. Now, with the rise of AI-assisted coding, that control point has evolved again, with those same credentials being used by AI agents.â
As 1Password CEO David Faugno told BetaKit last year, 1Password sees âa huge opportunityâ in helping businesses navigate the security considerations associated with AI, and has been leaning into this âaggressively,â including via its recently launched Unified Access Platform.
âOur long-term vision is to be the default authentication and authorization layer for any agent, on any platform,â Wang said. âJust as 1Password works across every major browser people use today, we fully expect to support every coding agent our customers choose tomorrow.â
Feature image courtesy 1Password.