1Password is an app I’ve been using since 2008, but it’s not longer just an app. It is building a platform for how work actually happens today. That includes personal devices, AI agents, and apps that never went through the IT team. With new updates to its Extended Access Management platform and a partnership with Drata, 1Password is moving beyond vaults to help companies stay secure without slowing anyone down.
Solving the access trust gap
Modern work is messy from an IT perspective. Employees use their own devices. Teams add new tools without waiting for approval because it only takes a credit card. We’re in the early days, but AI agents are starting to automate real work like logging into systems, pulling data, and kicking off workflows. Most legacy tools were built for a world of managed devices, corporate networks, and apps only behind the single sign-on. That world is gone, and it’s not coming back
What is new in 1Password Extended Access Management
The updates to 1Password’s Extended Access Manager adds quite a bit, but at the center of it is visibility. The platform gives IT and security teams a way to see what apps people are using, what devices they are using, and how secure those devices really are.
Here is a quick look at what is new:
- App Launcher gives employees one place to access the apps they need, whether or not they are officially managed. IT can still enforce security without getting in the way.
- Device Compliance lets companies enforce health checks on devices before access is granted. It works across both corporate and personal machines.
- Access Governance helps IT discover shadow SaaS services, automate access reviews, and clean up no longer needed access.
- XAM Console aims to bring everything together for admins with one view of users, apps, and devices.
- SDK for Agentic AI allows developers to securely give AI agents access to secrets, without hardcoding anything or exposing credentials.
“The way people work has fundamentally changed, and security needs to catch up quickly,” said David Faugno, Co-CEO at 1Password. “The explosion of SaaS has increased access management and governance complexity, and now, agentic AI is compounding that challenge. Organizations need a new approach, one that not only secures managed devices and applications but also the unmanaged tools that employees and AI agents actually use to get work done. That’s exactly what 1Password Extended Access Management is built for. We’re not just solving today’s problems; we’re shaping the future of identity and access management security – one that empowers productivity without compromising protection.”
AI agents have the potential to be great, but also cause major security concerns
1Password also makes a clear bet on AI and AI agents. This is not just in terms of assistant-style bots, but real autonomous agents that make data decisions and execute tasks. The growth we’ve seen in GenAI in the last 24 months has been insane, and it’s not likely to slow down.
“We’re standing at the precipice of a massive transformation,” said David Faugno, Co-CEO at 1Password. “AI agents have the potential to be a massive accelerator of productivity and innovation, but only if we can secure and govern their access to enterprise data and systems. Agentic AI doesn’t just analyze data. It acts. It takes initiative, interfaces with sensitive systems, and carries out workflows independently. And since existing enterprise applications were designed for human usability, the AI agents will need to be able to execute human-like activities such as logging into systems to perform work. Legacy identity and access management solutions were not designed to govern or secure non-human, non-machine identities like AI agents. That means we need to evolve how we think about trust, access, and control. With Agentic AI Security, 1Password is giving enterprises the tools to embrace this next era of automation with confidence, so they can move fast, stay secure, and grow without constraints.”
The Agentic AI capabilities are designed to treat AI agents like first-class corporate agents. Companies can now manage what these agents can access, how long that access lasts, and what they do with it. This functionality means no more hardcoded secrets or shared credentials in the agent code. It also gives teams audit logs and visibility into AI behavior, which will matter more as these tools scale.
New partnership with Drata
Achieving compliance is hard, and staying compliant is even harder, than many people think the project is “done”. Most teams juggle a barrage of security questionnaires, outdated spreadsheets and docs, and constant back-and-forth with auditors. At the same time, employees are using apps that IT did not approve and logging in from devices that IT doesn’t manage. The more flexible work becomes, the harder it is to prove you are staying within the lines.
That is where the new Drata and 1Password integration comes in. Drata automates monitoring and evidence collection, while 1Password locks down access across identities, devices, and apps. Together, they give security and compliance teams a real-time view of who has access, what devices they use, and whether it meets frameworks like SOC 2 and ISO 27001.
“Security and compliance are inseparable, especially as SaaS sprawl and AI adoption introduce new layers of complexity and risk,” said David Faugno, Co-CEO of 1Password. “Organizations can’t achieve lasting compliance without securing how people, devices, applications, and AI agents access their critical business data, and you can’t secure access without continuously verifying compliance. This partnership with Drata helps unify these efforts, giving companies the ability to enforce strong security policies across all identities, applications, and devices, both managed and unmanaged, while staying continuously audit-ready. It’s a step toward a more modern, automated, and resilient approach to trust at scale.”
Wrap up
As RSA week nears, 1Password is coming out of the gates firing on all cylinders with a bet on the future of IT and security. 1Password is not trying to replace your single sign-on tool or your device management system. It is filling in the gaps that those tools and systems were never built to cover: unmanaged apps, personal devices, AI agents, and compliance at scale.
FTC: We use income earning auto affiliate links. More.
