1Password teams up with Anthropic to give Claude access to your credentials
A new ‘zero-exposure’ security framework allows agents to use stored credentials in the 1Password vault
Anthropic’s Claude AI tool will be able fill in passwords through a new 1Password browser integration that gives it access to stored credentials, the two companies have announced.
1Password's new 1Password for Claude service is a framework that allows agents to use stored credentials hosted in 1Password vaults without them ever reaching the model.
Access is granted per session, and scoped to a specific set of approved items so that authorization doesn’t carry over to other sessions.
According to 1Password, this means users can now authorize Claude to complete real-world tasks like booking travel and managing accounts securely, with credentials injected directly to the target system on their behalf.
"We need a new security model that is purpose-built for agents, not just humans. The answer isn't handing agents your secrets. It is to let a user give an agent permission to use a credential without letting the agent see it,” said Nancy Wang, CTO of 1Password.
"Claude knows it used your login; it does not need the password or one-time code in its context. That distinction is where trust in agents starts and the foundation we're building with Anthropic."
How 1Password’s ‘zero-exposure’ framework will work
1Password's zero-exposure security framework allows per-task, user-approved access, with Claude requesting the credentials required for each task from 1Password.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Users can approve or deny access with a single biometric prompt, eliminating standing access or persistent sessions.
Credentials are injected through a secure channel managed by 1Password, outside the agent's view, with the password and the MFA one-time code never accessible to the model or Anthropic's systems.
The moment an AI agent takes control of the browser, 1Password locks down automatically, limiting access to only the credentials explicitly granted for the current task. Nothing else in the 1Password vault is reachable.


1Password brokers credential access across multiple sites within a single task, so Claude can complete multi-step workflows without prompting the user for credentials at each step.
Elsewhere, continuous field analysis will see 1Password scan the page after every autofill to ensure no secrets remain exposed: if a form submission fails, it wipes any filled values before returning control to the agent.
New ‘agentic mode’ coming to 1Password
Alongside the Claude integration, 1Password is also introducing Agentic Mode for all users.
When a compatible AI agent takes control of the browser, 1Password locks down, so that the only credentials the agent can reach are those the user has explicitly granted for the current task.
It activates automatically and runs quietly in the background, and users have the option to cancel it at any time.
1Password for Claude is now available to 1Password users on Mac, across business, family, and individual plans.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Passkeys will soon be the default authentication method in Microsoft Entra IDNews The shift to passkeys for Microsoft Entra ID comes amidst growing concerns over AI-powered phishing and identity theft
-
CISPE teams up with EU trade groups in latest Broadcom spatNews Battle over acquisition and subsequent partnership and licensing changes continues
-
The agents you use to beef up cybersecurity could be turned against you – ‘Friendly Fire’ attacks can manipulate OpenAI and Anthropic models into running malicious codeNews Research shows agents can be fooled into executing malicious code while performing security reviews of third-party software
-
Flaws in some of the most popular AI coding tools left developers wide open to attackNews Malicious repositories can trick advanced AI agents into silently breaking out of their workspace sandboxes
-
We need to do something about passwordsPasswords are a fundamental aspect of access security, but recent password leaks have undermined their ability to protect data
-
Hackers are capitalizing on AI hype to ramp up social engineering attacks – and they're using big brands like Anthropic, OpenAI, and DeepSeek as ‘bait’ to lure victimsNews Microsoft says cyber criminals are impersonating popular AI platforms to deliver malware
-
Dashlane lifts the lid on attack that saw hackers download encrypted user vaultsNews The company said it has now informed all affected customers, and taken action to shut down the operation
-
‘These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out’: Anthropic warns AI is helping lower the bar for up-and-coming hackersNews AI is making it harder to differentiate between high and low-skilled actors
-
Claude users beware, hackers are using a fake website to dupe developers and deliver malwareNews 'Beagle' is deployed through a Dynamic Link Library (DLL) sideloading chain, and gives attackers remote access to the system
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption