• 3 min read

1Password gives Claude website access without passwords

1Password’s new Claude integration lets the agent sign in with biometric approval while keeping passwords and codes hidden from Anthropic.

Image: TNW

1Password has launched a browser integration for Anthropic’s Claude that lets the agent sign in to websites without ever seeing a user’s passwords. In a blog post published on Thursday, the company said the system uses a zero-exposure architecture: when Claude hits a login page, 1Password shows the user which credential is being requested and why, waits for biometric approval, and then injects the login directly into the page.

Claude does not get access to the vault item, password, or one-time code, and Anthropic’s systems do not receive them either. Once the task is done, access ends.

This is aimed at a basic problem with agentic AI on the web. Agents can navigate sites, fill in forms, and complete purchases, but logins have typically forced users to either hand over credentials or step in manually. 1Password says this is the first browser integration that allows an agent to use credentials without direct access to them.

After autofill, the company says 1Password checks whether secrets were exposed on the page. If submission fails, the extension clears the filled values before handing control back to Claude. The credential remains encrypted and under 1Password’s control throughout the process.

The launch also adds Agentic Mode to the 1Password browser extension. When a compatible AI agent takes control, the feature automatically locks down the vault so the agent can use only the logins and one-time codes explicitly approved for that task. The rest of the vault stays inaccessible. Agentic Mode works even if the 1Password-Claude integration is not set up, and it supports agents beyond Claude.

Recommended reading

FortiSandbox bug hits CISA KEV as attacks spread

The timing matters. Security researchers recently showed that AI browsers can be tricked into leaking credentials through prompt injection attacks, and Anthropic’s own Claude extension was among those affected.

“The answer is not handing agents your secrets, but letting a user give an agent permission to use a credential without letting the agent see it.”

— Nancy Wang, CTO of 1Password

1Password for Claude is available now on Mac for business, family, and individual plans. It requires the 1Password desktop app, browser extension, Claude desktop app, and Claude browser extension. The company, which recently acquired Israeli startup Apono to govern AI agent access inside enterprise systems, said it plans to add support for payment cards and identity details after launch.

CNET password manager expert Joe Supan said he would normally be very wary of giving an AI agent access to his password manager, but that 1Password appears to have strong guardrails, especially biometric authentication for each login.

It is the first time a major password manager has built a dedicated secure channel for an AI agent to use credentials at runtime instead of exposing them to the model’s context. Whether that design can withstand the same prompt injection attacks that have already hit AI browsers is still an open question.

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via TNW

// Keep reading