AI can use your passwords but can’t see them—Claude partners with 1Password on a zero-exposure access mechanism designed specifically for agents

1Password partners with Claude to launch an agent-only zero-exposure access mechanism: login information is injected into the page directly by 1Password only during the task, and the AI agent cannot read it throughout. The service also includes an Agentic Mode, which locks the browser extension to prevent the agent from exceeding its permissions.
(Background: Anthropic launches "Claude for Small Business": targeting AI automation for small and medium-sized enterprises, helping you chase invoices, calculate payroll..)
(Additional background: Anthropic requires real-name KYC verification! Some Claude features will need you to upload ID documents, increasing compliance pressure.)

Claude can help you compare prices, add items to a cart, update account information, and even check out directly—but this also raises concerns about users’ passwords being exposed. 1Password’s answer is straightforward: have Claude use your password and login information, yet it will never be able to see the actual password itself. Simply put: the agent knows which set of credentials it “used,” but the content from start to finish never enters the model or memory.

Credentials exist, but the agent never sees them

1Password’s official blog announces the launch of "1Password for Claude." The core design is a zero-exposure architecture. In plain terms: Claude can use your credentials to log in, but it will never see the credential contents itself—1Password remains the sole custodian of passwords and one-time verification codes. Claude only receives the permissions explicitly granted to it at the moment it performs a task; once the task ends, access is immediately revoked.

When Claude needs to log in, 1Password first tells the user which credentials to use and why. After the user completes consent via biometric verification such as Touch ID, the account password is directly filled into the webpage fields. Claude cannot see the password vault project, the password content, or the one-time verification code from start to finish. Even if the submission fails after being filled, 1Password will clear the already entered content and hand back control.

1Password CTO Nancy Wang said: "We need a security model built specifically for agents—not just for humans... The answer isn’t to hand your secrets to the agent, but to let the user authorize the agent 'to use' a credential, while preventing the agent from seeing it. Claude knows it used your login information, but it doesn’t need the password or one-time verification code put into its context."

At present, 1Password for Claude is only available for the Mac version. It requires the 1Password desktop app and the browser extension (v8.12.28 or later), together with the Claude desktop version and Claude in Chrome, to enable it. Personal, family, and business plans can all use it.

When the agent itself may also become a security weak point

The zero-exposure architecture solves the question of whether the password needs to be given to the agent, but it leaves a second issue: if the agent itself gains control of the browser, could it then tamper with 1Password’s extension in return?

To address this, 1Password introduces Agentic Mode—this is a new mechanism within the browser extension. In other words, once a compatible AI agent takes over the browser, the 1Password extension automatically hides the entire operation interface and locks it up. The agent can only use the login information and one-time verification codes that are explicitly approved for the current task; everything else in the vault cannot be touched. This line of defense does not require additional configuration to take effect. Even if the task doesn’t use 1Password, it still activates, and the protected objects aren’t limited to Claude—other compatible agents are covered as well.

However, the current supported scope is still conservative: at this stage, 1Password for Claude only handles account passwords and one-time verification codes for "login"-type projects. Passkeys, social logins, payment cards, and identity information have not been opened yet. The official position is that they will be filled in gradually after the launch.

This conservative boundary echoes, to a certain extent, the findings from PYMNTS Intelligence’s survey: 56% of online shoppers are willing to let AI agents help with price comparisons, but fewer than 40% are willing to let agents touch payment credentials. The gap between these two figures is exactly the trust shortfall that this entire architecture aims to bridge—users are willing to accept an agent "doing things," but they remain wary about an agent "touching money, touching identity."

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned