1Password announced 1Password for Claude, the first browser integration that gives Claude access to stored credentials without those credentials ever reaching the model, its memory, or Anthropic’s systems. The launch marks a critical new step in securing agents that do real work. It gives them the access they need to complete tasks while keeping people in control of which credentials are used, when, and for what purpose. Users can now authorize Claude to complete real-world tasks like booking travel and managing accounts securely with credentials injected directly to the target system on their behalf.
As AI agents increasingly act on behalf of people, the new security question isn’t whether an agent can complete a task, but which identity it uses, what it can access, and whether the user can prove what happened. Sharing credentials directly with the agent exposes them to the model, its memory, and the systems behind it. Requiring a human-in-the-middle to authenticate at each step limits agent productivity, forcing workflows to start, stop, and wait for manual intervention. Until now, there was no way to resolve that trade-off. 1Password for Claude is built for that shift.
“We need a new security model that is purpose-built for agents, not just humans,” said Nancy Wang, CTO of 1Password. “The answer isn’t handing agents your secrets. It is to let a user give an agent permission to use a credential without letting the agent see it. Claude knows it used your login; it does not need the password or one-time code in its context. That distinction is where trust in agents starts and the foundation we’re building with Anthropic.”
Trusted Credential Access Framework for AI Agents
Until now, giving an AI agent access to credentials in a browser meant passing them as plain text into the agent’s context, where they were directly accessible to the model. 1Password built a zero-exposure security framework that allows agents to use stored credentials in the 1Password vault without them ever reaching the model. Rather than forcing users to choose between sharing their credentials or manually authenticating, it gives agents exactly what they need, scoped to the task, with multiple layers of protection that ensure secrets remain encrypted until the moment they are injected into the page by 1Password. Access is granted per session and scoped to a specific set of approved items. That authorization does not carry over to other sessions, eliminating standing access. 1Password for Claude is the first integration built on it. Key capabilities include:
- Per-task, user-approved access: Claude requests the credentials required for each task from 1Password, and users approve or deny access with a single biometric prompt, eliminating standing access or persistent sessions.
- Credentials stay outside the model: Credentials are injected through a secure channel managed by 1Password, outside the agent’s view. The password and the MFA one-time code are never accessible to the model, its context, or Anthropic’s systems.
- Agentic Mode: The moment an AI agent takes control of the browser, 1Password locks down automatically, limiting access to only the credentials explicitly granted for the current task. Nothing else in the 1Password vault is reachable.
- Authenticated multi-site sessions: 1Password brokers credential access across multiple sites within a single task, so Claude can complete multi-step workflows without prompting the user for credentials at each step.
- Continuous field analysis: 1Password scans the page after every autofill to ensure no secrets remain exposed. If a form submission fails, it wipes any filled values before returning control to the agent.
Automatic Vault Lockdown with Agentic Mode
Alongside the Claude integration, 1Password is introducing Agentic Mode for all 1Password users. When a compatible AI agent takes control of the browser, 1Password locks down. The only credentials the agent can reach are those the user has explicitly granted for the current task. Nothing else in the vault is accessible through the browser. Agentic Mode activates automatically and runs quietly in the background. Users can see when it is active directly in the 1Password browser extension, with the option to cancel it at any time. Starting with Claude, the underlying framework is designed to extend to any browser-based agent or platform as the ecosystem grows. For 1Password, this represents a natural expansion from managing people’s credentials to governing AI agent access on their behalf.
1Password for Claude is now available to 1Password users on Mac, across business, family, and individual plans. Getting started requires the 1Password desktop app and browser extensions, as well as the Claude desktop app and browser extensions. Future support for payment cards and identity details will be available after launch.











